Merken

CloudABI

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
so according to my phone it's for 30 we had better get started to let the the Germans completion right down the right so thank you all for showing up it's a rather small audience but the public doesn't matter to me in terms of a few people have a really good choice thanks for showing up in that and in my talk today is going to talk about something on developing called Cloud API so 1st of all the forces on all of the work that is presented the stock is open source even though and develop things for my company for my company so i do provide professional support on this but there's nothing to prevent you from using said that's sort of the end of all the commercial let me know that I when sheriff you onto the cost of so before I start explaining what quality the ideas and you're going to also called the messy details that we 1st give a short introduction why and so for the last 7 years now they have been a developer and previously so about 10 years ago I started contributing my 1st fits to the operating system the 1st thing I wrote was X. support the original myself exports 1 which juror together with the guy from the like say the university I went to and later on I started hacking sort of larger projects some sort of large actual chunk of criminal code the arose for the operating system was back in 2008 when I wrote a new TTY therefore the kernel of was the same as the reason why I started work on this project was because at the time the DC was making you know a lot of work to improve the scalability and the problem with having a costly what THEY their back then was that every time a process for water-related interaction because of global loss so for working and exiting that really sort of given scale linearly which it's called for so um laughter and I start with a sort of more projects to that under kernel but also uses space projects a year later I start working on console driver called feature which eventually ended up in the operating system and this I think in the upcoming version of the the this wonderful console driver which OK well really also and later on I start working on Kleindienst so that in 2010 and some people tell healthy and started working on the new compiler front for their by infrastructure called client and back then almost nobody was using it at was sort of developing it internally and using the open source so I thought this is really nice having a BSD-licensed compiler infrastructure in BTC license operating system that would be really good idea so back in 2010 I started working on this and eventually claimed became the default compiler in free BSD for most of the interesting architecture after and then there's some other work by in 2011 the Musée specification came out close to the end of the year so uh I mean the government hands on like the latest draft I could find that wasn't behind a paywall and started implementing some of the the the new features in the language because I think that sea level is sort of a really good step forward compared to 99 support for atomic fretting support was final part of the language and at least basic support for you go so all those features I added those of previously and the latest versions of previously issued properties so between 2012 and 2013 I didn't do a lot of open source introducing I did move over to to Munich and every other time there has been much out there but unfortunately the environment to work a lot of open source software and late 2014 I decided to quit their job and start my own company because in my opinion I sort had a reunited in my head that want to work on coal quality I so some of my company to build infrastructure for secure cluster and cloud computing is actually really brawl terms of so software presented stock it doesn't necessarily need to be used in cloud computing but I think that for cloud computing and served there's really strong cases per per so during this talk and going to like the talk would encompass and right now analysis of chopped up in a couple of separate parts for some going to explain what I think is wrong with Unix tt put people have different observations about what they think is wrong about units but this is sort of what I think is wrong with you so I think using Unix for for a decade now but in my opinion there are a couple of fundamental flaws with the operating system that have never been fixed so 1st of all it doesn't stimulate you Duchess of run software in such a way that it's secure and what I mean is that show that the next couple slides I will also doesn't stimulate you such right DB software over the last couple years which it is huge increase in writing software is saturated it's easy to test the stability is a really important aspect of modern software not only because it and it allows us to write off at sort of a more robust it also allows us to write off at a more reusable and last i think that systems administration hasn't really improved over the last decade or so when I started you makes it was just meeting server and you know hacking text files agency to get everything to work the only difference we nowadays have is that we have some goal or Python tools around it that sort of tend to make life easier but it might be that don't do really good job at and and also going to give a couple of examples for Cloud maybe I can be used to make systems administration Asia but those will be work toward the end so you need security problem number 1 my there to problems of human security and this is the 1st problem when we start a process Unix and can do a lot more than it actually needs so consider a simple web service you're running a simple that your engine X server and it just serves a couple of pages in inferior this process would only need to do handful of things so 1st of all we to pick up a chick to the requested come in on TCP socket 2nd of all it means that some kind of data directory containing your documents that you would serve over the web so your HTML files maybe your PHP files or whatever and then optionally also the access to to cup of database back end maybe also need to have access to a log file but if you sort of add it all up it's just a really small number of things the spectrum access so if you look at some of what happens in practice is that a if if there's a security expert in web server than in the data connection to a couple of things that you really don't want to happen so 1st of all it can just made it possible for all world readable data under slash and send it back over a TCP socket to some kind of server on the other side of the world if there's some kind of file system that happens you to be mounted saying and invest share something that contains all of sensitive information of the company all of the data some the exposed and you could argue
