Microkernels and Component-based OS
Unikraft: A Unikernel Toolkit
Although unikernels - images containing specialized OS primitives and libraries targeting a specific application - have shown impressive performance potential (e.g., fast I/O of 40 Gbps, fast instantiation in the millisecond range, minimal memory footprints of only KBs and a minimal trusted compute base), creating them has proven to be a complicated and time-consuming process. This is mostly because operating system components have to be individually specialized and developed for each target application and target platform.
In this talk we give an update on the Unikraft open source project. Unikraft is a toolkit for creating specialized unikernels and it aims to remove the need for time-consuming, expert work. In the past two years, the community has put a lot of effort into supporting OS functionality, drivers, and platforms, porting libraries, and providing tools to ease porting of existing applications. We will give an overview of all the exciting achievements and conclude with an outlook of recent project directions: binary compatibility (Linux ABI), support for a wide range of compiled and interpreted languages (e.g., web assembly, Go, Python, Ruby, etc.), enhanced safety features, and the ability to seamlessly produce images ready to run as extremely lean VMs, containers, or directly on bare metal. The aim is that Unikraft will represent a step forward towards wider adoption of unikernels beyond the research community.
We have spent quite a bit of our time over the last years developing unikernels – highly specialized kernels targeting specific applications. We have been originally interested in them for virtualized network functions because of their fantastic performance benefits: tiny memory footprints, boot times comparable to those of processes, and fast I/O performance, to name a few.
Despite the fact that this work and work from several others is proof of their potential, unikernels have yet to see massive adoption. One of the main showstoppers is development time: for instance, developing Minipython, a MicroPython unikernel, took the better part of 3 months to put together and test. ClickOS, a unikernel for NFV, was the result of a couple of years of work. What’s particularly bad about this development model besides the considerable time spent is that each unikernel was basically a “throwaway”: every time we wanted to create a new unikernel targeting a different application and a different platform, we would start more or less from scratch. This comes from the fact that each application has different OS dependencies and benefit from different optimizations and specializations of these layers.
Two years ago, we started Unikraft as an open source incubator project under the umbrella of the Xen Project and the Linux Foundation. Our goal is to build a common pool of decomposed OS functionalities, called libraries, where various Unikernel projects can share implementations and optimizations with others. The project provides Unikernel builders tools that help them to select needed libraries and configurations. Unikraft's build system quickly and automatically creates images tailored to the needs of their specific applications. The users can choose multiple target platforms (e.g., extremely lean VMs, containers, or directly as bare metal) without having to do additional work for each of them.
We are going to present the efforts and achievements done by the community in the last two years. We will also give an outlook of recent project directions: binary compatibility (Linux ABI), support for a wide range of compiled and interpreted languages (e.g., web assembly, Go, Python, Ruby, etc.), and enhanced safety and protection features. With a bit of left time, we will show a live demo to the audience.
Additional information
| Type | devroom |
|---|
More sessions
| 2/2/20 |
I will give an overview of where seL4 stands today in terms of functionality, verification, ecosystem, deployment and community. The focus will be on what has happened in seL4 land over the past 12 months, which is a lot: seL4 Foundation, RISC-V support and introducing time protection.
|
| 2/2/20 |
Current microkernels have shown to provide advantages in terms of security, robustness, and flexibility of systems. However, in recent years, the hardware added new challenges that need to be addressed as well, demanding approaches that include the hardware into the picture. First, hardware is getting more and more heterogeneous and consists not only of general-purpose cores, but contains also various accelerators. Second, system designers need to integrate untrusted third-party components ...
|
| 2/2/20 |
This is going to be an all-encompassing update talk for HelenOS developments that happened in the Year of the Pig (since the last FOSDEM).
|
| 2/2/20 |
LKL (Linux Kernel Library) is aiming to allow reusing the Linux kernel code as extensively as possible with minimal effort and reduced maintenance overhead. It allows us to link the library with any programs (which wish to call as a function call) containing Linux kernel code. There are many use cases: reading/writing files without general system calls, putting experimental protocol implementation without neither of host kernel update nor kernel module installation, using customized kernel in ...
|
| 2/2/20 |
Phantom OS is an Operating system based on the orthogonal persistence. Application does not feel OS shutdown and restart. Even abrupt restart. It is guaranteed that application will be restarted in consistent state.
|
| 2/2/20 |
Gneiss is an abstraction layer for component based environments that aims to provide a foundation for formally provable components. It enables the creation of platform independent, asynchronous components in SPARK and provides function contracts that allow to prove the correct interaction with the underlying platform.
|
| 2/2/20 |
With 2.5 billions of active users Android is the most widely deployed mobile operating system in the world. Its vast complexity paired with a monolithic architecture regularly result in severe security issues like the infamous Stagefright bug. In this presentation we talk about an ongoing research project which aims at running Android applications on top of the component-based Genode OS framework and secure them using formally verified components. We discuss how Android applications interact, ...
|
