solo5 a sandboxed re targetable execution environment for
play

Solo5: A sandboxed, re-targetable execution environment for - PowerPoint PPT Presentation

Dec 18, 2022 •349 likes •679 views

03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels Solo5: A sandboxed, re-targetable execution environment for unikernels Dan Williams (IBM Research), djwillia@us.ibm.com Martin Lucina (robur.io / CCT),

  1. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels Solo5: A sandboxed, re-targetable execution environment for unikernels Dan Williams (IBM Research), djwillia@us.ibm.com Martin Lucina (robur.io / CCT), martin@lucina.net Ricardo Koller (IBM Research), kollerr@us.ibm.com FOSDEM 2019, Microkernel and Component-based OS devroom 1 / 31 http://localhost:8000/talk.html#3 1/32

  2. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels Background: LibOS and unikernels Library operating systems A collection of libraries providing traditional OS functionality. No concept of process isolation. Generally use co-operative scheduling. ... these are combined at compile time with application code into a unikernel . Unikernels Minimal code size, minimal attack surface . Single-purpose, single-application operating system. Perceived as something that must run in kernel space. 2 / 31 http://localhost:8000/talk.html#3 2/32

  3. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels What is Solo5? (I) unikernel Solo5 host 3 / 31 http://localhost:8000/talk.html#3 3/32

  4. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels What is Solo5? (II) 1. A minimalist, legacy-free interface . unikernel 2. Bindings to this interface for: Solo5 microkernels (Genode), separation kernels host (Muen) virtio-based hypervisors monolithic kernels (Linux, FreeBSD, OpenBSD) 3. On monolithic kernels a tender is used to strongly sandbox the unikernel: hvt : hardware virtualized tender spt : sandboxed process tender 4 / 31 http://localhost:8000/talk.html#3 4/32

  5. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels What is Solo5? (III) From the libOS point of view: "Middleware". Integrated into the libOS build system. The developer does not interact with Solo5 directly. Example, for MirageOS: mirage configure -t {hvt | spt | muen | genode | ...} make depend && make Builds a unikernel for your target of choice. 5 / 31 http://localhost:8000/talk.html#3 5/32

  6. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels Solo5 compared Solo5 compared to common isolation interfaces and units of execution: VM unikernel container Solo5 host host host (From left to right: Solo5, traditional VMs, Linux containers) 6 / 31 http://localhost:8000/talk.html#3 6/32

  7. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels Philosophy of Solo5 (I) The interface must be: 1. Minimal . 2. Stateless . 3. Portable . The implementation must: Do one thing and do it well: Be an engine for running unikernels. Orchestration, configuration management, monitoring, etc. are done elsewhere. 7 / 31 http://localhost:8000/talk.html#3 7/32

  8. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels Philosophy of Solo5 (II) Minimal Simplest useful abstraction. Not Linux! No "device discovery" at run time. Leads to: Small implementation size : Typical configuration: ~3 kLOC . 12 kLOC in total (all combinations!). Clarity of implementation. Fast startup time : Solo5 hvt / spt : < 50 ms qemu Linux VM: ~ 1000 ms Cloud-managed VMs: Seconds. 8 / 31 http://localhost:8000/talk.html#3 8/32

  9. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels Philosophy of Solo5 (III) Stateless Very little state in the interface itself: Guest cannot change host state: No dynamic resource allocation. Host cannot change guest state: No interrupts. Results in a system that: Is deterministic and easy to reason about. Is static . Enables strong isolation : On monolithic and component-based / high assurance systems. 9 / 31 http://localhost:8000/talk.html#3 9/32

  10. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels Philosophy of Solo5 (IV) Portable Easy to port libOS to Solo5: MirageOS (Ocaml-based), IncludeOS (C++), Rumprun (NetBSD). Easy to port Solo5 to new targets: OpenBSD vmm , Muen Separation Kernel , Genode OS framework . Contributed by folks who are not Solo5 "experts". 10 / 31 http://localhost:8000/talk.html#3 10/32

  11. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels Solo5: Limitations Minimal Does not run Linux applications. But, there are POSIX-ish libOSes (Rumprun, LKL) that do. Stateless "No interrupts" implies single core. Not intended for interfacing to hardware. Drivers are "some other component's" problem. Portable Performance (copying semantics, number of "calls per IOP"). Not intended for HPC or millions of PPS. 11 / 31 http://localhost:8000/talk.html#3 11/32