well they should just set up your file system permissions correctly but in my opinion defense and to be deaths it should be the case that your solely relying on a couple of permission it's in a file system to make your entire company secure even worse an attack just register neutron jobs they just invoked to contact executable and then and then a couple months from that of the web servers so even if you're patching up the web server to sort of no longer be available it's the case that the attacker can still every bit neither so spall like a back door process that installed at the time of the survey was initially compromise and even worse it can also just invoke a couple security crawling tools like the right command line tool just spam messages to arbitrary terminals and system even if it doesn't have any access to the to the file systems that can turn the system into a botnet node it can just open use TCP sockets perform sim flooded take some random service on the internet you know create spanning Mills all kind of stuff so you just wanted to do these couple of things in practice you're along the to all these random things that you don't want to accept so the 2nd problem with security is running an arbitrary third-party applications so in in the previous slide I assortment programs that you can trust sort of but now I'm going to to talk about just a random third-party applications that you don't trust executing those safely on top of Unix is incredibly hard thing because if you just executing directly so you as a staging into your server you're running DOS less random process that that could really mess up your system if it's just running at your own user for example it can do a lot of nasty things even if it's running user nobody there is still a lot of people things process like that and if so the last couple years you see a sort of the increase in the use of jails and Dr. and Solaris Zones namespace virtualization and with those it's still quite unsafe actually so every you know couple times a year there discovered that there still and you hold that needs to be applied to a proper false an instance inside of is actually exposed in quite a lot of information addition expose so In my opinion jails and opera are not really that state and then what you can do social philosophy sources just 1 your process in a virtual machine and that's also what you see quite a lot of people use is and or and gave him to just run a separate instance and run your processes in there but the problem is that it increases the maintenance overhead but also reduces performance quite so the question the question I ask myself why can't you it's just a Rumford party executables directly thought slash whatever and it should be safe it should be the case that it can only access the feature grant that you want to go there should be the case that can just before monetary cost so the other problem of testing I mentioned previously as reusability of testability so programs units are hard to test we use as a whole and people often say no it's not that hard and they just give a up really simple example that is shown in this thing but if you sort of look at programs generically it's really tough problem and sort of what I'm going to the the next couple slides is sort of give a comparison about how we solve testing in a completely different area of computing systems namely how we solve testing in Java and if we can sort of compare how we do testing Java with how we do test the new considered Unix sort of really in the 1980's and that so say I would write a simple Java program you the server but what you typically do is Of course this class is far from complete only contains a couple of members in and and construct function that you could write a web server like this so inside of the class there's but the socket member you know that sort of receives all the incoming connections and some will directory the file system where file should be fetched from so what you typically what you could write is inside your constructor is you know when we construct such a web server create TCP sockets & binary port 80 and the root directory for isolation but but the so most people you would agree that this class is not really testable and also not really reusable because for example it can only listen on port 80 you can't run to web servers at the same time because we can only know become bind to the same node would number twice and is also restricted to serving falls from the similarity in the system so what you typically do if you're like in a scene java program you write something like this where you sort of extended constructed to at least take a port number and a web directory pathname except those in the constructed and finally reuse your your webserver class but most of them have you know that this is still not the the way you're supposed to write because what you typically do in use something called dependency injection where instead of learning class constructed objects on behalf of you you will construct the object yourself and provided to the past so take a look at this class you for example instead of having a TCP socket Boston it takes an arbitrary In the advantage of this is that you can create your own blog socket class and so inject requests into it and capture responses so if you want to test this class you can just simulate requests and responses about actually open a single operating network connections and the same holds for a forward and like the file system access instead of using like underlying system calls to access the file directly you could use an interface which you can call directory and it has a couple of member functions like get file contents thinking about things and then suddenly you can't just let this restaurant on top of a virtual file system so like an in-memory file system on top of the network files and this is how you're supposed to ride out so the funny thing about Unix programs that are not written like the last example really like the 1st 2 examples of show so it's either the case that parameters are hard-code aka hard-coded so they make certain assumptions that like you know I must open this fall in this and if they're not not hard-coded it's typically the case of the path of to configuration file that the user is hard-coded and even if they are like truly branch right so you can just possible to confirmation on the command line or overwrite place the configuration file it's still the case that these programs acquired resources on behalf of you don't provide a network socket to the web server you provided the port number to which is similar to the 1st couple of examples so this is a double standard library it we know what a badly written Java programmers but still we fought for some reason we can't see that programs that sort of use Unix my several so badly written in a certain so here's is an example of a web server that is testable so this is a program
it will probably compiled many flavor of Unix and this is possible might be an incentive in constructing a network socket that you know only binds to specific words in Boston it always just uses follows script 0 to call except so standard in these networks offices you can provide and the advantage of this web service it supports any average family support site in the forward support I be 6
is Unix domain socket and it supports the TCP but also STDP so just look at the number of applications under there Unix that had to be patched up to support IPTV 6 almost Obama's written such a fairly trivial way that they could just have the sockets injected also if you want to support concurrency you don't need to write a single line of code to actually get concurrency because which is just it was created socket ones and and spontaneous that web server processes that use the same follows the so it just comes for free essentially and this factor is also possible because what you do is you just created unique socket and just programmatically inject requests into it and caption responses so there's no need to sort of gas support number that might be free the server and TCP socket on it and hope that nothing else on the network by accident that connects to storage of accident running along the same borders of production instance always has a false that simply won't happen you can just be the UNIX socket and and run this vector again so now that I've sort of explaining what I think is wrong with Unix namely that is insecure and and not all of show you quite a solution that I've come up with to to to deal with this so I have about those sort of new Unix runtime environment called Cloud API and this cloudy I think that as you know Linux is typically cable for running Linux processes previously cable funding freebies and processes this is like Cloud API operating system Running quality of the process except