Virtual Machines

Vol. 2 No. 5 – July/August 2004

Virtual Machines

Interviews

A Conversation with James Gosling

As a teenager, James Gosling came up with an idea for a little interpreter to solve a problem in a data analysis project he was working on at the time. Through the years, as a grad student and at Sun as creator of Java and the Java Virtual Machine, he has used several variations on that solution. "I came up with one answer once, and I have just been repeating it over and over again for a frightening number of years," he says.

A Conversation with James Gosling

James Gosling talks about virtual machines, security, and of course, Java.

As a teenager, James Gosling came up with an idea for a little interpreter to solve a problem in a data analysis project he was working on at the time. Through the years, as a grad student and at Sun as creator of Java and the Java Virtual Machine, he has used several variations on that solution. “I came up with one answer once, and I have just been repeating it over and over again for a frightening number of years,” he says.

Those years included earning a B.Sc. from the University of Calgary, Canada, and a Ph.D. in computer science from Carnegie Mellon University, before joining Sun Microsystems in 1984. At Sun he is best known for creating the original design of Java and implementing its original compiler and virtual machine. Over the years he also wrote the original Unix Emacs, and was the lead engineer of NeWS (network-extensible window system).

Articles

Building Systems to Be Shared, Securely

The history of computing has been characterized by continuous transformation resulting from the dramatic increases in performance and drops in price described by Moore's law. Computing "power" has migrated from centralized mainframes/servers to distributed systems and the commodity desktop. Despite these changes, system sharing remains an important tool for computing. From the multitasking, file-sharing, and virtual machines of the desktop environment to the large-scale sharing of server-class ISP hardware in collocation centers, safely sharing hardware between mutually untrusting parties requires addressing critical concerns of accidental and malicious damage.

Building Systems to be Shared Securely

Want to securely partition VMs? One option is to put 'em in Jail.

By Poul-Henning Kamoe, FreeBSD Developer, and Robert Watson, McAfee Research

The history of computing has been characterized by continuous transformation resulting from the dramatic increases in performance and drops in price described by Moore’s law. Computing “power” has migrated from centralized mainframes/servers to distributed systems and the commodity desktop. Despite these changes, system sharing remains an important tool for computing. From the multitasking, file-sharing, and virtual machines of the desktop environment to the large-scale sharing of server-class ISP hardware in collocation centers, safely sharing hardware between mutually untrusting parties requires addressing critical concerns of accidental and malicious damage.

There has been a strong continuing interest in access control and separation technologies to support safe yet efficient sharing of computing systems. Although the degree of sharing taking place has increased because of similarly dramatic changes in networking, there has not been a marked change in the nature of security concerns. Costs of adapting software, identifying policy goals, and minimizing administrative complexity remain a balancing act. The fundamental security primitives for separation have not changed, but our experience in attempting to apply them is substantially greater.

by Poul-Henning Kamp, Robert Watson

Security is Harder than You Think

Many developers see buffer overflows as the biggest security threat to software and believe that there is a simple two-step process to secure software: switch from C or C++ to Java, then start using SSL (Secure Sockets Layer) to protect data communications. It turns out that this naïve tactic isn't sufficient. In this article, we explore why software security is harder than people expect, focusing on the example of SSL.

Security Is Harder Than You Think

It's not just about the buffer overflow.

John Viega and Matt Messier, Secure Software

Many developers see buffer overflows as the biggest security threat to software and believe that there is a simple two-step process to secure software: switch from C or C++ to Java, then start using SSL (Secure Sockets Layer) to protect data communications. It turns out that this naïve tactic isn’t sufficient. In this article, we explore why software security is harder than people expect, focusing on the example of SSL.

How We Got Here

Although languages such as Java give programmers fewer chances to shoot themselves in the foot than C does, there is still plenty of opportunity to take off some toes. In an informal study based on security reviews of commercial code, we have seen that C code tends to have five to 10 times more vulnerabilities than Java code. Considering how many vulnerabilities we tend to find in C code, that’s still not saying much for Java.

by John Viega, Matt Messier

Curmudgeon

Without a NULL That String Would Never End

N-streak, 1-streak, worra streak

Without a NULL That String Would Never End

N-streak, 1-streak, worra streak

Stan Kelly-Bootle, Author

It’s an undiluted pleasure to be invited to contribute a third column for ACM Queue under the surly rubric “Curmudgeon.” Curmudgeons are not usually associated with pleasures, diluted or full strength, but at my age the cheap thrill of thrusting a poisoned pen is especially welcome since the targets for satire bob daily as upstart sitting ducks for the roasting: mere “Juvenal delinquents,” as master curmudgeon George Crabbe [sic] called them.

