.
This commit is contained in:
parent
1150d2455f
commit
7f9a5454d1
1 changed files with 19 additions and 5 deletions
24
Home
24
Home
|
|
@ -4,7 +4,7 @@ author: someone
|
|||
---
|
||||
At robur, we build performant bespoke minimal operating systems for high-assurance services.
|
||||
|
||||
Advantages
|
||||
With our approach to systems development we provide the following advantages for you:
|
||||
* based on the unikernel pioneer [MirageOS](https://mirage.io)
|
||||
* secure implementation guarded against memory corruption, typelevel problems, leaky abstraction and unforseen state
|
||||
* ready for the cloud, services run on all major hypervisors
|
||||
|
|
@ -13,10 +13,24 @@ Advantages
|
|||
* can target embedded devices because of small size and the ability to compile to native code
|
||||
* minimized state allows to reason about entire systems and their adherence to the specification
|
||||
* extensive library ecosystem, yet minimal trusted code base at runtime
|
||||
* rapid prototyping with a seamless path from prototype to production
|
||||
|
||||
from scratch with security in mind, directly on the virtualization layer.
|
||||
Each service is a separate virtual machine image with exactly the
|
||||
required code, and no need for a multi-purpose operating system kernel.
|
||||
Computers on the Internet get compromised,
|
||||
- to access data on the computer (databases, passwords, user accounts) or block
|
||||
access to it (Ransomware),
|
||||
- to participate in DoS of other services (e.g. the Mirai botnet on SmartTVs)
|
||||
and manipulate opinion (chatbots).
|
||||
|
||||
The software stack often includes parts which are no longer needed, such as
|
||||
floppy disk drivers. Critical security updates are rarely deployed in time,
|
||||
because such a change may result in unforeseen behaviour. Additionally, lots of
|
||||
embedded devices (home router, SmartTV, etc.) have no secure update channel.
|
||||
|
||||
Instead of trying to fix these decades-old operating systems, which were
|
||||
designed as multi-user time sharing systems of the past, we build small services
|
||||
from scratch with security in mind, directly on the hypervisor. In
|
||||
our operating system, each service is a separate virtual machine with only the
|
||||
required code.
|
||||
|
||||
This makes our systems much smaller. The binary size of an HTTP server with TLS
|
||||
support in our system is around 4% compared to one in a conventional operating
|
||||
|
|
@ -30,7 +44,7 @@ formally verify the correctness of the entire virtual machine with a theorem
|
|||
prover.
|
||||
|
||||
One of our single purpose operating systems boots within milliseconds, and has a
|
||||
tiny memory footprint. For client-side features that run in a webbrowser, we
|
||||
minimal memory footprint. For client-side features that run in a webbrowser, we
|
||||
compile to JavaScript from the same codebase, to ensure consistency. The strong
|
||||
and static type system helps to detect errors early, and enables rapid
|
||||
prototyping. For production use the prototype code can be further optimized for
|
||||
|
|
|
|||
Loading…
Reference in a new issue