Conference: Jun 13-15, 2016
Tutorials: Jun 16-17, 2016
Presentation: Designing secure services with unikernels: a tough nut to crack
Much cloud infrastructure consists of small, specialised services that interoperate via protocol interconnects such as HTTP. Securing these interconnects via SSL/TLS can ironically make services less secure, due to the terrible prevalence of security issues in common implementations such as OpenSSL. In this talk, I'll describe how to design and build "deploy-and-forget" cloud services that are specialised into *unikernels*: compact, single-address space virtual machines built in a high-level language that are largely immune to conventional buffer overflow attacks due to their type-safety down to the device drivers. For simple services such as web serving or REST endpoints, the unikernel image can be just a couple of megabytes in size as a standalone kernel that boots on Amazon AWS.
I will describe how to do this using the MirageOS, where we have built a clean-slate reimplementation of the full TLS stack in OCaml. I'll describe some of the design challenges in this rebuild, and also the innovative way that we tested it for compliance and security holes using the "Bitcoin Pinata" challenge. Finally, I'll explain how you can get started with using the stack for yourself with Docker and Amazon EC2.
Anil Madhavapeddy Elsewhere
Similar Talks
Tracks
Wednesday Jun 10
-
Applied Data Science and Machine Learning
Putting your data to use. The latest production methods for deriving novel insights
-
Engineer Your Culture
Building and scaling a compelling engineering culture
-
Modern Advances in Java Technology
Tips, techniques and technologies at the cutting edge of modern Java
-
Monoliths to Microservices
How to evolve beyond a monolithic system -- successful migration and implementation stories
-
The Art of Software Design
Software Arch as a craft, scenario based examples and general guidance
-
Sponsored Solutions Track I
Thursday Jun 11
-
Emerging Technologies in Front-end Development
The state of the art in client-side web development
-
Fraud Detection and Hack Prevention
Businesses are built around trust in systems and data. Securing systems and fighting fraud throughout the data in them.
-
Reactive Architecture Tactics
The how of the Reactive movement: Release It! techniques, Rx, Failure Concepts, Throughput, Availability
-
Architecting for Failure
War stories and lessons learned from building highly robust and resilient systems
-
High Performance Streaming Data
Scalable architectures and high-performance frameworks for immediate data over persistent connections
-
Sponsored Solutions Track II
Friday Jun 12
-
Architectures You've Always Wondered about
Learn from the architectures powering some of the most popular applications and sites
-
Continuously Deploying Containers in Production
Production ready patterns for growing containerization in your environment
-
Mobile and IoT at Scale
Users, Usage and Microservices
-
Modern Computer Science in the Real World
How modern CS tackles problems in the real world
-
Optimizing Yourself
Maximizing your impact as an engineer, as a leader, and as a person
-
Sponsored Solutions Track III