Information Flow for Trusted Execution / Jan 2020
There is now increased hardware support for improving the security and performance of privilege separation and compartmentalization techniques such as process-based sandboxes, trusted execution environments, and intra-address space compartments. We dub these "hetero-compartment environments" and observe that existing system stacks still assume single-compartment models (i.e. user space processes), leading to limitations in using, integrating, and monitoring heterogeneous compartments from a security and performance perspective. This project explores how we might deploy techniques such as fine-grained information flow control (DIFC) to allow developers to securely use and combine compartments, define security policies over shared system resources, and audit policy violations and perform digital forensics across hetero-compartments. […177 words]
Unikernels: the rise of the library hypervisor in MirageOS / Oct 2016
DockerCon talk on unikernels and MirageOS
The functional innards of Docker for Mac and Windows / Jun 2016
I gave a talk at the Functional Works meetup, held in Jane Street London about how Docker for Mac and Windows use OCaml and unikernels under the hood.
MirageOS 2.0: branch consistency for Xen Stub Domains / Oct 2014
At the Xen Summit speaking about branch consistency for Xen Stub Domains
SE Radio Episode 204: Anil Madhavapeddy on the Mirage Cloud Operating System and the OCaml Language / May 2014
Appeared on SE Radio Episode 204 about Mirage and OCaml
MirageOS and XAPI project update at XenSummit / Nov 2013
MirageOS and XAPI project update at XenSummit
Breaking up is easy (with OPAM) (via MirageOS) / Oct 2012
Once the main advantages of having hypervisors is that you can have strongly isolated services within a single machine. But it's really hard to actually build these specialised services; that is, until MirageOS came along. This post discusses how to build so-called "stub domains" for Xen using MirageOS.
Programming the Xen cloud using OCaml / Sep 2012
Paper on programming the Xen cloud using OCaml at the OCaml Workshop
Programming the Xen cloud using OCaml
Dave Scott, Richard Sharp and Anil Madhavapeddy.
Paper in the the 1st ACM OCaml Users and Developers Workshop.
Reconfigurable Data Processing for Clouds / May 2011
Paper on what a Xen+FPGA cloud would look like at FCCM
Using functional programming within an industrial product group: perspectives and perceptions / Sep 2010
Paper on our experiences with writing the Xen control stack in OCaml at ICFP 2010
Unikernels / Jan 2010
I proposed the concept of "unikernels" -- single-purpose appliances that are compile-time specialised into standalone bootable kernels, and sealed against modification when deployed to a cloud platform. In return they offer significant reduction in image sizes, improved efficiency and security, and reduce operational costs. I also co-founded the MirageOS project which is one of the first complete unikernel frameworks, and also integrated them to create the Docker for Desktop apps that are used by hundreds of millions of users daily. […1496 words]
Peeking under the hood of High Availability (via Citrix) / Sep 2008
Well, the big launch of XenServer 5 has gone smoothly, and with it have arrived a flood of questions about how exactly the new High Availability functionality works. I’ll use this post to explain the overall architecture of HA in XenServer 5, and also how some of the fault detection and failure planning works.
Fundamentally, HA is about making sure important VMs are always running on a resource pool. There are two aspects to this: reliably detecting host failure, and computing a failure plan to deal with swift recovery.
Detecting host failure reliably is difficult since you need to remotely distinguish between a host disappearing for a while versus exploding in a ball of flames. If we mistakenly decide that a master host has broken down and elect a new master in its place, there may be unpredictable results if the original host were to make a comeback! Similarly, if there is a network issue and a resource pool splits into two equal halves, we need to ensure that only one half accesses the shared storage and not both simultaneously. […2293 words]
Shedding light on XenApp on XenServer performance tuning (via Citrix) / Aug 2008
You won’t be surprised to hear that we spend a lot of time improving XenApp performance when running on XenServer. Although there are some good benchmark comparisons available (such as the Tolly Group report), I still get a lot of customers asking about what the “secret sauce” is. I sat down with George Dunlap, the lead XenServer performance engineer to chat about the very first optimisation we did back in XenServer 4.0 last year. […1253 words]
Installing Ubuntu on XenServer (via Citrix) / Jul 2008
I thought I’d kick off my Citrix blog with a question I get pretty often from Linux enthusiasts: how to install unsupported Linux distributions on XenServer 4.1. […1433 words]
Xen 2002 / Jan 2003
The first technical report on the Xen Hypervisor hypervisor is now available. I mainly contributed to the early NetBSD port (but have run into a snag with the lack of linear page tables in our paravirtual page implementation).
Steven Hand, Tim Harris, Alex Ho, , Anil Madhavapeddy, , and .
, , ,Technical report (UCAM-CL-TR-553) at University of Cambridge, Computer Laboratory.
Displaying the 15 most recent news items out of 17 in total (see all the items).