  12. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels The Solo5 interface (I) struct solo5_start_info { const char *cmdline; uintptr_t heap_start; size_t heap_size; } int solo5_app_main solo5_app_main(const struct solo5_start_info *info) /* entry point */ void solo5_exit solo5_exit(int status) void solo5_abort solo5_abort(void) void solo5_console_write solo5_console_write(const char *buf, size_t size) solo5_time_t solo5_clock_monotonic solo5_clock_monotonic() solo5_time_t solo5_clock_wall solo5_clock_wall() bool solo5_yield solo5_yield(solo5_time_t deadline) 12 / 31 http://localhost:8000/talk.html#3 12/32

  13. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels The Solo5 interface (II) bool solo5_yield solo5_yield(solo5_time_t deadline) typedef enum { SOLO5_R_OK, SOLO5_R_AGAIN, SOLO5_R_EINVAL, SOLO5_R_EUNSPEC } solo5_result_t solo5_result_t solo5_block_read solo5_block_read(solo5_off_t offset, uint8_t *buf, size_t size) solo5_result_t solo5_block_write solo5_block_write(solo5_off_t offset, const uint8_t *buf, size_t size) void solo5_block_info solo5_block_info(struct solo5_block_info *info) solo5_result_t solo5_net_read solo5_net_read(uint8_t *buf, size_t size, size_t *read_size) solo5_result_t solo5_net_write solo5_net_write(const uint8_t *buf, size_t size) void solo5_net_info solo5_net_info(struct solo5_net_info *info) 13 / 31 http://localhost:8000/talk.html#3 13/32

  14. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels (Demo: Solo5 in action) 14 / 31 http://localhost:8000/talk.html#3 14/32

  15. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels hvt: "Hardware virtualized tender" (I) Uses hardware virtualization as an isolation layer . unikernel KVM, FreeBSD (Bhyve), OpenBSD (vmm). Not a traditional VMM: Linux/KVM FreeBSD vmm OpenBSD vmm 10 hypercalls . Modular, typical configuration ~1.5 kLOC . Compare QEMU: ~1000 kLOC, crosvm: ~100 kLOC. Supports x86_64 and arm64 architectures. Mature implementation, around since 2015. Formerly known as ukvm . 15 / 31 http://localhost:8000/talk.html#3 15/32

  16. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels hvt: "Hardware virtualized tender" (II) Loads the unikernel. unikernel Sets up host resources. Sets up VCPU, page tables. Handles guest hypercalls (VMEXITs). Linux/KVM FreeBSD vmm OpenBSD vmm 16 / 31 http://localhost:8000/talk.html#3 16/32

  17. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels hvt: Hypercalls Hybrid PIO/MMIO-like approach. unikernel Transfer a 32-bit pointer to a struct . On x86_64 : Linux/KVM FreeBSD vmm static inline void hvt_do_hypercall(int n, volatile void *arg) OpenBSD vmm { __asm__ __volatile__("outl %0, %1" : : "a" ((uint32_t)((uint64_t)arg)), "d" ((uint16_t)(HVT_HYPERCALL_PIO_BASE + n)) : "memory"); } On arm64 : static inline void hvt_do_hypercall(int n, volatile void *arg) { __asm__ __volatile__("str %w0, [%1]" : : "rZ" ((uint32_t)((uint64_t)arg)), "r" ((uint64_t)HVT_HYPERCALL_ADDRESS(n)) : "memory"); } 17 / 31 http://localhost:8000/talk.html#3 17/32

  18. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels hvt: Bindings Implement the Solo5 interface : unikernel Using hypercalls to tender . Handle VCPU trap vectors. Which just "report and abort". Linux/KVM FreeBSD vmm Provide monotonic time. OpenBSD vmm Via RDTSC or equivalent. solo5_result_t solo5_net_write(const uint8_t *buf, size_t size) { volatile struct hvt_netwrite wr; wr.data = buf; wr.len = size; wr.ret = 0; hvt_do_hypercall(HVT_HYPERCALL_NETWRITE, &wr); return (wr.ret == 0 && wr.len == size) ? SOLO5_R_OK : SOLO5_R_EUNSPEC; } 18 / 31 http://localhost:8000/talk.html#3 18/32

  19. 03/02/2019 Solo5: A sandboxed, re-targetable execution environment for unikernels spt: "Sandboxed process tender" (I) Uses process isolation with seccomp-BPF as an unikernel isolation layer . The system call filter is a strict whitelist . ~7 system calls needed for the entire Solo5 Linux (seccomp) interface . Should be possible to port to other kernels. FreeBSD: Capsicum. OpenBSD: pledge(2) . See our ACM SoCC 2018 paper: https://dl.acm.org/citation.cfm?id=3267845 19 / 31 http://localhost:8000/talk.html#3 19/32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

