Session
Hauptprogramm 35C3
Resilience

Safe and Secure Drivers in High-Level Languages

How to write PCIe drivers in Rust, go, C#, Swift, Haskell, and OCaml
Drivers are usually written in C for historical reasons, this can be bad if you want your driver to be safe and secure. We show that it is possible to write low-level drivers for PCIe devices in modern high-level languages. We are working on super-fast user space network drivers for the Intel 82599ES (ixgbe) 10 Gbit/s NICs in different high-level languages. We've got fully working implementations in Rust, C#, go, OCaml, Haskell, and Swift. All of them are written from scratch and require no kernel code. Check out <a href="https://github.com/ixy-languages/ixy-languages">our GitHub page</a> with links to all implementations, performance measurements, and publications for further reading.

Supposedly modern user space drivers (e.g., DPDK or SPDK) are still being written in C in 2018 :(

This comes with all the well-known drawbacks of writing things in C that might be prevented by using safer programming languages. Also, did you ever see a kernel panic because a driver did something stupid? It doesn't have to be that way, drivers should not be able to take down the whole system.

There are three steps to building better drivers:

1. Write them in a safer programming language eliminating whole classes of bugs and security problems like bad memory accesses

2. Isolating them from the rest of the operating system: user space drivers that drop privileges

3. Isolating the hardware using the IOMMU

We show that it is possible to achieve all of these goals for PCIe drivers on Linux by implementing user space network drivers in all of the aforementioned programming languages. Our techniques are transferable to other drivers that would benefit from more modern implementations.

Our drivers in Rust, C#, go, and Swift are completely finished, tuned for performance, evaluated, and benchmarked. And all of them except for Swift are about 80-90% as fast as our user space C driver and 6-10 times faster than the kernel C driver. We also investigate how garbage collectod languages affects the latency of a packet forwarder built on top of our drivers.

We also got something for fans of functional languages: our implementations in OCaml and Haskell are working but not yet tuned for performance. We are also working on Python, Java, and Javascript. We take a brief look at Haskell, Swift, OCaml, and C# in the talk and a deeper dive into Rust and Go.

The talk also features a quick summary from last year's talk about user space driver basics, so no previous knowledge is required.

Another thing to take away from this talk is: writing drivers is neither scary nor hard. You can write one in your favorite programming language, so go ahead and try that :)

Additional information

Type lecture
Language English

More sessions

12/27/18
Resilience
Roya Ensafi
Borg
Six years ago the idea behind CensoredPlanet started, that is now launched at censoredplanet.org. We had a simple (yet essential) guiding principle: measurements that may be politically sensitive should be done without volunteer participation. In this talk, besides a detailed scientific overview of the techniques and the current state of CensoredPlanet, I plan to talk about my experience in developing the project from the ground up. Despite the pervasive nature of Internet censorship and the ...
12/27/18
Resilience
Peter Sewell
Adams
We rely on mainstream computer engineering every day, but it's insanely complex, poorly understood, unreliable, and, as CCC reminds us every year, chronically insecure. This talk will explain some ways that we can do better: taming parts of this this chaos with precise understanding - illustrated with disturbing facts and clean models for current architectures and the C language, from the <a href="https://www.cl.cam.ac.uk/~pes20/rems/">REMS</a> project, and principled but pragmatic new ...
12/27/18
Resilience
Zenna / zelf
Eliza
In this talk @zelf invites to the world of Scuttlebutt, the decentralized P2P gossiping protocol, and how it can be transformative for society through decentralization of data and enabling local community development.
12/27/18
Resilience
Peter Stuge
Borg
This Foundations talk explains the systems and protocols that make up the Internet, starting from a laptop with a Wi-Fi connection. No particular technical knowledge required.
12/28/18
Resilience
Dijkstra
A major part of software development is maintenance, i.e. tinkering with software that should already be completed but still somehow does not work as it should. Software developed by tinkering is the antithesis to resilient technology, and a growing threat to our profession and our lives. Working on this kind of software crushes the soul. Yet this is exactly how most IoT devices (and computers in general) are programmed these days. We need to replace the dead technology-oriented objects of the ...
12/28/18
Resilience
Sai
Dijkstra
Learn to see the world without your eyes. Wonder what it's like to navigate while blind? Want to learn to use your everyday senses in ways you don't know you don't know? In this talk, I hack <em>you</em> with permanently enhanced sensory perceptions. This is very participatory, not just "sit and listen", and workshops are even more hands-on (blindfolded w/ cane in hand). Workshop & volunteer signup: <a href="https://s.ai/ccc/ws">https://s.ai/ccc/ws</a> Tag plz: #BlindNavigation @saizai #35c3
12/28/18
Resilience
Hans-Christoph Steiner
Eliza
The internet has become essential services, and offline methods of sharing data are rapidly disappearing. Other possible networks are often better suited when connectivity is not available or affordable. Radios, sensors, and computing are available in the cheapest of smartphones and routers. Wind is integrating nearby/offline data exchange with the internet services that we all rely on.