Interposition Agents: Transparently Interposing User Code at the System Interface

  • Michael B. Jones
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1603)


Many contemporary operating systems utilize a system call interface between the operating system and its clients. Increasing numbers of systems are providing low-level mechanisms for intercepting and handling system calls in user code. Nonetheless, they typically provide no higher-level tools or abstractions for effectively utilizing these mechanisms. Using them has typically required reimplementation of a substantial portion of the system interface from scratch, making the use of such facilities unwieldy at best.

This paper presents a toolkit that substantially increases the ease of interposing user code between clients and instances of the system interface by allowing such code to be written in terms of the high-level objects provided by this interface, rather than in terms of the intercepted system calls themselves. This toolkit helps enable new interposition agents to be written, many of which would not otherwise have been attempted. This toolkit has also been used to construct several agents including: system call tracing tools, file reference tracing tools, and customizable filesystem views. Examples of other agents that could be built include: protected environments for running untrusted binaries, logical devices implemented entirely in user space, transparent data compression and/or encryption agents, transactional software environments, and emulators for other operating system environments.


System Call Address Space System Interface File Descriptor UNIX System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Accetta, R. Baron, D. Golub, R. Rashid, A. Tevanian, and M. Young. Mach: A new kernel foundation for UNIX development. In Proc. Summer 1986 USENIX Technical Conference and Exhibition, June 1986.Google Scholar
  2. 2.
    Apple Computer, Inc. Macintosh System Software User’s Guide Version 6.0, 1988.Google Scholar
  3. 3.
    AT&T, Customer Information Center, P.O. Box 19901, Indianapolis, IN 46219. System V Interface Definition, Issue 2, 1986.Google Scholar
  4. 4.
    AT&T. Unix System V Release 4.0 Programmer’s Reference Manual, 1989.Google Scholar
  5. 5.
    Robert V. Baron, David Black, William Bolosky, Jonathan Chew, Richard P. Draves, David B. Golub, Richard F. Rashid, Avadis Tevanian, Jr., and Michael Wayne Young. Mach Kernel Interface Manual. Carnegie Mellon University School of Computer Science, August 1990.Google Scholar
  6. 6.
    Brian N. Bershad and C. Brian Pinkerton. Watchdogs: Extending the unix filesystem. In Winter Usenix Conference Proceedings, Dallas, 1988.Google Scholar
  7. 7.
    D. G. Bobrow, J. D. Burchfiel, D. L. Murphy, and R. S. Tomlinson. TENEX, a paged time sharing system for the PDP-10. Communications of the ACM, 15(3):135–143, March 1972.CrossRefGoogle Scholar
  8. 8.
    D. R. Brownbridge, L. F. Marshall, and B. Randell. The Newcastle Connection, or UNIXes of the world unite! Software — Practice and Experience, 12:1147–1162, 1982.CrossRefGoogle Scholar
  9. 9.
    David R. Cheriton. The V distributed system. Communications of the ACM, 31(3):314–333, March 1988.CrossRefGoogle Scholar
  10. 10.
    F. W. Clegg, G. S.-F. Ho, S. R. Kusmar, and J. R. Sontag. The HP-UX operating system on HP Precision Architecture computers. Hewlett-Packard Journal, 37(12):4–22, December 1986.Google Scholar
  11. 11.
    David S. H. Rosenthal. Evolving the vnode interface. In USENIX Conference Proceedings, pages 107–118. USENIX, June 1990.Google Scholar
  12. 12.
    Digital Equipment Corporation. DECSYSTEM-20 Monitor Calls Reference Manual, January 1978.Google Scholar
  13. 13.
    Digital Equipment Corporation. ULTRIX Reference Pages, Section 2 System Calls, 1989.Google Scholar
  14. 14.
    D. Eastlake, R. Greenblatt, J. Holloway, T. Knight, and S. Nelson. ITS 1.5 reference manual. Memorandum no. 161, M.I.T. Artificial Intelligence Laboratory, July 1969. Revised form of ITS 1.4 Reference Manual, June 1968.Google Scholar
  15. 15.
    S. I. Feldman. Make — a program for maintaining computer programs. Software — Practice and Experience, 9(4):255–265, 1979.MATHCrossRefGoogle Scholar
  16. 16.
    David Golub, Randall Dean, Alessandro Forin, and Richard Rashid. Unix as an application program. In Summer Usenix Conference Proceedings, Anaheim, June 1990.Google Scholar
  17. 17.
    Richard G. Guy, John S. Heidemann, Wai Mak, Thomas W. Page, Jr., Gerald J. Popek, and Dieter Rothmeier. Implementation of the Ficus replicated file system. In USENIX Conference Proceedings, pages 63–71. USENIX, June 1990.Google Scholar
  18. 18.
    John S. Heidemann. Stackable layers: an architecture for file system development. Master’s thesis, University of California, Los Angeles, July 1991. Available as UCLA technical report CSD-910056.Google Scholar
  19. 19.
    J. H. Howard, M. L. Kazar, S. G. Menees, D. A. Nichols, M. Satyanarayanan, R. N. Sidebotham, and M. J. West. Scale and performance in a distributed file system. ACM Transactions on Computer Systems, 6(1), February 1988.Google Scholar
  20. 20.
    N. C. Hutchinson and L. L. Peterson. Design of the x-kernel. In Proceedings of the SIGCOMM’ 88 Symposium, pages 65–75, Stanford, CA, August 1988.Google Scholar
