We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

CloudABI Cloud computing meets fine-grained capabilities

4
 Zitieren
 Teilen
 Herunterladen
 Bestellen
Kein Logo verfügbarBerkeley System Distribution (BSD), Andrea Ross
 Schouten, Ed

Formale Metadaten

Titel
CloudABI Cloud computing meets fine-grained capabilities
Serientitel
Anzahl der Teile
41
Autor
Lizenz
CC-Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen und nicht-kommerziellen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen und das Werk bzw. diesen Inhalt auch in veränderter Form nur unter den Bedingungen dieser Lizenz weitergeben.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Cloud computing meets fine-grained capabilities CloudABI is a new runtime environment that attempts to make it easier to use UNIX-like operating systems at the core of a cloud computing platform. Instead of offering full machine virtualization (e.g., bhyve) or requiring the use of intrusive OS-level virtualization techniques (e.g., Jails), end users can simply provide a set of binaries that communicate with the operating system over a secure and compact POSIX-like interface. Advantages include ease of maintenance and increased security. Over the last couple of years, we've seen the use of Capsicum increase. It's already being used to harden services like hastd and sshd, but also in interactive tools like tcpdump. CloudABI attempts to extend the scope of Capsicum by providing a light-weight POSIX-like binary interface that is purely based on the principles of Capsicum. CloudABI can be used at the core of a cloud computing service. Instead of using full machine virtualization (Xen, bhyve, KVM) or techniques that attempt to virtualize namespaces (FreeBSD Jails, Linux cgroups), CloudABI makes it possible to safely run user-provided executables with very low CPU/memory overhead, but also without any complex system configuration. Compared to other UNIX ABIs (Linux, FreeBSD, etc), CloudABI is relatively compact. The number of system calls is low (~60) and all data types and structures have been decoupled from the public C runtime environment, meaning that it is relatively straight-forward to add support for CloudABI to other operating systems. Implementations for FreeBSD and NetBSD already exist. An implementation for the Linux kernel is being worked on. This allows users of such computing platforms to run the same executables without targeting a specific operating system. There is no need to recompile. CloudABI uses Clang as its C/C++ compiler. It ships with a modern C library that is specifically designed to work in a capabilities-centric environment. Interfaces that typically tend to break when using Capsicum on FreeBSD (e.g., locales, timezones, DNS) may still operate correctly in this environment. The C library is almost entirely thread-safe and has high testing coverage. CloudABI attempts to abstract away traditional UNIX concepts that are not applicable to pure cloud computing environments, such as UNIX process credentials management (local users and groups), file system access control management and terminal handling.