that quality operating system does not exist all of going to that in more detail later on but cloud in the eyes of the strip non flavor of Unix that is my opinion better protected against X . to the impact of a secured the exploiters lot smaller it's it allows you to find the right software it is reusable DB and also sort of has a couple of tricks that make use of the fun to use of a larger scale so I'm not claiming that sort of the entire idea was that so thing that I came up with the entire myself there are some parts of this framework called capsicum their regions which is a capabilities framework for freebies so to sort of really briefly explains how quite a cloudy somewhat sort of medium 10 guided as is but I'm going to sort of explain what a simple process could doom cloudy up so the most simple process that you can imagine it starts up and start the most simple way against still allocate memory it can create pipes it can create socket there's it can create shared memory it can allocate sorry it can spawn Fred subprocesses it can get the time of day it can do all sorts of things you only have a local impact so you can't just open a random TCP connection to a server that somewhere on the other side of the world you can't just open a random file on disk you can't just delete everything that's in such and you can't just send a kills signal to a random process and system is really just sort of this local environment in in in which you can sort of compute stuff of it's also worth as sort of meant mention briefly that some of this sort of Unix interfaces are not easily compatible with this interface so for example that the process table um you see that Unix process traditionally do need to access to the global process tables and random signals out of processes and so a couple of small extensions have been added to sort of safely create handles 2 processes and sub-processes so that you never need to inspect the entire global process stable you sort remains local so how can actually lecture process to something useful because mean just computing stuff and not interacting with the network or at the file system is pretty useless so follow the script refer usages grantees additional rights so if you wanna process to access a file you just started up with a file descriptor to a file on disk and so we can just read from the file right follows depending on how was a even more powerful you can just give follows Batista directories so if you have a web server and you would just provided a files to 2 2 slash forestation whatever then you can just access also falls under underneath so it can't open open-topped all toward slash whatever it can only access falsettist strictly underneath the directory at party and you can also provided sockets and some lead them to the system or process becomes network and it can just answer present coming so what's really nice about soccer so set Unix sockets can be used to pass follows the crystal so what you could just do is give a processor follows stupid to another service that grants him more resources to say you want to build a process that makes outgoing network connections you can't just open the connections on your own you have a separate process running alongside astronomical maybe process that can open the sockets for you and then send them back to your process through falls apart in really this is really funny because then you can sort of making use of space firewall processes so as an extension to to oppose only offers the solace that desire and they have a permission that mask so normally Unix it's a case it follows that this can only go before reading for writing off from both encoding every possible action that you can perform a false picture is an additional right so you can save this file descriptors opened for reading for and that but you can also truncated and you can for example and collect FL OK must allocate more space and this but anyway it's really just an arbitrary set of bit masks where you can say I want all of these actions and I don't want a lot of these and this is actually what's called capability based security where all the actions such a process can be formed is not determined by a set of access controls it's determined by a set of capabilities that your process happens to have at 1 point in time and new capabilities can be acquired for example for follows the capacity which is a process can also this got some of its capabilities by just simply closing those falls vectors the so a secure web service how would you model this on top of quality or so that the set of so you can always literally take a description that I gave earlier on you know for every sentence of the state this is the file server does exactly your process just has free follows the prisoners example namely the socket for incoming edges the requests a read only follows the prosody directory containing the them the the documents and that might append-only follows approval of so you can already see that it is a security exploiting this that server model of evil things can happen if the attacker can read more stuff from the file system and it can append garbage the log file that conscious flow rate locked file you add new false and that's route it looked so the nice thing about these models is also flexible at run time as I mentioned a process can gain new right will discard right under the correct conditions and what it can do is it can apply the principle of the defense in depth so what you the for example do isn't saying well below the the next version of future where people upload videos on their own on your website and you serve them back to you you probably want transcode videos because user just gives you I don't know some kind of weird file format that summit smartphones and now you need to convert it to sort of the same format that or even multiple formats that are supported by the devices that you would support so what you can do is after you've received a video from the user you could just for the web server process and form a new sort of dynamic container in a certain way that only has access to 2 bytes to to follow scriptures and we want that's used to provide incoming video input and 1 that's where you write a transcoded out to and what's really
nice is that if there is no like security vulnerabilities in the video transcoding library that using same buffer overflow the attacker can only write more garb garbage output to the output figures 3 but it can't actually sort of a yet more insight in how your network is set up internally or you know interact with should requested coming from other users so this it's still knowing that the attacker can write garbage output but still that the impact of such a security vulnerability is really small when compared to uh something going on in and sort of an example of something that's a bit more complex saying you know you're sort of interested in running more traditional web server infrastructure so where you have such till the username support so you can go to my domains special and and it eventually serves false that are in a subdirectory my home which you can do with this model is that you just run a separate process can only that process has access to social and you can send an RPC to its thing like a that's a request greeting in 4 till that slash exultation and that process and says OK here I'm going to give you fall descriptor to till led and now you can access all thousands so what happens is that and the next such a web server never would yield any right access to the system but in addition to that is also never possible to access and falls outside of the web directory so really allows you to like say put sandboxes and sandboxes and this is like really beautiful but it so disability of Cloud EDI processes and in a model where all outside of functionality toward the