robur/homepage-data
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

.

Browse source
This commit is contained in:
Hannes Mehnert 2017-09-17 16:08:27 +01:00
parent 1150d2455f
commit 7f9a5454d1
1 changed files with 19 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
Home
View file

@ -4,7 +4,7 @@ author: someone
--- ---
At robur, we build performant bespoke minimal operating systems for high-assurance services. At robur, we build performant bespoke minimal operating systems for high-assurance services.
Advantages With our approach to systems development we provide the following advantages for you:
* based on the unikernel pioneer [MirageOS](https://mirage.io) * based on the unikernel pioneer [MirageOS](https://mirage.io)
* secure implementation guarded against memory corruption, typelevel problems, leaky abstraction and unforseen state * secure implementation guarded against memory corruption, typelevel problems, leaky abstraction and unforseen state
* ready for the cloud, services run on all major hypervisors * ready for the cloud, services run on all major hypervisors
@ -13,10 +13,24 @@ Advantages
* can target embedded devices because of small size and the ability to compile to native code * can target embedded devices because of small size and the ability to compile to native code
* minimized state allows to reason about entire systems and their adherence to the specification * minimized state allows to reason about entire systems and their adherence to the specification
* extensive library ecosystem, yet minimal trusted code base at runtime * extensive library ecosystem, yet minimal trusted code base at runtime
* rapid prototyping with a seamless path from prototype to production
from scratch with security in mind, directly on the virtualization layer. Computers on the Internet get compromised,
Each service is a separate virtual machine image with exactly the - to access data on the computer (databases, passwords, user accounts) or block
required code, and no need for a multi-purpose operating system kernel. access to it (Ransomware),
- to participate in DoS of other services (e.g. the Mirai botnet on SmartTVs)
and manipulate opinion (chatbots).
The software stack often includes parts which are no longer needed, such as
floppy disk drivers. Critical security updates are rarely deployed in time,
because such a change may result in unforeseen behaviour. Additionally, lots of
embedded devices (home router, SmartTV, etc.) have no secure update channel.
Instead of trying to fix these decades-old operating systems, which were
designed as multi-user time sharing systems of the past, we build small services
from scratch with security in mind, directly on the hypervisor. In
our operating system, each service is a separate virtual machine with only the
required code.
This makes our systems much smaller. The binary size of an HTTP server with TLS This makes our systems much smaller. The binary size of an HTTP server with TLS
support in our system is around 4% compared to one in a conventional operating support in our system is around 4% compared to one in a conventional operating
@ -30,7 +44,7 @@ formally verify the correctness of the entire virtual machine with a theorem
prover. prover.
One of our single purpose operating systems boots within milliseconds, and has a One of our single purpose operating systems boots within milliseconds, and has a
tiny memory footprint. For client-side features that run in a webbrowser, we minimal memory footprint. For client-side features that run in a webbrowser, we
compile to JavaScript from the same codebase, to ensure consistency. The strong compile to JavaScript from the same codebase, to ensure consistency. The strong
and static type system helps to detect errors early, and enables rapid and static type system helps to detect errors early, and enables rapid
prototyping. For production use the prototype code can be further optimized for prototyping. For production use the prototype code can be further optimized for