homepage-data/Home
2017-11-05 17:30:08 +00:00

49 lines
2.8 KiB
Text

---
title: What is robur?
---
At robur, we build performant bespoke minimal operating systems for high-assurance services.
With our approach to systems development we provide the following advantages for you:
* systems based on the unikernel pioneer [MirageOS](https://mirage.io)
* secure implementation guarded against memory corruption, typelevel problems, leaky abstraction and unforeseen state
* ready for the cloud, services run on all major hypervisors
* instant boot
* competitive performance comparable to C
* can target embedded devices because of small size and the ability to compile to native code
* minimized state allows to reason about entire systems and their adherence to the specification
* extensive library ecosystem, yet minimal trusted code base at runtime
* rapid prototyping with a seamless path from prototype to production
Computers on the Internet get compromised mostly to gain or block access to data.
User data is being downloaded, leaked and sold, or ransomware blocks access to user data until a fee
is paid. Other common attacks target compute resources, to use them in denial of service
attacks or to manipulate opinion with chatbots.
Common software stacks often include legacy parts at runtime that provide unnecessary attack surface.
Critical security updates are rarely deployed on time, because they result in unforeseen behaviour. Also, lots of embedded
devices are missing a secure update channel.
[//]: # (====== marker fuer linse - aber ein comment in markdown)
We at robur are building minimal services, called *unikernels*, from scratch with security in mind,
instead of trying to fix decades-old software designed based on demands from earlier days.
Each
service is executed as a virtual machine on any major hypervisor, and contains only the
strictly necessary code.
The number of lines and the binary size of a unikernel with HTTP
and TLS support is around 4% compared to a virtual machine using a conventional
UNIX / Linux operating system.
The security of a unikernel is improved by the reduction of the attack surface.
Our unikernels are implemented in a functional programming language with a static
type system and automated memory management.
Buffer overflows and double frees are no concern to us.
A unikernel avoids these common attack vectors by the choice of the programming language.
We can prototype rapidly, because the type system detects errors early, and we don't need to manage memory by hand.
Turning a prototype into production is usually a question of fine-tuning its performance.
Our declarative programming style makes it even possible to
formally verify an entire virtual machine using a theorem
prover.
The boot time of a unikernel can be measured in a few milliseconds, redeployment
after updates is instantaneous. We can create unikernels on demand.