This paper presented the architecture of Browser Operating System. The BOS runs the client-side component of each Web application (e.g., on-line banking, Web mail) in its own virtual machine. The BOS lets Web publishers limit the scope of their Web applications by specifying which URLs and other resources their browsers are allowed to access. The BOS treats Web applications as first class objects that users explicitly install and manage. It defines a new trusted system layer, the browser operating system (BOS), on top of which browser implementations (such as Netscape or IE) can run. It provides explicit support for Web applications. A Web application consists of a browser instance, which includes a client-side browser executing dynamic Web content and code, and a Web service, which is a collection of Web sites with which the browser instance is permitted to communicate. It enforces isolation between Web applications, prohibiting one application from spying on or interfering with other applications or host resources. Each Web application has an associated browser instance that is sandboxed within a virtual machine.

BARHAM, P., DRAGOVIC, B., FRASER, K., HAND, S., HARRIS, T., HO, A., NEUGEBAUER, R., PRATT, I., AND WARFIELD, A. Xen and the Art of Virtualization. In Proc. 19th SOSP (Lake George, NY, Oct 2003).

BANGA, G., DRUSCHEL, P., AND MOGUL, J. C. Resource Containers: A New Facility for Resource Management in Server Systems. In Proc. 3rd OSDI (New Orleans, LA, Feb 1999), pp. 45.58.

AJAY TIRUMALA, FENG QIN, JON DUGAN, JIM FERGUSON, AND KEVIN GIBBS. Iperf version 1.7.1. http://dast.nlanr.net/Projects/Iperf/.

FRASER, K., HAND, S., NEUGEBAUER, R., PRATT, I., ELD, A. W., AND WILLIAMSON, M. Safe Hardware Access with the Xen Virtual Machine Monitor. In First Workshop on Operating System and Architectural Support for the On-Demand IT Infrastructure (OASIS) (Oct 2004).

DRAVES, R. P., BERSHAD, B. N., AND FORIN, A. F. Using Microbenchmarks to Evaluate System Performance. In Proc. 3rd Workshop on Workstation Operating Systems (Apr 1992), pp. 154.159.

CLARK, B., DESHANE, T., DOW, E., EVANCHIK, S., FINLAYSON, M., HERNE, J., AND MATTHEWS, J. Xen and the art of repeated research. In USENIX Technical Conference FREENIX Track (June 2004).

KAMP, P.-H., AND WATSON, R. N. M. Jails: Con_ning the Omnipotent Root. In Proc. 2nd Int. SANE Conf. (Maastricht, The Netherlands, May 2000).

KATCHER, J. Postmark: a new _le system benchmark. In TR3022. Network Appliance (October 1997).

LESLIE, I. M., MCAULEY, D., BLACK, R., ROSCOE, T., BARHAM, P. T., EVERS, D., FAIRBAIRNS, R., AND HYDEN, E. The Design and Implementation of an Operating System to Support Distributed Multimedia Applications. IEEE J. Sel. Areas Comm. 14, 7 (1996), 1280.1297.

LINUX ADVANCED ROUTING AND TRAFFIC CONTROL. http://lartc.org/.

LINUX-VSERVER PROJECT. http://linux-vserver.org/.

MCCARTY, B. SELINUX: NSA’s open source Security Enhanced Linux. O'Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472, USA, 2005.

MCVOY, L., AND STAELIN, C. lmbench: Portable Tools for Performance Analysis. In Proc. USENIX ’96 (Jan 1996), pp. 279.294.

NABAH, S., FRANKE, H., CHOI, J., SEETHARAMAN, C., KAPLAN, S., SINGHI, N., KASHYAP, V., AND KRAVETZ, M. Class-based prioritized resource control in Linux. In Proc. OLS 2003 (Ottawa, Ontario, Canada, Jul 2003).

OSMAN, S., SUBHRAVETI, D., SU, G., AND NIEH, J. The Design and Implementation of Zap: A System for Migrating Computing Environments. In Proc. 5th OSDI (Boston, MA, Dec 2002), pp. 361.376.

PETERSON, L., BAVIER, A., FIUCZYNSKI, M. E., AND MUIR, S. Experiences building planetlab. In Proceedings of the 7th USENIX

Symposium on Operating System Design and Implementation (OSDI ’06) (Seattle,WA, November 2006).

POTTER, S., AND NIEH, J. Autopod: Unscheduled system updates with zero data loss. In Abstract in Proceedings of the Second IEEE International Conference on Autonomic Computing (ICAC 2005) (June 2005).

PRICE, D., AND TUCKER, A. Solaris zones: Operating system support for consolidating commercial workloads. In Proceedings of the 18th Usenix LISA Conference. (2004).

REGEHR, J. Inferring scheduling behavior with hourglass. In In Proceedings of the Freenix Track of the 2002 USENIX Annual Technical Conference (June 2002).

RUAN, Y., PAI, V. S., NAHUM, E., AND TRACEY, J. M. Evaluating the impact of simultaneous multithreading on network servers using real hardware. In SIGMETRICS ’05: Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems (New York, NY, USA, 2005), ACM Press, pp. 315.326.