GdT programmation / séminaire IRILL
State of the Mirage: an OCaml unikernel
Terça-feira, 9 de dezembro de 2014Anil MADHAVAPEDDY - Cambridge University
The current state of the art in the security of networked system is an absolute disaster, with buffer overflows and logical flaws regularly exposing critical infrastructure to external attack. Mirage proposes a radically different way to deploy safer Internet applications. Rather than the traditional OS model where functionality is provided in layers, building up from a feature-rich kernel through userspace and language runtimes, Mirage progressively specialises application code written in OCaml, replacing traditional OS components such as the filesystem, network stack and scheduler, with type-safe libraries. This allows you to code using your usual tools, only making the final push to the cloud once you are happy your code works.
The end result is that your application becomes a "unikernel": a sealed, fixed-purpose bootable image that runs directly on the Xen hypervisor without need for a guest OS such as Linux. As unikernels only link in the libraries explicitly required by the application code, rather than having to include all the functionality that might ever be requested by a running process, they are very compact: the complete self-hosting Mirage web server image is less than a megabyte in size!
In this talk, I'll explain how the OCaml module system enables the construction of such large scale OS software, and also the resulting portability benefits: the talk will be given from a low-power ARM board running Mirage, and the same logic can also be compiled into JavaScript, kernel modules or Unix binaries. Finally, I'll show some of the open-source ecosystem that has built around Mirage, such as a clean-slate OCaml TLS stack and the Irmin branch-consistent Git-like datastore.
Web page …
Emmanuel.Chailloux (at) nulllip6.fr