diff --git a/Home b/Home index 114fe1c..a702211 100644 --- a/Home +++ b/Home @@ -2,40 +2,21 @@ title: Robust Open Bare-metal Ubiquitous Resilient author: someone --- +At robur, we build performant bespoke minimal operating systems for high-assurance services. -TODO: vermutlich ist es marketingmaessig klug, folgende features besser zu verkaufen: -- targeted hypervisors: KVM, ... on amd64 and arm64; Xen on am64 and arm32 -- compiles to JavaScript (for single-language web applications) -- high-level memory-safe language allows for quick turnaround cycles during development and feature addition -- visualisation / comparison of the trusted code base -- decent performance -- fast boot time -- several libraries already deployed by others (Docker) -- 'scalable cloud-ready' (cap'n proto, prometheus, ...) -- small footprint (MB of memory -> lots of per server) -- could spawn a VM for each user -- energy efficient (https://sites.google.com/view/energy-efficiency-languages/) +Advantages +* based on the unikernel pioneer [MirageOS](https://mirage.io) +* secure implementation guarded against memory corruption, typelevel problems, leaky abstraction and unforseen state +* ready for the cloud, services run on all major hypervisors +* instant boot +* competitive performance comparable to C / C++ +* can target embedded devices because of small size and the ability to compile to native code +* minimized state allows to reason about entire systems and their adherence to the specification +* extensive library ecosystem, yet minimal trusted code base at runtime -Computers on the Internet get compromised, -- to access data on the computer (databases, passwords, user accounts) or block - access to it (Ransomware), -- to participate in DoS of other services (e.g. the Mirai botnet on SmartTVs) - and manipulate opininon (chatbots). - -The software stack is often missing critical security updates, most embedded -devices (home router, SmartTV, etc.) have no secure update channel, they need a -secure system from the start. - -Recent security solutions focus on containing compromised software by using -virtualisation technology and containers. But the root cause remains: running -old systems that are insecure. - -Instead of trying to fix these decades-old operating systems, which were -designed as multi-user time sharing systems of the past, we build small services -from scratch with security in mind, directly on the virtualization layer. In -our operating system, each service is a separate virtual machine with only the -required code (usually no need for process- and user management, or a file -system), and no copy of a multi-purpose operating system kernel. +from scratch with security in mind, directly on the virtualization layer. +Each service is a separate virtual machine image with exactly the +required code, and no need for a multi-purpose operating system kernel. This makes our systems much smaller. The binary size of an HTTP server with TLS support in our system is around 4% compared to one in a conventional operating