outside world is determined by follows scriptors it was really easy to test software good you can just do it you can start a pure executable for a different set of false because if you don't want a and a process that talk to the production database you can just provided a file descriptor to a fake Dolly testing database server that only um returns data is used for testing and so is incredibly easy to test software and to close to test process effect in my opinion this is impossible to write software that's not testable except at the so I briefly mention a couple slides ago that there is no such thing as a cloudy prediction think of it as a debt definition of what a cloudy the operating system should look like which system calls it should support that's exactly what comedy the so it's an API definition that specifies a list of all the system calls all the data types and all of the constants so Cloud API for example defines that being vowel corresponds to a value 18 it specifies that the an offset in the following 64 bits all those kinds of things are encoded in my ideas to add support for Cloud API to other operating systems out there so what this means is that you can just pollen application once you can build software you're my Linux workstation and you could for example run it on the server that runs you know previously mimics whatever happens to support quality so of patterns support for quality guide to existing operating systems is not that hard because I've already added support a couple of operating systems out there for example the and adding support for is only requirement you to write 10 thousand lines of code for a freebies the kernel so it's really not a large investment 1 person just means to do this and it is an arbitrary cardiac processes on on that operating system so there are a couple of other operating systems that I know supporting right now or working on supporting namely that is the Linux my events just 1 is like support all the these these out there and it would be nice if necklace was also supported by the acidity to tackle them 1 by 1 of course right now and focusing on only 1 hardware architecture the XAB 664 I'd I don't think there is a need to serve support 32 bit binary nowadays it would make a lot of sense and I am actually interested in having arm support eventually you you see that a lot of the interest is nowadays into on you can already see that we've the Bible words in maybe I would support a 32 bit ARM boards but I might actually skip those entirely and just over 16 for that computing at the top so the nice thing about um previously is that I managed to upstream cloudy ice according to previously 1 and a half weeks ago so if you happen to have a freebies system that really runs the latest developer snapshots you can run these 2 commands and this command you can run it to install a complete cloudy the items change which involves includes a compiler linker standard C library C + + library even and they can use that to compile seasons of programs and but also includes a kernel module that you can load and if you look at this from a model that you can just execute quality the I processes just like regular RedLinux processes so for other operating systems it's actually a a bit more complicated because I don't have any packages yet on the operating system support has hasn't been of so if you for example using Linux or not be seen and the couple state steps that you need to take to to make only that work so 1st of all you have to install clanging bin utils manually um this is not that hard fortunately is especially easy because all the patches that I wrote for the kind beetles have been upstream in the meantime so you can really take for example crank 3 . 7 which is coming up 1 of these days and that includes quality the support out of the box no is required and this the signals from Beatles upcoming version specific things that actually after you have a properly working C C + + until you actually a couple of square libraries otherwise you wouldn't even be able to compile the simplest Hello world application so there is a C library called quality which I wrote specifically for Cloud API and think of it like this it contains everything in politics plus some of the small extensions provided by capsicum the it basically model and using minus all the garbage that you in 1 in the environment like this so if you just building some kind of black box application that sort of is really confined from the environment around it there's really no need to provide access to the password file or you know provide functions like you know could you killed random arbitrary process so a lot of this is the garbage API sympos extension the user might be in the front correctly sandbox application they're all gone so it's really like we're in the library after you've installed the lobby you you you could install a couple of other libraries slightly cheaper but for the sake of us of water and I live online for exceptions support which like this 1 if you do the 1st of programs and which have all these installed you can compile all proper cloudy the executables and once as on the only thing you need to use that appear existing operating system kernel to actually run this study ABI executable so that involves going to they up danger of provide a link between the stock and check out the proper text that and they should be all over to go but eventually looking for having at least packages for the tool upstream to most operating systems so if you were the thing to do like packaging seeing if you have to be really good at writing getting in packages for example please talk to me after his presentation because it would be really awesome if we also have coaching upstream of the internet total that would be lowered barrier using so in the next couple slides and then can we'll show you how you can probably be and I'm going to demonstrate you that even those of the IDB and quality I sort of perfect and
feeling and when I started work on this I noticed that there was a sort of still missing piece of the puzzle which I hope I've sort of result so this what you see here is that of a simple version of the LS utility that you normally have a Unix but then specifically tailored for cloud area so this still doesn't support and fancy command-line flights of course but what what it can use again just simply give you dump of all the files that are in direct doesn't even try to sort them alphabetically or anything just dumb stand in the way they're sort of stored on disk so what happens is that when this problem starts something it calls these 2 functions sections of the most interesting piece of the problem where it 1st opens the directory so can iterate through it and accept the directory entries but also opens a file into your terminals connection right out to it so this program uses the convention extended in follows could do 0 is the directory that it should traverse through and falsehood the 1 corresponds with the term so this implies that it even just compile as follows just install at the cross compiler toolchain and then just invoke solutions that show LSL SLC like you would normally do on Unix and I can run the program by passing in such easy to standard this actually works this gives you a lot to so there don't work so I noticed that it sort of feels unnatural
