robur/homepage-data
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

more

Browse source
This commit is contained in:
Hannes Mehnert 2017-09-17 16:26:55 +01:00
parent 53ebc3bc75
commit 1bc356216f
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
Home
View file

@ -26,23 +26,23 @@ change may result in unforeseen behaviour. Additionally, lots of embedded
devices (home router, SmartTV, etc.) do not have a secure update channel.
Instead of trying to fix these decades-old operating systems, which were
designed as multi-user time sharing systems of the past, we build small services
from scratch with security in mind, directly on the hypervisor. In
our operating system, each service is a separate virtual machine with only the
required code.
designed based on demands at that time (e.g. time-multiplexed multi-user
computers), we build small services from scratch with security in mind. Each
service is run as a separate virtual machine on any hypervisor with only the
strictly necessary code.
This makes our systems much smaller. The binary size of an HTTP server with TLS
support in our system is around 4% compared to one in a conventional operating
system, making the attack surface much smaller.
This makes our virtual machines much smaller. The binary size of an HTTP server
with TLS support is around 4% compared to one using a conventional Linux
operating system, making the attack surface much smaller.
Additionally, we use a safe programming language: a statically and strongly
typed functional programming language with automated memory management. This
Additionally, we use a functional programming language with static
types and automated memory management. This
reduces the attack vectors: temporal and spatial memory corruption are no
concern anymore. The declarative programming style makes it possible to
formally verify the correctness of the entire virtual machine with a theorem
prover.
One of our single purpose operating systems boots within milliseconds, and has a
One of our unikernels boots within milliseconds, and has a
minimal memory footprint. For client-side features that run in a webbrowser, we
compile to JavaScript from the same codebase, to ensure consistency. The strong
and static type system helps to detect errors early, and enables rapid