Association for Computing Machinery
The trusted computing base of legacy applications can be reduced significantly by separating their security-critical parts into dedicated protection domains. As yet, paravirtualization has been used to host the non-secure portion. The applicability of this approach is limited by the need of source code access. The authors show how to implement efficient virtual machines in a microkernel-based system enabling the reuse of arbitrary operating systems. They found that the performance is on par with other virtual machine implementations, while security-sensitive applications retain their small trusted computing base.