it's in my opinion not the way to go so even though you can use your shelter Carson files to a program or you can pass and directories or passing character devices systems the shell doesn't provide an easy portable way of creating song so if I would write this would run this web server that I demonstrated during the introduction I will be able to start up from the shell because I can't give a socket what's also really annoying is that the ordering of the files that just might actually be really important so if you service becomes more complex if you need to start up with half a dozen or even more follows vectors then you can easily invoke it in the wrong way you need some kind of documentation and documentation are explained falls to the 0 corresponds with a lot of Fonseca 1 corresponds with that's rule as simply doesn't scale in my opinion and would just cause a lot of system a lot of headaches for systems administrator in words you got actually you a variable number of false depressed city of a web service columnar VocaListener multiple sockets could use multiple database back and and like multiple those at the same time what would the numbering scheme like you would need to sort of somehow provide passing include like come on variable saying like you know the 1st fall 5 follows filters correspond with database back ends and then there's the like 7 or cell wall files that simply wouldn't work I can't see working which also loses sort of the the transparency units where you can write a single configuration file where you just explain how the entire service should work you know if you look at the Apache configuration file there are a lot of concentration parameters that to I have nothing to do with which resources section that acts as the only describe how the process should behave well on the other hand you also this a lot of pathnames and their network addresses of the process depends on so I thought about it and it's to quite a lot and I came up with the following solution I voted utility called clouding the idea from and this utility is incredibly simple I think it's only 203 hundred lines of code right now and it's mainly because it it into some fault party in there but how and words you just invoke it with an executable understanding provided a configuration and this process are due to start next executable within exact set of follows from this and make sure that no follows would leak into the process and make sure that none of them are missing and what it does merges the concept of program configuration with providing access to external resources that means that you still have your traditional configuration file in which you have confirmation parameters but also this depends and how does that it replaces the traditional command-line arguments by a younger like tree structure so there is no more on the when you process starts it has something else namely a tree structure of configuration parameters but also of resources is going into so saying right a very simple lecture this so as not to Cloud API which you just write a simple web server that takes a configuration of the universe of museum and in this configuration file you have a couple of configuration attributes like the host name that is so for example return all the error messages and image to be headers you would want to specify the number of concurrent connections at this web server should receive so in this case 64 and you would say it needs to listen this IP address and what then finally also access to a couple thousand so the quality of except the configuration of that like this but is annotated and special but most people don't know is that the animals issued pipe language so in there is a difference between this string an integer at any
connection right down in different
ways of sort of remain tied so Cloud API were run users tags from special space which is here at the top and allows us to use these tags with exclamation mark like akšamija soccer at mission marked file to add dependencies on resources for the program once you so this is almost the same as the previous configuration file that see that all the at tributes that referred to socket addresses no binding on edges or pathways and this that extended to use these explanation exhibition work file and estimation wants architecture and what the government does is that it scans through followed passes the fall for you and tries to acquire these resources for you so it call socket combined to obtain a so that's bound to this IP address it calls open to 2 openings these fall so a from this that directly and the places this by the tags folds as references to those files so when it's created a socket and
bound on and it turned out it was falls 17 42 and 28 true or false the rejection and this is what you pass on to the application well not yet there's still 1 passing between me sanitizing parts what it does it closes all the other follows with this that happened to be open at the time the quality of the irony was running and also the numbers of false recursively sequential and the reason for this is that it makes the execution of the program of the eudaemonistic so every time you start the process with the same configuration it's also the case that the numbers of default interest match otherwise it would be a bit more annoying thing about the sound is from from a program programs point few because eventually lead to access this this data from your program so instead
of using the traditional into main and oxy cock the function you now uses you you may optionally use an alternative entry point called program underscore name and it only has a single argument mainly on our data T and this is a handle to this tree structure you can just iterate over so because the configuration of example was actually a mapping you
know it's always a key value
sort of a dictionary this that this piece of code now invokes a function call our data iterated map you pass is handled to this node of the tree in the room and you
function that needs to be invoked for every element so called a functional system argument data and now you can just I mean
I tried sort of simplifying this code as much as possible like removal of the error handling but this
would be your configuration file parts so it's here we 1st obtained the string value key so in this case we're trying to extract hostname concurrent connections listen what followed there and we performance string
comparison on those so if it's a host name then we can just access extract a C-string argument from this tree structure so
now we obtain those and we can call this function get to extract file descriptor numbers from the tree so it's really important to keep mind integers and fall descriptors 2 separate by because quality I run needs to know which numbers of false characters and which ones aren't because it needs to know which of those also refused to be passed on to the process so this is actually really nifty to like discovered
because it allows you to configure service securely without any additional effort if you compare this to actually limit for AP where you have to write separate security policies a separate configuration of something like this is mean the for quality I still have a single configuration file which you configure the program and started up and it's secure so if you change about your configurations started up again it should still work unlike at by also in possible to invoke programs incorrectly as in getting the ordering of the false superstrong because programs don't depend on the order of water the files it's no longer the case said 0 standard in 1 is standard out into standard error prone and start up and they just have a big bag of follows because that that's to to run correctly and it was also really cool is down all inclusive it uses the yellow 1 . 