YoVDO

CAP-VMs - Capability-Based Isolation and Sharing in the Cloud

Offered By: USENIX via YouTube

Tags

OSDI (Operating Systems Design and Implementation) Courses Cloud Computing Courses Containers Courses Cloud Security Courses Virtual Machines Courses Inter Process Communication (IPC) Courses

Course Description

Overview

Explore a 14-minute conference talk from OSDI '22 that introduces CAP-VMs, a novel approach to capability-based isolation and sharing in cloud environments. Delve into the challenges of balancing application component isolation with efficient data sharing on physical hosts. Learn how forthcoming CPUs with hardware support for memory capabilities offer new opportunities for fine-grained isolation and sharing. Discover the concept of cVMs, a VM-like abstraction that utilizes memory capabilities to isolate components while supporting efficient data exchange. Examine the two capability-based primitives for cross-cVM communication and their implementation using CHERI RISC-V capabilities. Gain insights into how this approach can improve cloud stack security and performance, demonstrated through prototype implementations with Redis and Python services.

Syllabus

Intro
Imperial College London
Clouds: Isolation vs. Sharing
VMs: Strong, Heavyweight Isolation
Containers: Weak, Lightweight Isolation
VMs & Containers: The MMU Tax
CHERI Capabilities
Challenges for Cloud Stacks with Hardware Capabilities
CVM: Intra-Process VM-like Abstraction
Isolation/Sharing for Legacy Cloud Apps?
Support for Native Software
Small-TCB OS Functionality
IPC Interfaces Using Capabilities
CAP-VM Prototype
Comparing with IPC Mechanisms


Taught by

USENIX

Related Courses

Electron: Building Cross Platform Desktop Apps
LinkedIn Learning
Create a Desktop App With JavaScript & Electron
Traversy Media via YouTube
Components of Operating System
CodeHelp - by Babbar via YouTube
Binder - The Bridge To Root - Hongli Han and Mingjian Zhou
Hack In The Box Security Conference via YouTube
Man in the Binder - He Who Controls IPC, Controls the Droid
Kaspersky via YouTube