PhishEye: Xiao Han Nizar Kheir Live Monitoring Davide Balzarotti of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd Quarter 2016] All time high record

921 views • 59 slides
From a Calculus to an Execution Environment for Stream Processing Robert Soul Martin Hirzel Bu

From a Calculus to an Execution Environment for Stream Processing Robert Soul Martin Hirzel Bu

From a Calculus to an Execution Environment for Stream Processing Robert Soul Martin Hirzel Bu ra Gedik Robert Grimm Cornell University IBM Research Bilkent University New York University DEBS 2012 1 to an Execution Environment

218 views • 21 slides
RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT

RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT

JOE ROZNER / @JROZNER RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT HERE Mostly clean room (ish) implementation of complex languages (context-free- ish) ~35k lines of grammar in total

400 views • 19 slides
Selfie: Sandboxed Concurrency Christoph Kirsch, University of Salzburg, Austria OPCT 2017, Maria

Selfie: Sandboxed Concurrency Christoph Kirsch, University of Salzburg, Austria OPCT 2017, Maria

Selfie: Sandboxed Concurrency Christoph Kirsch, University of Salzburg, Austria OPCT 2017, Maria Gugging, Austria Joint Work Alireza Abyaneh Martin Aigner Sebastian Arming Christian Barthel Michael Lippautz Cornelia Mayer

557 views • 31 slides
Creating truly decentralized browser applications Aragon is a project to empower freedom by

Creating truly decentralized browser applications Aragon is a project to empower freedom by

Creating truly decentralized browser applications Aragon is a project to empower freedom by creating tools for decentralized governance Ethereum CHAPTER ONE Architecture Client Sandboxed app Client Sandboxed app Iframe Web worker

738 views • 31 slides
Mobile Station Execution Mobile Station Execution Environment (MExE MExE) ) Environment (

Mobile Station Execution Mobile Station Execution Environment (MExE MExE) ) Environment (

Mobile Station Execution Mobile Station Execution Environment (MExE MExE) ) Environment ( MExE MExE is a standard for defining various levels of is a standard for defining various levels of wireless communication wireless

513 views • 11 slides
Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August 11, 2020 Marcel Busch , Johannes Westphal, Tilo Mller Friedrich-Alexander-University Erlangen-Nrnberg, Germany Motivation TEEs are the backbone

696 views • 35 slides
Considering Execution Environment Resilience: A White-Box Approach Stefan Klikovits 1 , 2 , David

Considering Execution Environment Resilience: A White-Box Approach Stefan Klikovits 1 , 2 , David

Considering Execution Environment Resilience: A White-Box Approach Stefan Klikovits 1 , 2 , David PY Lawrence 1 , 3 , Manuel Gonzalez-Berges 2 , Didier Buchs 1 1 Universit de Genve, Carouge, Switzerland 2 CERN, Geneva, Switzerland 3 Honeywell

457 views • 34 slides
MASTERING STRATEGY EXECUTION 18 BEST PRACTICES FOR STRATEGY EXECUTION STRATEGY EXECUTION AS

MASTERING STRATEGY EXECUTION 18 BEST PRACTICES FOR STRATEGY EXECUTION STRATEGY EXECUTION AS

MASTERING STRATEGY EXECUTION 18 BEST PRACTICES FOR STRATEGY EXECUTION STRATEGY EXECUTION AS COMPETITIVE ADVANTAGE STRATEGY EXECUTION IS CRUCIAL FOR EVERY ORGANIZATION o Successful execution of strong and robust strategies gives any organization

641 views • 32 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Virtual Machines &amp; Security Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability Pioneered by IBM

75 views • 5 slides
SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, Peng Ning Samsung KNOX R&amp;D, Samsung Research America Motivation Operating system kernels

543 views • 25 slides
Replicated Client-Server Execution to Overcome Unpredictability in Mobile Environment Bing You

Replicated Client-Server Execution to Overcome Unpredictability in Mobile Environment Bing You

Replicated Client-Server Execution to Overcome Unpredictability in Mobile Environment Bing You and Hao Chu Intelligent Space Lab National Taiwan University Outline Problem Related Work Replicated Client-Server Model

546 views • 17 slides
HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis Robin

HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis Robin

HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis Robin Sommer International Computer Science Institute, &amp; Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin A Tale