2 and the animals also a and a superset of Jason so use any tool that generates Jason oriental and just Boston data to the program directly and that's really nice so is no more invoking programs shell and making sure you get all the escaping right you can use higher level libraries constructed data you want to pass on to the program so from a security point of view this is also might be also for soften developers is no longer need to write a configuration file partial because this all just comes for free you just run Cloud API with general fall and your program receives in a tree structure already in pre for so of it also means a program so long require any resources and start up so as soon as program starts running you can already do the stuff that actually matters accept requests and this process and of 1st spending like you know writing tens of thousands of lines of code in a large application to just pass a configuration of all resources correct so the final thing I wanted to suggest that what are you going about Indiana so a couple of these use cases that represent the interface that I sort of made up myself or where think cloudy the ideas it's a good tool but it's also based on some feedback I got from companies to be showed interests using quality for a couple of their own food for their purposes so even though cloudy ice column in the name it doesn't necessarily mean that we only used for cluster computing I've seen some interest from Harper appliance vendors so for example companies developing storage solutions or firewalls and narrative thing about using Cloud API to hard and processes running on their system so in addition to making their suffer a lot more security makes it a lot easier for them to run for party software so but in free BSD there exist is technological that maps and that map allows you to efficiently do firewalling user space so it's a sort of a lockless Q which network packets are exposed to processes and processes can apply filtering to them or discard packets and this would allow people to just write his 1st party filtering libraries and this is a security exploiting attended the appliance as a whole is not compromised so it makes it easier for network firewall vendors to sort of allow modification or extension of their functionality from particle but it's also I I've worked for a company that made a and a sort of the e-mail spam-filtering appliances and they used a binary blob component to the spam filtering which is really bad because if there's a secured exploiting a spam filter there's nothing you can do yourself through to security what is that's like virus scanner vendor-supplied data virus scanner as a cloud ABI executable that would only for example take 1 pipe 40 incoming e-mail 1 5 40 out of I that make a lot more secure so even if there a couple security exploiting them in in the virus scanner but it's still not that this so another example if all of his having cloudy service so right now people use Amazon E C 2 Google Cloud computing will of engine but In my opinion these services sort of don't know tackle problem as a whole so Amazon E C 2 makes a lot easier to get your hands and computing resources but it doesn't make life simpler for you because every Amazon E C 2 instance you get is basically just a new computer for which she also need to know the systems administration so we tried to solve this by coming up with tools like puppets to automatically administer all systems but the problem is that it is in the root to my and you should be doing and the whole system systems administrator if you have a cloud computing platform it should be the case that you just have a program that you want to run be like a computationally incentive intensive program or a web service you just give them the binary let them run and calling the I make studies to do without using any virtualization so right now I think Amazon E C 2 use this as an and who computer users thinking the and I'm not sure about that these impose on CPU over at but the technology like I the I could make it possible to run the systems directly on top of the Unix kernel without any CPU virtualization overhead and it's also a nice so Google App Engine is a really nice cloud computing framework that are like which should just write a whole pile of Python code that you just 1 run in the cloud you just throw it over the fence in Google defined for you know the problem is weapons and only supports a couple of scripted or interpreted programming languages because those are the ones that they can do sort of the analysis on to make sure that it won't escape it like the confinement of the sandbox was something like I just an arbitrary process you can say I'm compiling a special Ruby interpreter for Cloud API and just running it with a cup of through the files that I that provide looked so so finally 1 of the use case that I the thing off what's also really interesting workload EVI city could use it as the basis of a cluster management suite so what you could do is you could just make this really tiny processor just runs on like on a whole pile of service and the only thing it does is just accept Sarkozy's instructions you know what should I run similar to systems like communities but the nice thing about criteria I that because you have to provide also dependencies of a program explicitly you have a really accurate high quality dependency graph of all the processes and this allows you to do to sort of add so much more smartness this system is what we currently see so right now of communities processes start up and if 1 of the back of services down it just sits there and runs but it feels connected back something like finding the I'd across a management system already know that this is happening can just say I'm not settling this process until all of its dependencies are fulfilled it could also make more high-quality scheduling decisions like I see that all of these databases 1 is running 1 right over here I might as well just run a couple front-end processors right next to them instead of running them on the other side of the data center or maybe even worse a different continents so this is a lot easier if you was of half of the course management system purely built on technology like maybe I also because all the dependencies unknown if you wanna migrated process from 1 server to the other you know you exactly know which files on disk because it's going to have an access you know what I want to migrate over to the news of so these are a sort of like this is sort of quality shall I I hope I clearly explained sort of what you
can behind Cloud is how it sort of works and what use cases are there is a
page and get up the quality repository and it sort of has a nice introduction and some links to some other interesting articles and of course the source code itself which you can sort of tried and experiment with if you even if you're not interested in sort of using this in Cloud API in my opinion it's also really high quality C library so if you're interested in knowing how certain C library function is actually implemented is sure to check it out and there's also a whole pile of test for that so so we also get some example code and how it works but also in a esteem generally at medical quality I be sure to drop by and will work to see what's going on and finally my company and see if you would be interesting commercial support on technology like this sort could of think of a curious case and be sure to to contact us steadily and apparently questions maybe tomorrow we add up all the here
