Early September, I had the pleasure to give a lecture on a topic related to cybersecurity and labs at the EDUC Summer school of Cagliari University.
Cagliari university. |
Unikernels are not really a recent subject, the fondation principles were laid down at the
beginning of the previous decade. As a core team member of the
mirageOS library system
(it is actually a unikernel which replies to you when you visit the
mirageOS website), I was
able to present the ecosystem to the students of the summer school.
Since 2013, there has been a whole eco-system of libraries to be built
in order to communicate with
TCP/UDP on the internet, to encrypt communications with TLS, to receive
or send emails,
to access to git repositories, etc. It's really a stimulating and still
under construction ecosystem
but it also leaves a lot of room for inventiveness and innovation. This
technology
is still a little ahead of the current uses (containers or "legacy"
virtual machines) in the
industry, so it's exactly the right time to present it to future
engineers and computer scientists!
Course with the students
The beginning of the day was dedicated to the introduction of the
unikernel concept but also
to the support language for mirageOS. The whole system libraries are
written (with rare low-level
exceptions written in C language) with the Ocaml language. This
functional language was for the
majority of the group a discovery that had to be grasped before moving
on to the labs part.
The link with cybersecurity is quite direct since the language gives
security by design features
(for example with the compiler's checks performed on the types of the
various elements,
or on the memory accesses performed). As an example and not in any
case a proof of
the strength of the network stack used by mirage, the bitcoin pinata
project has posted a website
offering 10BTC to the first person able to establish a SSL connection
with the server (all of the
source code for replicating the virtual machine "at home" was public)
and nobody was able to take
these bitcoins.
The practical part consisted in reusing and setting up a web site
intended to be used as a blog,
which accepts updates as a webhook github. Thus all the users who have
writing rights on a github
repository have the possibility to update the website served by the
unikernel!
I found this experience very enriching with fruitful exchanges and I hope that the students are now as enthusiastic about this technology as I am!