vmOS: A virtualization-based, secure desktop system

•vmOS provides a balance of security and usability in desktop environment.•Hardware virtualization and hypervisor-level MAC is combined in the architecture of vmOS.•An open, extensible interface compatible with multiple GOSes is provided.•Good communication mechanism between host and guest enables well acceptable performance.•Experiments show that vmOS can provide users suitable protection with less overload. Centralized management is typically applied in modern operating system (OS) architecture; however, such systems are prone to crash when any certain component of the OS is explicitly damaged. The basic reason is that these OSes can rarely support a thoroughly secure or isolated environment either between OS kernel-mode components or between user-mode softwares. To mitigate this issue, we propose vmOS, an operating system that aims at improving the security of desktop computing environment. vmOS applies isolation technique to reduce attack surface, virtualization and mandatory access control to provide isolated environment among system components, application software and user privacy. We implement vmOS by adopting hardware-supported virtualization technology and modifying several well-known open source softwares, which aim to provide run-time efficiency of integrated system. Finally, we evaluate the security and performance by some vulnerability exploits and benchmark tools, showing that vmOS is capable of assuring the overall security of users' desktop computing with less overhead.