tomorrow as well also if you sort of happened to stumble into more than you know just chat with the event and let me know what you think about if you had a question yes and you know that the yeah exactly that's that's really what we want because all and at exactly that that that's a really good remarks so found in the eyes of other people often sort of present you use cases like it can't do this but it is of course an important to and realize quality EDI not meant to cover the 100 per cent there are of course quite a lot of things that really needs to be done in a traditional process where you do have access to all these global namespace so much for example do with them I've been thinking about this is let every system run like a master process that can provide access to arbitrary directories arbitrary sockets you can connect everything in a combined to everything in of the room to process what would normally do let that run in the process and then you just have to stacking like adaptor processes and part of that that can do all sorts of interesting filtering and white listing and that would at least make systems lot more secure so even for cloud computing platforms you could make it completely safe you could be completely sure that processes running on top of your cloud computing and don't connect to your internal network and its it's sort of of finally allows you to use the space far because what you see right now is that you have all these new complex final policies the grammar of of of of light and the features that a firewall the kernel has a constantly growing because people come up with new criteria that needed to be filtered on a sample i guess would finally allow you to to do all of that use space yeah so this is really not meant to cover 100 per cent right now at least it's it's sort of um I foresee that there will be sort of like a hybrid model where certain parts still run is made of processes but of all the interesting thing you know where you do a lot of passing where stuff is simply go wrong just inequality again process yeah yeah and so that's a good question yes and no so I'm really starting at the bottom of course and you start out with the library building up from there so right now where m is that since the plus + really work as in the cheapest cost a lot of the the standard that already passed the test suite and I'm now slowly getting to the point where I'm trying to get some more high-level libraries built on top of this that also include inter so getting you have to work on top of its getting Python where that's really I don't have anything computer yet but I'm now experimenting with building against it and extending the C library to you know and non-standard functions that were actually needed by discourse so why my my idea would eventually be that that something like C from the official Python into implementation would just
work on this albeit slightly different so the normal life interpreter has standard include directory instead of wanting into in this case would be the case that you in far explicitly given this about rectories and that explicitly spots on department so yes you eventually should be alleviated use standard interprets for 5 more PHP whatever you like but starting about a bit unconventional but that's the best we can do this FIL so without a modified kernel is actually pretty hard because then you could potentially good but then you would have to security benefits because the program could still in assembly called the original system call that they provide access to a random part of this so the the the Linux security policy for example is really not powerful to emulate this so but that would be possible but it they're they're sort of another interesting point question so what you could do something the other way around so a lot of C functions that depend on global namespace like open the tries to open a global part this you could add a wrapper inside of this library so that there's 1 file-descriptor like the root directory assistance and stuff like open would just be translated to open a fall underneath direct like and the impact that you would use to more easily port existing and future so working on this has sort of crossed my mind on more than 1 occasion and I start working on something like this but my concerns that approach is that it basically brings you back to where you start if also solve furniture running on top of the stack is all based on the impact and also assumes a global root directory and just calls into a special opposite to always just get democracy or the like a TCP socket to random nation in years and then in the end not any better than where you started you still end up with untestable on sandbox where thank you yeah were that's still true get so there there's still some advantages to it if you would have lived had on so my my goal would be that eventually would be just the separate so may an overlay so that if you would for example installed this live packed and you would add a special include path your compiler that if you include standard I O page you sort of get at a standard that stacks on top of the the 1 of Ki so in crowded it only provides the features that don't provide any global namespaces but then everything that bondsman little namespaces listed in this small tiny standard I that's just as a couple of missing features to it and then it would be really clear that programs can really clearly decide I want to have sort of the the pure in today's runtime environment or I just quickly wanna get the software running in a sort of a quick and dirty way that's sort of the the mall that that I've received I haven't started on the for so 1st trying to see how far we can go by only using the purity of with based on any other questions all of them thank you for your attention and also on the questions that you need
Offene Menge
Einfügungsdämpfung
Prozess <Physik>
Freeware
Gemeinsamer Speicher
Compiler
Formale Sprache
Versionsverwaltung
Extrempunkt
Computeranimation
Kernel <Informatik>
Homepage
Metropolitan area network
Freeware
Client
Skalierbarkeit
Web Services
Einheit <Mathematik>
Dateiverwaltung
Spielkonsole
Default
Auswahlaxiom
Umwandlungsenthalpie
Zentrische Streckung
Vervollständigung <Mathematik>
Kategorie <Mathematik>
Datenhaltung
Computersicherheit
Singularität <Mathematik>
Güte der Anpassung
Gebäude <Mathematik>
Laufzeitsystem
Software
Forcing
Rechter Winkel
Server
Projektive Ebene
Socket
Information
Verzeichnisdienst
Stabilitätstheorie <Logik>
Subtraktion
Interaktives Fernsehen
Zahlenbereich
Dienst <Informatik>
Term
Punktspektrum
Code
Physikalisches System
Benutzerbeteiligung
Software
Front-End <Software>
Netzbetriebssystem
Luenberger-Beobachter
Softwareentwickler
Ereignishorizont
Grundraum
Analysis
Schreib-Lese-Kopf
Trennungsaxiom
Einfach zusammenhängender Raum
Videospiel
Fundamentalsatz der Algebra
Expertensystem
Open Source
Unicode
Systemverwaltung
Elektronische Publikation
Cloud Computing
Quick-Sort
Druckertreiber
Mereologie
Streuungsdiagramm
Programmiergerät
Bit
Prozess <Physik>
Virtualisierung
Web log
Applet
NP-hartes Problem
Kartesische Koordinaten
Sondierung
Binärcode
Internetworking
Metropolitan area network
Einheit <Mathematik>
Standardabweichung
Prozess <Informatik>
Radikal <Mathematik>
Dateiverwaltung
Wurzel <Mathematik>
Schnittstelle
Softwaretest
Addition
Konstruktor <Informatik>
Nichtlinearer Operator
Parametersystem
Lineares Funktional
Schnelltaste
Datennetz
Computersicherheit
Singularität <Mathematik>
Applet
Ähnlichkeitsgeometrie
Quellcode
Stochastischer Prozess
Softwarewartung
Rechenschieber
Dienst <Informatik>
Rechter Winkel
Server
Socket
Information
Overhead <Kommunikationstechnik>
Verzeichnisdienst
Message-Passing
Aggregatzustand
Server
Klasse <Mathematik>
Zahlenbereich
Dienst <Informatik>
Socket-Schnittstelle
W3C-Standard
Demoszene <Programmierung>
Physikalisches System
Virtuelle Maschine
Benutzerbeteiligung
Knotenmenge
Verzeichnisdienst
Socket
Front-End <Software>
Diskrete Simulation
Endogene Variable
Programmbibliothek
Inhalt <Mathematik>
Optimierung
Konfigurationsraum
Einfach zusammenhängender Raum
Spider <Programm>
Verzweigendes Programm
Einfache Genauigkeit
Physikalisches System
Paarvergleich
Elektronische Publikation
Quick-Sort
Kreisbogen
Zeichenkette
Portscanner
Objekt <Kategorie>
Flächeninhalt
Offene Menge
Injektivität
Offene Menge
Symmetriebrechung
PASS <Programm>
Raum-Zeit
Service provider
Computeranimation
Deskriptive Statistik
Dateiverwaltung
Skript <Programm>
Gerade
Schnittstelle
Addition
Datentyp
Datennetz
Computersicherheit
Biprodukt
Gefangenendilemma
Dienst <Informatik>
Menge
Rechter Winkel
Festspeicher
Konditionszahl
