2017-09-10 22:25:32 +00:00
|
|
|
---
|
2017-09-17 15:35:29 +00:00
|
|
|
title: What is robur?
|
2017-09-10 22:25:32 +00:00
|
|
|
---
|
2017-09-17 14:54:34 +00:00
|
|
|
At robur, we build performant bespoke minimal operating systems for high-assurance services.
|
2017-09-17 15:08:27 +00:00
|
|
|
With our approach to systems development we provide the following advantages for you:
|
2017-09-17 15:25:21 +00:00
|
|
|
* systems based on the unikernel pioneer [MirageOS](https://mirage.io)
|
2017-09-17 14:54:34 +00:00
|
|
|
* secure implementation guarded against memory corruption, typelevel problems, leaky abstraction and unforseen state
|
|
|
|
|
* ready for the cloud, services run on all major hypervisors
|
|
|
|
|
* instant boot
|
2017-09-17 18:57:20 +00:00
|
|
|
* competitive performance comparable to C
|
2017-09-17 14:54:34 +00:00
|
|
|
* can target embedded devices because of small size and the ability to compile to native code
|
|
|
|
|
* minimized state allows to reason about entire systems and their adherence to the specification
|
|
|
|
|
* extensive library ecosystem, yet minimal trusted code base at runtime
|
2017-09-17 15:08:27 +00:00
|
|
|
* rapid prototyping with a seamless path from prototype to production
|
2017-09-16 17:04:53 +00:00
|
|
|
|
2017-09-17 15:25:21 +00:00
|
|
|
Computers on the Internet get compromised mostly to gain or block access to data.
|
|
|
|
|
User data is being downloaded, leaked and sold, or ransomware blocks access to user data until a fee
|
|
|
|
|
is paid. Other common attacks target compute resources, to use them in denial of service
|
|
|
|
|
attacks or to manipulate opinion with chatbots.
|
2017-09-17 15:08:27 +00:00
|
|
|
|
2017-09-17 15:33:34 +00:00
|
|
|
Common software stacks often include legacy parts at runtime that provide unnecessary attack surface.
|
|
|
|
|
Critical security updates are rarely deployed on time, because they result in unforeseen behaviour. Also, lots of embedded
|
|
|
|
|
devices are missing a secure update channel.
|
2017-09-17 15:08:27 +00:00
|
|
|
|
2017-09-17 21:29:48 +00:00
|
|
|
[//]: # (====== marker fuer linse - aber ein comment in markdown)
|
2017-09-17 18:06:05 +00:00
|
|
|
We at robur are building minimal services, called *unikernels*, from scratch with security in mind,
|
|
|
|
|
instead of trying to fix these decades-old software, which was
|
|
|
|
|
designed based on demands from earlier days.
|
|
|
|
|
Each
|
|
|
|
|
service is executed as a virtual machine on any major hypervisor, and contains only the
|
2017-09-17 15:26:55 +00:00
|
|
|
strictly necessary code.
|
2017-09-17 18:06:05 +00:00
|
|
|
The number of lines and the binary size of a unikernel with HTTP
|
|
|
|
|
and TLS support is around 4% compared to a virtual machine using a conventional
|
|
|
|
|
UNIX / Linux operating system.
|
|
|
|
|
The security of a unikernel is improved by the reduction of the attack surface.
|
2017-09-16 16:52:05 +00:00
|
|
|
|
2017-09-17 18:06:05 +00:00
|
|
|
Our unikernels are implemented in a functional programming language with a static
|
|
|
|
|
type system and automated memory management.
|
|
|
|
|
Buffer overflows and double frees are no concern to us.
|
|
|
|
|
A unikernel avoids these common attack vectors by the choice of the programming language.
|
2017-09-16 16:52:05 +00:00
|
|
|
|
2017-09-17 18:06:05 +00:00
|
|
|
We can prototype rapidly, because the type system detects errors early, and we don't need to manage memory by hand.
|
|
|
|
|
Turning a prototype into production is usually a question of fine-tuning its performance.
|
2017-09-16 18:06:47 +00:00
|
|
|
|
2017-09-17 18:06:05 +00:00
|
|
|
Our declarative programming style makes it even possible to
|
|
|
|
|
formally verify an entire virtual machine using a theorem
|
|
|
|
|
prover.
|
2017-09-16 18:06:47 +00:00
|
|
|
|
2017-09-17 18:06:05 +00:00
|
|
|
The boot time of a unikernel can be measured in a few milliseconds, redeployment
|
|
|
|
|
after updates is instantenous. We can create unikernels on demand.
|
