Topic
Virtual hosting
About: Virtual hosting is a research topic. Over the lifetime, 30 publications have been published within this topic receiving 640 citations. The topic is also known as: Virtual Host & Virtual Hosting.
Papers
Patent•
10 Sep 1998TL;DR: In this paper, a method for identifying services, service elements and dependencies among the services and service elements includes executing first and second phases of discovery, in which the first phase is focused on detecting inter-service dependencies, i.e., conditions in which proper operation of one service relies upon at least one other service.
Abstract: A method for identifying services, service elements and dependencies among the services and service elements includes executing first and second phases of discovery. In the first phase, the services and service elements are detected, as well as a first set of dependencies. The second phase is based on results of the first phase and is focused upon detecting inter-service dependencies, i.e., conditions in which proper operation of one service relies upon at least one other service. Various techniques may be used in executing the first phase, including accessing information in a domain name service (DNS) of the network to identify dependencies, as well as services and service elements. Discovery within the first phase may also be based upon recognizing naming conventions. Regarding the second phase, one approach to discovering inter-service dependencies is to deploy discovery agents implemented in computer software to access content of configuration files of applications detected in the first phase. Discovery agents may also be used to monitor connections completed via specified service elements detected in the first phase, such that other inter-service dependencies are identified. As an alternative or additional approach, network probes may be deployed to access information of data packets transmitted ted between service elements detected in the first phase, with the accessed packet information being used to detect inter-service dependencies. When information of the DNS is accessed in the first phase, the information is used as a basis for determining at least some of (1) groups of service elements that are generally equivalent with respect to executing a particular service within the network, (2) hosts supporting virtual hosting, (3) hosts supporting virtual servers, and (4) name servers.
237 citations
26 Jun 2017
TL;DR: This paper presents the information leakage channels that are accessible within the containers, the root causes of the containers' information leakages, and a two-stage defense approach that is effective and incurs trivial performance overhead.
Abstract: Container technology provides a lightweight operating system level virtual hosting environment. Its emergence profoundly changes the development and deployment paradigms of multi-tier distributed applications. However, due to the incomplete implementation of system resource isolation mechanisms in the Linux kernel, some security concerns still exist for multiple containers sharing an operating system kernel on a multi-tenancy container cloud service. In this paper, we first present the information leakage channels we discovered that are accessible within the containers. Such channels expose a spectrum of system-wide host information to the containers without proper resource partitioning. By exploiting such leaked host information, it becomes much easier for malicious adversaries (acting as tenants in the container clouds) to launch advanced attacks that might impact the reliability of cloud services. Additionally, we discuss the root causes of the containers' information leakages and propose a two-stage defense approach. As demonstrated in the evaluation, our solution is effective and incurs trivial performance overhead.
146 citations
1 May 2000
TL;DR: The Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection allows unsecured and secured HTTP traffic to share the same well known port.
Abstract: This memo explains how to use the Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well known port (in this case, http: at 80 rather than https: at 443). It also enables "virtual hosting", so a single HTTP + TLS server can disambiguate traffic intended for several hostnames at a single IP address.
118 citations
Proceedings Article•
1 Jan 2003
TL;DR: This article is focused on design, implementation and performance aspects of experimental clonable network stack support in the FreeBSD kernel.
Abstract: Traditionally, UNIX operating systems have been equipped with monolithic network stack implementations, meaning all user processes have to cooperatively share a single networking subsystem. The introduction of the network stack cloning model enables the kernel to simultaneously maintain multiple independent and isolated network stack instances. Combined with forcible binding of user processes to individual network stacks, this concept can bring us a step closer to an efficient pseudo virtual machine functionality which opens new possibilities particularly in virtual hosting applications, as well as in other less obvious areas such as network simulation and advanced VPN provisioning. This article is focused on design, implementation and performance aspects of experimental clonable network stack support in the FreeBSD kernel.
70 citations
TL;DR: It is demonstrated that the information leakage channels discovered could be exploited to infer private data, detect and verify co-residence, build covert channels, and launch more advanced cloud-based attacks.
Abstract: Container technology provides a lightweight operating system level virtual hosting environment. Its emergence profoundly changes the development and deployment paradigms of multi-tier distributed applications. However, due to the incomplete implementation of system resource isolation mechanisms in the Linux kernel, some security concerns still exist for multiple containers sharing an operating system kernel on a multi-tenancy container-based cloud service. In this paper, we first present the information leakage channels we discovered that are accessible within containers. Such channels expose a spectrum of system-wide host information to containers without proper resource partitioning. By exploiting such leaked host information, it becomes much easier for malicious adversaries (acting as tenants in a container cloud) to launch attacks that might impact the reliability of cloud services. We demonstrate that the information leakage channels could be exploited to infer private data, detect and verify co-residence, build covert channels, and launch more advanced cloud-based attacks. We discuss the root causes of the containers’ information leakage and propose a two-stage defense approach. As demonstrated in the evaluation, our defense is effective and incurs trivial performance overhead.
66 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2021 | 1 |
| 2020 | 1 |
| 2017 | 2 |
| 2015 | 1 |
| 2014 | 1 |
| 2013 | 1 |