Talks Towards more trustworthy systems - or how to learn more about Internet core protocols

The number of CVE for contemporary operating systems is increasing. The code of these systems is getting more and more complex (see e.g. systemd). At the same time, we contain each service into their own virtual machine (or container in case we're low on resources). The question is: do we need a full general purpose operating system for each service?

We can instead apply software engineering best practises (abstraction and composition), and specialise the operating system at compile time, composed of a set of libraries. The resulting single purpose virtual machine is roughly two orders of magnitude smaller (by providing the same intended functionality) -- this decreases the maintenance overhead (why should an authoritative nameserver include an ssl implementation, which I need to update whenever security advisories are published for the ssl implementation), and reduces the attack surface.

Additionally, instead of using a very low level programming language where everybody can easily make mistakes, why not use a high level language (reducing the attack vectors)?

I'll introduce MirageOS, an operating system based on OCaml, and give an overview of recent developments: a mechanism for resource sharing, a DNS recursive resolver, a major OS release with improved APIs), and what still needs work (such as GUI, more protocols, ....



  • Saturday Aug. 26 18:30 - 19:30