BSDCan2015 - ZI
BSDCan 2015
The Technical BSD Conference
Speakers | |
---|---|
Ed Schouten |
Schedule | |
---|---|
Day | Talks #2 - 13 June - 2015-06-13 |
Room | DMS 1160 |
Start time | 10:00 |
Duration | 01:00 |
Info | |
ID | 524 |
Event type | Lecture |
Track | Security |
Language used for presentation | English |
CloudABI
Cloud computing meets fine-grained capabilities
CloudABI is a new runtime environment that attempts to make it easier to use UNIX-like operating systems at the core of a cloud computing platform.
Instead of offering full machine virtualization (e.g., bhyve) or requiring the use of intrusive OS-level virtualization techniques (e.g., Jails), end users can simply provide a set of binaries that communicate with the operating system over a secure and compact POSIX-like interface.
Advantages include ease of maintenance and increased security.
Over the last couple of years, we've seen the use of Capsicum increase. It's already being used to harden services like hastd and sshd, but also in interactive tools like tcpdump. CloudABI attempts to extend the scope of Capsicum by providing a light-weight POSIX-like binary interface that is purely based on the principles of Capsicum.
CloudABI can be used at the core of a cloud computing service. Instead of using full machine virtualization (Xen, bhyve, KVM) or techniques that attempt to virtualize namespaces (FreeBSD Jails, Linux cgroups), CloudABI makes it possible to safely run user-provided executables with very low CPU/memory overhead, but also without any complex system configuration.
Compared to other UNIX ABIs (Linux, FreeBSD, etc), CloudABI is relatively compact. The number of system calls is low (~60) and all data types and structures have been decoupled from the public C runtime environment, meaning that it is relatively straight-forward to add support for CloudABI to other operating systems. Implementations for FreeBSD and NetBSD already exist. An implementation for the Linux kernel is being worked on. This allows users of such computing platforms to run the same executables without targeting a specific operating system. There is no need to recompile.
CloudABI uses Clang as its C/C++ compiler. It ships with a modern C library that is specifically designed to work in a capabilities-centric environment. Interfaces that typically tend to break when using Capsicum on FreeBSD (e.g., locales, timezones, DNS) may still operate correctly in this environment. The C library is almost entirely thread-safe and has high testing coverage.
CloudABI attempts to abstract away traditional UNIX concepts that are not applicable to pure cloud computing environments, such as UNIX process credentials management (local users and groups), file system access control management and terminal handling.