My first snipe is at those mathematicians who are over-fond of redefining everyday concepts to remove possible ambiguities, yet not always successfully. Thus, the “streak” of the sports-stats lexicon means any decent run of victories (or defeats). The formal definition of an N-streak for a given event-type, E, permits N to assume any non-negative integer. The abstract 0-streak differs from no streak at all, just as the empty set is far from null in the usual sense of “lacking substance.”

by Stan Kelly-Bootle

Articles

The Reincarnation of Virtual Machines

The term "virtual machine" initially described a 1960s operating system concept: a software abstraction with the looks of a computer system's hardware (real machine). Forty years later, the term encompasses a large range of abstractions - for example, Java virtual machines that don't match an existing real machine. Despite the variations, in all definitions the virtual machine is a target for a programmer or compilation system. In other words, software is written to run on the virtual machine.

The Reincarnation of Virtual Machines

Mendel Rosenblum, Standford University and VMWare

Virtualization makes a comeback.


The term virtual machine initially described a 1960s operating system concept: a software abstraction with the looks of a computer system's hardware (real machine). Forty years later, the term encompasses a large range of abstractions—for example, Java virtual machines that don't match an existing real machine. Despite the variations, in all definitions the virtual machine is a target for a programmer or compilation system. In other words, software is written to run on the virtual machine.

A CROSS-SECTION VIEW

One way to view the different virtual machine abstractions is as “slices” of the hardware/software stack. A modern computer system is composed of layers, beginning with the hardware and including layers of an operating system and application programs running on top of the operating system (see figure 1). Virtualization software abstracts virtual machines by interposing a layer at various places in the system. Three examples of these virtualization layers include hardware-level virtualization, operating system–level virtualization, and high-level language virtual machines.

by Mendel Rosenblum

Leveraging Application Frameworks

In today's competitive, fast-paced computing industry, successful software must increasingly be: (1) extensible to support successions of quick updates and additions to address new requirements and take advantage of emerging markets; (2) flexible to support a growing range of multimedia data types, traffic flows, and end-to-end QoS (quality of service) requirements; (3) portable to reduce the effort required to support applications on heterogeneous operating-system platforms and compilers; (4) reliable to ensure that applications are robust and tolerant to faults; (5) scalable to enable applications to handle larger numbers of clients simultaneously; and (6) affordable to ensure that the total ownership costs of software acquisition and evolution are not prohibitively high.

Leveraging Application Frameworks

Why frameworks are important and how to apply them effectively

Douglas C. Schmidt, Aniruddha Gokhale, and Balachandran Natarajan, Vanderbilt University

 

In today’s competitive, fast-paced computing industry, successful software must increasingly be: (1) extensible to support successions of quick updates and additions to address new requirements and take advantage of emerging markets; (2) flexible to support a growing range of multimedia data types, traffic flows, and end-to-end QoS (quality of service) requirements; (3) portable to reduce the effort required to support applications on heterogeneous operating-system platforms and compilers; (4) reliable to ensure that applications are robust and tolerant to faults; (5) scalable to enable applications to handle larger numbers of clients simultaneously; and (6) affordable to ensure that the total ownership costs of software acquisition and evolution are not prohibitively high.

by Douglas C Schmidt, Aniruddha Gokhale, Balachandran Natarajan

Simulators: Virtual Machines of the Past (and Future)

Simulators are a form of "virtual machine" intended to address a simple problem: the absence of real hardware. Simulators for past systems address the loss of real hardware and preserve the usability of software after real hardware has vanished. Simulators for future systems address the variability of future hardware designs and facilitate the development of software before real hardware exists.

Simulators: Virtual Machines of the Past (and Future)

Has the time come to kiss that old iron goodbye?

Bob Supnik, Sun Microsystems

 

Simulators are a form of “virtual machine” intended to address a simple problem: the absence of real hardware. Simulators for past systems address the loss of real hardware and preserve the usability of software after real hardware has vanished. Simulators for future systems address the variability of future hardware designs and facilitate the development of software before real hardware exists.

by Bob Supnik