Date Added: Feb 2010
This paper argues that the operating system and applications currently running on a real machine should relocate into a virtual machine. This structure enables services to be added below the operating system and to do so without trusting or modifying the operating system or applications. To demonstrate the usefulness of this structure, the authors describe three services that take advantage of it: secure logging, intrusion prevention and detection, and environment migration. In particular, they can provide services below the guest operating system without trusting or modifying it. They believe providing services at this layer are especially useful for enhancing security and mobility.