  21. 21.
    Michael B. Jones. Inheritance in unlikely places: Using objects to build derived implementations of flat interfaces. In Proceedings of the Third International Workshop on Object Orientation in Operating Systems, Paris, September 1992.Google Scholar
  22. 22.
    Michael B. Jones. Transparently Interposing User Code at the System Interface. PhD thesis, Carnegie Mellon University, September 1992. Available as Technical Report CMU-CS-92-170.Google Scholar
  23. 23.
    J.J. Kistler and M. Satyanarayanan. Disconnected operation in the coda file system. ACM Transactions on Computer Systems, 10(1), February 1992.Google Scholar
  24. 24.
    Philip Koch and David Gelhar. DTSS System Programmer’s Reference Manual. Dartmouth College, Hanover, NH, November 1986. Kiewit Computation Center TM059.Google Scholar
  25. 25.
    Samuel J. Leffler, Marshall Kirk McKusick, Michael J. Karels, and John S. Quarterman. The Design and Implementation of the 4.3BSD UNIX Operating System. Addison-Wesley, October 1990.Google Scholar
  26. 26.
    Paul R. McJones and Garret F. Swart. Evolving the unix system interface to support multithreaded programs. Research Report 21, Digital Equipment Corporation, Systems Research Center, September 1987.Google Scholar
  27. 27.
    M. K. McKusick, W. N. Joy, S. J. Leffler, and R. S. Fabry. A fast file system for unix. ACM Transactions on Computer Systems, 2(3), August 1984.Google Scholar
  28. 28.
    Microsoft Corporation. Microsoft Windows User’s Guide, 1987.Google Scholar
  29. 29.
    Microsoft Corporation. Microsoft MS-DOS Operating System version 5.0 User’s Guide and Reference, 1991.Google Scholar
  30. 30.
    Lily B. Mummert and M. Satyanarayanan. Efficient and portable file reference tracing in a distributed workstation environment. To be published as a Carnegie Mellon University School of Computer Science technical report, June 1992.Google Scholar
  31. 31.
    Peter Norton Computing, Incorporated. The Norton Utilities for the Macintosh. 1990.Google Scholar
  32. 32.
    Now Software, Inc. Now Utilities: File & Application Management, System Management, and System Extensions, 1990.Google Scholar
  33. 33.
    R. P. Parmelee, T. I. Peterson, C. C. Tillman, and D. J. Hatfield. Virtual storage and virtual machine concepts. IBM Systems Journal, 11(2):99–130, 1972.CrossRefGoogle Scholar
  34. 34.
    Michael O. Rabin and J. D. Tygar. An integrated toolkit for operating system security. Technical Report TR-05-87, Harvard University Center for Research in Computing Technology, Cambridge, MA, May 1987. Revised August 1988.Google Scholar
  35. 35.
    R. F. Rashid and G. Robertson. Accent: A communication oriented network operating system kernel. In Proceedings of the 8th Symposium on Operating Systems Principles, pages 64–75, December 1981.Google Scholar
  36. 36.
    Brian K. Reid and Janet H. Walker. SCRIBE Introductory User’s Manual. UNI-LOGIC, Ltd., third edition, May 1980.Google Scholar
  37. 37.
    Salient Software, Inc. DiskDoubler User’s Manual, 1991.Google Scholar
  38. 38.
    M. Satyanarayanan, J. J. Kistler, P. Kumar, M. E. Okasaki, E. H. Siegel, and D. C. Steere. Coda: A highly available file system for a distributed workstation environment. IEEE Transactions on Computers, 39(4), April 1990.Google Scholar
  39. 39.
    Stac Electronics, Inc. Stacker 2.1 User Guide, 1992.Google Scholar
  40. 40.
    Richard M. Stallman. Using and Porting GNU CC, for version 1.37. Free Software Foundatation, Inc., 1990.Google Scholar
  41. 41.
    J. E. Stoy and C. Strachey. OS6 — an experimental operating system for a small computer. Part 1: General principles and structure. Computer Journal, 15(2):117–124, May 1972.MATHGoogle Scholar
  42. 42.
    J. E. Stoy and C. Strachey. 0S6 — an experimental operating system for a small computer. Part 2: Input/output and filing system. Computer Journal, 15(3):195–203, August 1972.CrossRefGoogle Scholar
  43. 43.
    Howard Ewing Sturgis. A postmortem for a time sharing system. Xerox Research Report CSL-74-1, Xerox Palo Alto Research Center, January 1974.Google Scholar
  44. 44.
    Sun Microsystems, Inc. SunOS Reference Manual, May 1988. Part No. 800-1751-10.Google Scholar
  45. 45.
    Symantec Corporation. The Norton AntiVirus, 1991.Google Scholar
  46. 46.
    Symantec Corporation. Symantec AntiVirus for Macintosh, 1991.Google Scholar
  47. 47.
    Robert H. Thomas. A resource sharing executive for the ARPANET. In Proceedings of the AFIPS National Computer Conference, volume 42, pages 155–163, June 1973.Google Scholar
  48. 48.
    Robert H. Thomas. JSYS traps — a Tenex mechanism for encapsulation of user processes. In Proceedings of the AFIPS National Computer Conference, volume 44, pages 351–360, 1975.Google Scholar
  49. 49.
    Trend Micro Devices, Incorporated. PC-cillin Virus Immune System User’s Manual, 1990.Google Scholar
  50. 50.
    D. Walsh, B. Lyon, G. Sager, J. M. Chang, D. Goldberg, S. Kleiman, T. Lyon, R. Sandberg, and P. Weiss. Overview of the sun network filesystem. In Winter Usenix Conference Proceedings, Dallas, 1985.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Michael B. Jones
    • 1
  1. 1.Microsoft ResearchMicrosoft CorporationRedmondUSA

Personalised recommendations