homepage-data/Home

51 lines
2.8 KiB
Text
Raw Normal View History

2017-09-10 22:25:32 +00:00
---
2017-09-17 15:35:29 +00:00
title: What is robur?
2017-09-10 22:25:32 +00:00
---
2017-09-17 14:54:34 +00:00
At robur, we build performant bespoke minimal operating systems for high-assurance services.
2017-09-17 15:08:27 +00:00
With our approach to systems development we provide the following advantages for you:
2017-09-17 15:25:21 +00:00
* systems based on the unikernel pioneer [MirageOS](https://mirage.io)
2017-09-17 14:54:34 +00:00
* secure implementation guarded against memory corruption, typelevel problems, leaky abstraction and unforseen state
* ready for the cloud, services run on all major hypervisors
* instant boot
2017-09-17 18:57:20 +00:00
* competitive performance comparable to C
2017-09-17 14:54:34 +00:00
* can target embedded devices because of small size and the ability to compile to native code
* minimized state allows to reason about entire systems and their adherence to the specification
* extensive library ecosystem, yet minimal trusted code base at runtime
2017-09-17 15:08:27 +00:00
* rapid prototyping with a seamless path from prototype to production
2017-09-16 17:04:53 +00:00
2017-09-17 15:25:21 +00:00
Computers on the Internet get compromised mostly to gain or block access to data.
User data is being downloaded, leaked and sold, or ransomware blocks access to user data until a fee
is paid. Other common attacks target compute resources, to use them in denial of service
attacks or to manipulate opinion with chatbots.
2017-09-17 15:08:27 +00:00
2017-09-17 15:33:34 +00:00
Common software stacks often include legacy parts at runtime that provide unnecessary attack surface.
Critical security updates are rarely deployed on time, because they result in unforeseen behaviour. Also, lots of embedded
devices are missing a secure update channel.
2017-09-17 15:08:27 +00:00
2017-09-17 21:29:48 +00:00
[//]: # (====== marker fuer linse - aber ein comment in markdown)
2017-09-17 18:06:05 +00:00
We at robur are building minimal services, called *unikernels*, from scratch with security in mind,
instead of trying to fix these decades-old software, which was
designed based on demands from earlier days.
Each
service is executed as a virtual machine on any major hypervisor, and contains only the
2017-09-17 15:26:55 +00:00
strictly necessary code.
2017-09-17 18:06:05 +00:00
The number of lines and the binary size of a unikernel with HTTP
and TLS support is around 4% compared to a virtual machine using a conventional
UNIX / Linux operating system.
The security of a unikernel is improved by the reduction of the attack surface.
2017-09-16 16:52:05 +00:00
2017-09-17 18:06:05 +00:00
Our unikernels are implemented in a functional programming language with a static
type system and automated memory management.
Buffer overflows and double frees are no concern to us.
A unikernel avoids these common attack vectors by the choice of the programming language.
2017-09-16 16:52:05 +00:00
2017-09-17 18:06:05 +00:00
We can prototype rapidly, because the type system detects errors early, and we don't need to manage memory by hand.
Turning a prototype into production is usually a question of fine-tuning its performance.
2017-09-16 18:06:47 +00:00
2017-09-17 18:06:05 +00:00
Our declarative programming style makes it even possible to
formally verify an entire virtual machine using a theorem
prover.
2017-09-16 18:06:47 +00:00
2017-09-17 18:06:05 +00:00
The boot time of a unikernel can be measured in a few milliseconds, redeployment
after updates is instantenous. We can create unikernels on demand.