Unikernels: A Principled Operating System Foundation for Networked Services
Anil Madhavapeddy, University of Cambridge
The current state of the art in the security of networked system is an absolute disaster, with buffer overflows and logical flaws regularly exposing critical infrastructure to external attack. Mirage proposes a radically new technique to deploy safer Internet applications. Rather than the traditional OS model where functionality is provided in layers, building up from a feature-rich kernel through userspace and language runtimes, Mirage progressively specialises application code written in OCaml, replacing traditional OS components such as the filesystem, network stack and scheduler with type-safe libraries. The end result is that your application becomes a "unikernel": a sealed, fixed-purpose bootable image that runs directly on the Xen hypervisor without need for a guest OS such as Linux. As unikernels only link in the libraries explicitly required by the application code, rather than having to include all the functionality that might ever be requested by a running process, they are very compact: the complete self-hosting Mirage web server image is less than a megabyte in size! In this talk, I'll explain how the OCaml module system enables the construction of such large scale OS software, and also the resulting portability benefits: the talk will be given from a low-power ARM board running Mirage, and the same logic can also be compiled into JavaScript, kernel modules or Unix binaries. Finally, I'll show some of the open-source ecosystem that has built around Mirage, such as a clean-slate OCaml TLS stack and the Irmin branch-consistent Git-like datastore.
About the speaker
Anil Madhavapeddy is a University Lecturer at the University of Cambridge Computer Laboratory in the Systems Research Group. He was on the original team that developed the Xen hypervisor, and directed the industry-leading XenServer cloud management toolstack that drives critical infrastructure for many Fortune 500 companies. Prior to obtaining his PhD in 2006 from the University of Cambridge, Anil had a diverse background in industry at NetApp, NASA and Internet Vision, is an active member of the open-source development community (e.g. with OCaml and the secure OpenBSD operating system), and is co-chair of the Commercial Uses of Functional Programming workshop. He currently directs the OCaml Labs group at Cambridge and is leader of the Mirage OS project at the Linux Foundation, which is a framework written from the ground up in the memory-safe OCaml functional language to build specialised, secure unikernels purpose-built for a multi-tenant cloud environment. He recently published "Real World OCaml" with O'Reilly, which has become a textbook on functional programming in several major universities.
Date & Time
Thursday, January 22, 2015 - 14:00
Huxley 218