557 views • 21 slides
Handling Differences in Execution Environment Nachshon Cohen , EPFL Durable &amp; Transient

Handling Differences in Execution Environment Nachshon Cohen , EPFL Durable &amp; Transient

Handling Differences in Execution Environment Nachshon Cohen , EPFL Durable &amp; Transient Representation Transient Person: doesnt survive restarts class Person{ char *name; Person *spouse; lock plock; virtual research(); } Durable

308 views • 28 slides
Threads, SMP, and Microkernels Chapter 4 1 Current View of Process Process is a program in

Threads, SMP, and Microkernels Chapter 4 1 Current View of Process Process is a program in

Threads, SMP, and Microkernels Chapter 4 1 Current View of Process Process is a program in execution It has Execution environment address space, registers, etc Execution entity Code Currently thought of as a

611 views • 26 slides
Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all

Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all

A tool for the Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all program branches. Inputs are considered symbolic variables. Symbols remain uninstantiated and become constrained at execution

451 views • 24 slides
Flexibility Forum 15 th January 2020 London Session 3: Future Opportunities and Local

Flexibility Forum 15 th January 2020 London Session 3: Future Opportunities and Local

Flexibility Forum 15 th January 2020 London Session 3: Future Opportunities and Local Flexibility Nick Harvey Daniel Auty Sam Wevers Pathfinders: The story so far 15 th January 2020 System needs are changing The system is

587 views • 54 slides
Oshkosh Corporation First Quarter Fiscal 2013 January 25, 2013 Charles L. Szews Chief

Oshkosh Corporation First Quarter Fiscal 2013 January 25, 2013 Charles L. Szews Chief

Oshkosh Corporation First Quarter Fiscal 2013 January 25, 2013 Charles L. Szews Chief Executive Officer Wilson R. Jones President and Chief Operating Officer David M. Sagehorn Executive Vice President and Chief Financial Officer Patrick

341 views • 18 slides
Automatic Detection of Business Process Interference Nick van Beest , Eirini Kaldeli, Pavel

Automatic Detection of Business Process Interference Nick van Beest , Eirini Kaldeli, Pavel

Automatic Detection of Business Process Interference Nick van Beest , Eirini Kaldeli, Pavel Bulanov, Hans Wortmann, Alexander Lazovik University of Groningen, Netherlands KIBP 2012 15-06-2012 Context Distributed or service-oriented

680 views • 33 slides
Grenfell Tower 5th December 2013 RYD00094245/1 RYD00094245 _ 0001 Today's agenda

Grenfell Tower 5th December 2013 RYD00094245/1 RYD00094245 _ 0001 Today's agenda

gton T'M. 0 sin. Ken . &amp;Chelsea Grenfell Tower 5th December 2013 RYD00094245/1 RYD00094245 _ 0001 Today's agenda Introductions and Protocol of the meeting High profile of project in RBKC Client requirements: Working in

731 views • 27 slides
PPP Opportunities for the Private Sector Singapore PPP Projects Desalination Plant PPP 30

PPP Opportunities for the Private Sector Singapore PPP Projects Desalination Plant PPP 30

PPP Opportunities for the Private Sector Singapore PPP Projects Desalination Plant PPP 30 million gallons of water per day for 20 years Construction to be completed by 2006 Singapore PPP Projects Other areas being explored: Sports

409 views • 11 slides
Smart Metering Forum: The DCC Roadmap Chris Rowell 30 November 2011 The Data &amp;

Smart Metering Forum: The DCC Roadmap Chris Rowell 30 November 2011 The Data &amp;

Smart Metering Forum: The DCC Roadmap Chris Rowell 30 November 2011 The Data &amp; Communications Company What we know about the DCC What we would like to know about the DCC What the DCC will need to do DCC 1 The DCC Commercial and

790 views • 16 slides
Whats the problem with many parents in parenting? Grace Lutheran Church Winter Haven, FL 2

Whats the problem with many parents in parenting? Grace Lutheran Church Winter Haven, FL 2

Parenting 9/24/2017 Chapter 2 - Grace Sunday, September 24, 2017 Intro and Chapter 2: Grace Review last week: This is a principal book, not a practical book Ownership Parenting vs. Ambassadorial Parenting Problems of Parenting p.17-20

312 views • 9 slides
CS 5150 Software Engineering Three Types of Software Process

CS 5150 Software Engineering Three Types of Software Process

Cornell University Computing and Information Science CS 5150 Software Engineering Three Types of Software Process William Y. Arms Types of Software Process The basic

281 views • 26 slides

More recommend