Apiary: Easy-to-Use Desktop Application Fault Containment on Commodity Operating Systems
Source: Columbia University
Desktop computers are often compromised by the interaction of unsecure data and buggy software. To address this problem, the authors present Apiary, a system that transparently contains application faults while retaining the usage metaphors of a traditional desktop environment. Apiary accomplishes this with three key mechanisms. It isolates applications in containers that integrate in a controlled manner at the display and file system. It introduces ephemeral containers that are quickly instantiated for single application execution, to prevent any exploit that occurs from persisting and to protect user privacy. It introduces the Virtual Layered File System to make instantiating containers fast and space efficient, and to make managing many containers no more complex than a single traditional desktop.