State of the Mirage: an OCaml unikernel
Speaker(s) : Anil MADHAVAPEDDY - Cambridge University
The current state of the art in the security of networked system is an absolute disaster, with buffer overflows and logical flaws regularly exposing critical infrastructure to external attack. Mirage proposes a radically different way to deploy safer Internet applications. Rather than the traditional OS model where functionality is provided in layers, building up from a feature-rich kernel through userspace and language runtimes, Mirage progressively specialises application code written in OCaml, replacing traditional OS components such as the filesystem, network stack and scheduler, with type-safe libraries. This allows you to code using your usual tools, only making the final push to the cloud once you are happy your code works.
The end result is that your application becomes a "unikernel": a sealed, fixed-purpose bootable image that runs directly on the Xen hypervisor without need for a guest OS such as Linux. As unikernels only link in the libraries explicitly required by the application code, rather than having to include all the functionality that might ever be requested by a running process, they are very compact: the complete self-hosting Mirage web server image is less than a megabyte in size!
Emmanuel.Chailloux (at) nulllip6.fr