robur/homepage-data
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Technology: Running unikernel

Browse source
This commit is contained in:
linse 2017-09-16 15:50:01 -04:00
parent f723ab2f59
commit 0a7f4b339b
1 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
Technology
View file

@ -36,7 +36,13 @@ the interface on which OCaml runs.
OCaml is a functional programming language that minimizes side effects and mutable state. OCaml is a functional programming language that minimizes side effects and mutable state.
Its functional programming concepts give us a list of security advantages for MirageOS. Its functional programming concepts give us a list of security advantages for MirageOS.
## MirageOS: Running a unikernel & system security ## Running a unikernel & system security
Aside from automated memory management to avoid memory corruption, and type checking to avoid many common
programming errors, the major advantage of functional programming is localized reasoning about program code.
All inputs, outputs and effects of a function are known.
Immutable datastructures and cooperative multitasking allow us to reason about the state of the entire system,
even if we use parallelism and complex distributed systems.
### Simple config management model with localized reasoning ### Simple config management model with localized reasoning
@ -49,10 +55,10 @@ network configuration or TLS certificate and key.
- Store this information in a virtual block device which is attached to the - Store this information in a virtual block device which is attached to the
virtual machine. virtual machine.
For example, logs can be exfiltrated using syslog with UDP, TCP, or TLS as For example, logs can be written from the unikernel to a syslog collector with UDP, TCP, or TLS as
transport. The transport to use has to be chosen at compile time because TLS transport. The transport needs to be chosen at compile time because TLS
requires the TLS library to be linked in, but the log destination can be passed requires the TLS library to be linked into the kernel image, but the log destination is passed
as boot parameter to the unikernel. as boot parameter.
### Simple concurrency model with localized reasoning ### Simple concurrency model with localized reasoning
@ -60,7 +66,7 @@ MirageOS is an event based operating system with asynchronous tasks. A task
yields the CPU once its execution is finished, or if it has to wait for IO. yields the CPU once its execution is finished, or if it has to wait for IO.
This concurrency model leads to a cooperative multitasking programming style, This concurrency model leads to a cooperative multitasking programming style,
rather than the error prone preemptive multitasking where each code block needs rather than the error prone preemptive multitasking where each code block needs
to be hardened to allow reentrant execution. to make sure to use appropriate locking strategies, to avoid reentrant execution errors.
TODO: For example .. TODO: For example ..