Server
Socket
Smartphone
Instantiierung
Lesen <Datenverarbeitung>
Stabilitätstheorie <Logik>
Firewall
Dienst <Informatik>
Domain-Name
Informationsmodellierung
Verzeichnisdienst
Endogene Variable
Determiniertheit <Informatik>
Maßerweiterung
Ganze Funktion
Datei-Server
Rechenzeit
Elektronische Publikation
Verdeckungsrechnung
Portscanner
Gamecontroller
Wort <Informatik>
Compiler
Bit
Prozess <Physik>
Punkt
Gemeinsamer Speicher
Datenparallelität
Familie <Mathematik>
Versionsverwaltung
Kartesische Koordinaten
Computer
Computerunterstütztes Verfahren
Eins
Videokonferenz
Metropolitan area network
Web Services
Prozess <Informatik>
Randomisierung
Hacker
Umwandlungsenthalpie
Zentrische Streckung
Laufzeitsystem
Ein-Ausgabe
Exploit
Teilbarkeit
Dialekt
Stochastischer Prozess
Transcodierung
Dateiformat
p-Block
Verzeichnisdienst
Aggregatzustand
Web Site
Server
Gruppenoperation
Ablöseblase
Zahlenbereich
ROM <Informatik>
Socket-Schnittstelle
Code
Framework <Informatik>
W3C-Standard
Benutzerbeteiligung
Socket
Mittelwert
Software
Mini-Disc
Coprozessor
Speicher <Informatik>
Einfach zusammenhängender Raum
Wald <Graphentheorie>
Diskretes System
Einfache Genauigkeit
Kanalkapazität
Routing
Vektorraum
Physikalisches System
Ausgleichsrechnung
Quick-Sort
Office-Paket
Videokonferenz
Mereologie
Mini-Disc
Kernel <Informatik>
Blackbox
Compiler
Schreiben <Datenverarbeitung>
Computeranimation
Trigonometrische Funktion
Prognoseverfahren
Mustersprache
Radikal <Mathematik>
Elektronischer Programmführer
Gerade
Feuchteleitung
Softwaretest
Addition
Multifunktion
Hardware
Datennetz
Ausnahmebehandlung
Biprodukt
Hoax
Ereignishorizont
Konstante
Rechter Winkel
Server
Schnittstelle
Wasserdampftafel
Dienst <Informatik>
Patch <Software>
Whiteboard
Informationsmodellierung
Netzbetriebssystem
Datentyp
Programmbibliothek
Maßerweiterung
Soundverarbeitung
Softwarewerkzeug
Elektronische Publikation
Binder <Informatik>
Modul
Nabel <Mathematik>
Portscanner
Patch <Software>
Softwareschwachstelle
Wort <Informatik>
Streuungsdiagramm
Resultante
Bit
Prozess <Physik>
Atomarität <Informatik>
Versionsverwaltung
Kartesische Koordinaten
NP-hartes Problem
Computerunterstütztes Verfahren
Videokonferenz
Internetworking
Kernel <Informatik>
Metropolitan area network
Figurierte Zahl
Funktion <Mathematik>
Umwandlungsenthalpie
Lineares Funktional
Datenhaltung
Laufzeitsystem
Rechenschieber
Garbentheorie
Datenfluss
Verzeichnisdienst
Standardabweichung
Aggregatzustand
Total <Mathematik>
Quader
Ablöseblase
Interaktives Fernsehen
Kombinatorische Gruppentheorie
Term
Code
W3C-Standard
Physikalisches System
Benutzerbeteiligung
Software
Binärdaten
Mini-Disc
Arbeitsplatzcomputer
Passwort
Optimierung
Softwareentwickler
Implementierung
Hardware
Beobachtungsstudie
Einfach zusammenhängender Raum
Elektronische Publikation
Mailing-Liste
Physikalisches System
Quick-Sort
Videokonferenz
Quadratzahl
Flächeninhalt
Pufferüberlauf
Computerarchitektur
Prozess <Physik>
Nabel <Mathematik>
Datenparallelität
Adressraum
Formale Sprache
Mobiles Endgerät
Computeranimation
Netzwerktopologie
Metropolitan area network
Web Services
Einheit <Mathematik>
Vorlesung/Konferenz
E-Mail
Gerade
Parametersystem
Zentrische Streckung
Filter <Stochastik>
Multifunktion
Datennetz
Datenhaltung
Singularität <Mathematik>
Nummerung
Knoten <Statik>
Variable
Konzentrizität
Dienst <Informatik>
Menge
Ganze Zahl
Server
Garbentheorie
Socket
Verzeichnisdienst
Fehlermeldung
Zeichenkette
Server
Subtraktion
Zahlenbereich
ROM <Informatik>
Netzadresse
Code
Socket-Schnittstelle
Benutzerbeteiligung
Variable
Multiplikation
Optimierung
Datenstruktur
Konfigurationsraum
Grundraum
Bildgebendes Verfahren
Attributierte Grammatik
Einfach zusammenhängender Raum
Softwarewerkzeug
Systemverwaltung
Einfache Genauigkeit
Schlussregel
Vektorraum
Physikalisches System
Elektronische Publikation
Nabel <Mathematik>
Quick-Sort
Wort <Informatik>
Streuungsdiagramm
Schätzwert
Bit
Prozess <Physik>
Matching <Graphentheorie>
Singularität <Mathematik>
Zahlenbereich
Kartesische Koordinaten
Elektronische Publikation
Netzadresse
Socket-Schnittstelle
Quick-Sort
Raum-Zeit
Computeranimation
Offene Menge
Mereologie
Socket
Computerarchitektur
Faltung <Mathematik>
Optimierung
Default
Konfigurationsraum
Parametersystem
Lineares Funktional
Punkt
Oval
Physikalisches System
Element <Mathematik>
EPROM
Menge
Quick-Sort
Code
Computeranimation
Mapping <Computergraphik>
Netzwerktopologie
Knotenmenge
Iteration
Äußere Algebra eines Moduls
Datenstruktur
Optimierung
Konfigurationsraum
Einfach zusammenhängender Raum
Lineares Funktional
Parametersystem
Prozess <Physik>
Zahlenbereich
Oval
Paarvergleich
Elektronische Publikation
EPROM
Menge
Code
Quick-Sort
Computeranimation
Eins
Netzwerktopologie
Iteration
Ganze Zahl
Mereologie
Datenstruktur
Konfigurationsraum
Schlüsselverwaltung
Fehlermeldung
Zeichenkette
Nabel <Mathematik>
Virtualisierung
Datenmanagement
Schreiben <Datenverarbeitung>
Information
Raum-Zeit
Computeranimation
Netzwerktopologie
Code
E-Mail
Gerade
Schnittstelle
Suite <Programmpaket>
Addition
Sichtenkonzept
Datennetz
Computersicherheit
Güte der Anpassung
Partielle Differentiation
Computervirus
Entscheidungstheorie
Virensuchprogramm
Scheduling
Dienst <Informatik>
Rechter Winkel
Server
Ordnung <Mathematik>
Instantiierung
Orientierung <Mathematik>
Firewall
Wasserdampftafel
Dienst <Informatik>
Modul <Datentyp>
Datennetz
Programmbibliothek
Datenstruktur
Maßerweiterung
Konfigurationsraum
Analysis
Videospiel
Zehn
Elektronische Publikation
Chipkarte
Kreisbogen
Portscanner
Overhead <Kommunikationstechnik>
Partikelsystem
Streuungsdiagramm
Personal Area Network
Punkt
Prozess <Physik>
Kartesische Koordinaten
Computer
Binärcode
Übergang
Eins
Kernel <Informatik>
Rechenzentrum
Metropolitan area network
Datenmanagement
Web Services
Mehrrechnersystem
Maskierung <Informatik>
Wurzel <Mathematik>
Interpretierer
Lineares Funktional
Datenhaltung
Quarkconfinement
Teilmenge
Overhead <Kommunikationstechnik>
Standardabweichung
Rückkopplung
Zentraleinheit
E-Mail
Code
Framework <Informatik>
Software
Front-End <Software>
Mini-Disc
Google App Engine
Zusammenhängender Graph
Coprozessor
Optimierung
Softwareentwickler
Speicher <Informatik>
Basisvektor
Hardware
Trennungsaxiom
Beobachtungsstudie
Programmiersprache
Graph
Systemverwaltung
Einfache Genauigkeit
Physikalisches System
Cloud Computing
Quick-Sort
Mapping <Computergraphik>
Beanspruchung
Basisvektor
Informationssystem
Prozess <Physik>
Punkt
Firewall
Formale Grammatik
Implementierung
Computer
Extrempunkt
Information
Raum-Zeit
Socket-Schnittstelle
Code
Computeranimation
Kernel <Informatik>
Informationsmodellierung
Ungleichung
Stichprobenumfang
Minimum
Programmbibliothek
Vorlesung/Konferenz
Softwaretest
Lineares Funktional
Suite <Programmpaket>
Namensraum
Datennetz
Dokumentenserver
Gebäude <Mathematik>
Physikalisches System
Quellcode
Binder <Informatik>
Cloud Computing
Quick-Sort
Mereologie
Verzeichnisdienst
Elektronischer Datenaustausch
Streuungsdiagramm
Standardabweichung
Offene Menge
Punkt
Keller <Informatik>
E-Mail
Information
Computeranimation
Homepage
Kernel <Informatik>
Freeware
Software
Programmbibliothek
Randomisierung
Notepad-Computer
Vorlesung/Konferenz
Wurzel <Mathematik>
Optimierung
Lineares Funktional
Interpretierer
Videospiel
Namensraum
Computersicherheit
Laufzeitsystem
Systemaufruf
Quick-Sort
Software
Mereologie
Socket
Normalvektor
Verzeichnisdienst
Standardabweichung

Metadaten

Formale Metadaten

Titel CloudABI
Serientitel FrOSCon 2015
Teil 30
Anzahl der Teile 80
Autor Schouten, Ed
Lizenz CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/19569
Herausgeber Free and Open Source software Conference (FrOSCon) e.V.
Erscheinungsjahr 2015
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract CloudABI is a new runtime environment that attempts to make it easier to use UNIX-like operating systems at the core of a cluster/cloud computing platform. Ed Schouten

Ähnliche Filme

Loading...