robur/homepage-data
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Home advantages.

Browse source
This commit is contained in:
linse 2017-09-17 10:54:34 -04:00
parent 9da6f07da1
commit 1150d2455f
1 changed files with 13 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
Home
View file

@ -2,40 +2,21 @@
title: Robust Open Bare-metal Ubiquitous Resilient title: Robust Open Bare-metal Ubiquitous Resilient
author: someone author: someone
--- ---
At robur, we build performant bespoke minimal operating systems for high-assurance services.
TODO: vermutlich ist es marketingmaessig klug, folgende features besser zu verkaufen: Advantages
- targeted hypervisors: KVM, ... on amd64 and arm64; Xen on am64 and arm32 * based on the unikernel pioneer [MirageOS](https://mirage.io)
- compiles to JavaScript (for single-language web applications) * secure implementation guarded against memory corruption, typelevel problems, leaky abstraction and unforseen state
- high-level memory-safe language allows for quick turnaround cycles during development and feature addition * ready for the cloud, services run on all major hypervisors
- visualisation / comparison of the trusted code base * instant boot
- decent performance * competitive performance comparable to C / C++
- fast boot time * can target embedded devices because of small size and the ability to compile to native code
- several libraries already deployed by others (Docker) * minimized state allows to reason about entire systems and their adherence to the specification
- 'scalable cloud-ready' (cap'n proto, prometheus, ...) * extensive library ecosystem, yet minimal trusted code base at runtime
- small footprint (MB of memory -> lots of per server)
- could spawn a VM for each user
- energy efficient (https://sites.google.com/view/energy-efficiency-languages/)
Computers on the Internet get compromised, from scratch with security in mind, directly on the virtualization layer.
- to access data on the computer (databases, passwords, user accounts) or block Each service is a separate virtual machine image with exactly the
access to it (Ransomware), required code, and no need for a multi-purpose operating system kernel.
- to participate in DoS of other services (e.g. the Mirai botnet on SmartTVs)
and manipulate opininon (chatbots).
The software stack is often missing critical security updates, most embedded
devices (home router, SmartTV, etc.) have no secure update channel, they need a
secure system from the start.
Recent security solutions focus on containing compromised software by using
virtualisation technology and containers. But the root cause remains: running
old systems that are insecure.
Instead of trying to fix these decades-old operating systems, which were
designed as multi-user time sharing systems of the past, we build small services
from scratch with security in mind, directly on the virtualization layer. In
our operating system, each service is a separate virtual machine with only the
required code (usually no need for process- and user management, or a file
system), and no copy of a multi-purpose operating system kernel.
This makes our systems much smaller. The binary size of an HTTP server with TLS This makes our systems much smaller. The binary size of an HTTP server with TLS
support in our system is around 4% compared to one in a conventional operating support in our system is around 4% compared to one in a conventional operating