Hypervise My App!

Justin Cormack @justincormack

http://sho.io/hypervise

Hypervisor

Platform as a service is about providing a

hypervisor for applications so they can be

securely isolated on shared systems.

As we shift from virtualising whole

operating systems to just running apps we

need smaller, lighter, faster and more

secure hypervisors.

“I once heard that Hypervisors are the living proof of Operating System's

incompetence. And if we think about it, OSes should be able to run services

alongside with each other peacefully. Isolation should be granted, and

excessive resource usage shouldn't be an issue. But because Linux was

never able to provide such isolation, people started to span more physical

servers to isolate services, and when that started to mean idle capacity,

hypervisors kicked in."

Glauber Costa, Parallels

“

Some history

Processes

“The only way quick response

can be provided at a

bearable cost is by time-

sharing. That is, the computer

must attend to other

customers while one customer

is reacting to some output.”

John McCarthy, 1 January 1959

“

Namespacing

•  1979 chroot

•  1980s Plan 9 from Bell Labs

•  2000 FreeBSD jail

•  2004 Solaris Zones

•  2001 Virtuozzo Containers, OpenVZ

•  2008 lxc

•  2011 Cloudfoundry Warden

•  2013 lmctfy, Docker

Access control

•  1975-1983 KeyKos

•  1983 Trusted Computer System

Evaluation Criteria

•  1990s JVM

•  1999 Linux capabilities

•  2001 SELinux

•  2005 Seccomp

•  2008 Google Native Client NaCl

•  2013 Capsicum

Library operating systems

•  1995 Exokernel

•  2012 OpenMirage

•  2009 NetBSD rump kernel

•  2012 Dune

•  2013 Drawbridge

Three new solutions

ZeroVM = processes + Google NaCl

Bought by Rackspace in 2013. Current main use case is for running

untrusted code in Hadoop-style apps.

OSv = hardware virtualization + single app JVM sandbox

Founded by ex-Qumranet ex-Redhat engineers, launched 2013

Docker = namespacing + ease of use

Complexity vs attack surface

insecurity

com

ple

xity

ZeroVM

OSv

Docker

Linux distro

x86 virtualization is about basically placing another nearly full kernel, full

of new bugs, on top of a nasty x86 architecture which barely has correct

page protection. Then running your operating system on the other side of

this brand new pile of shit.

You are absolutely deluded, if not stupid, if you think that a worldwide

collection of software engineers who can't write operating systems or

applications without security holes, can then turn around and suddenly

write virtualization layers without security holes. Theo de Raadt

“

Trends

1.  App developers are not experts here

2.  Security historically led by Linux distros

3.  Shifting to new structures and projects

4.  So Redhat is getting involved in Docker fast

5.  A move to simpler (eg CoreOS) is very disruptive

6.  Distros large, slow, not on github

7.  Lots of new code, changing fast

Questions?

Justin Cormack @justincormack

http://sho.io/hypervise