/ Papers / Exploring Compartmentalisation Hypotheses with SOAAP
In 2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems Workshops, Sep 2012
PDF   URL   BibTeX   DOI  

Abstract. Application compartmentalisation decomposes software into sandboxed components in order to mitigate security vulnerabilities, and has proven effective in limiting the impact of compromise. However, experience has shown that adapting existing C-language software is difficult, often leading to problems with correctness, performance, complexity, and most critically, security. Security-Oriented Analysis of Application Programs (SOAAP) is an in-progress research project into new semi-automated techniques to support compartmentalisation. SOAAP employs a variety of static and dynamic approaches, driven by source code annotations termed compartmentalisation hypotheses, to help programmers evaluate strategies for compartmentalising existing software.

Authors. Khilan Gudka, Robert M Watson, Steven Hand, Ben Laurie and Anil Madhavapeddy

See Also. This publication was part of my Unikernels and Information Flow for Trusted Execution projects.

News Updates

Feb 2020. «» Delivered the distinguished seminar series at St Andrews on rebuilding Operating Systems with functional principles / «» Part 2 / «» Part 3.
Oct 2016. «» DockerCon talk on unikernels and MirageOS.
Jun 2016. «» Interviewed by The New Stack at OSCON in Austin, Texas / «» Updated the MirageOS community about the 2016 hack retreat.
May 2016. «» Announced HyperKit, VPNKit and DataKit for the Docker ecosystem.
Jan 2016. «» Announced that Unikernel Systems is now part of Docker.
Sep 2015. «» Invited talk at NetPL on Immutable Distributed Infrastructure with Unikernels.
May 2015. «» Talk at Esper on functional programming with unikernels.
Apr 2015. «» Updated the OCaml community on annual OCaml Labs activities for 2014.
Jan 2015. «» Gave BOB 2015 keynote on functional Operating Systems.
Nov 2014. «» New Directions in Operating Systems talk on Jitsu.
Oct 2014. «» At the Xen Summit speaking about branch consistency for Xen Stub Domains.
Sep 2014. «» Gave Haskell Symposium 2014 Keynote on functional OS design.
Jul 2014. «» Announced the release of MirageOS 1.2, and a roadmap towards MirageOS 2.0 / «» Announced the long-awaited release of MirageOS 2.0 / «» Appeared on FLOSS Weekly 302 about Open Mirage.
May 2014. «» Appeared on SE Radio Episode 204 about Mirage and OCaml.
Jan 2014. «» Note on the discussions around my recent CACM article on unikernels.
Nov 2013. «» MirageOS and XAPI project update at XenSummit / «» Note on integrating Docker and opam more effectively.
Jul 2013. «» Mirage Developer Preview 1 screencast.
Oct 2012. «» Discussing how we disaggregated MirageOS into opam packages.
Sep 2012. «» Paper on control flow analysis to break up applications into compartments / «» Note on how to build XenStore stub domains using MirageOS.
Feb 2012. «» Note on using ARM Dreamplugs with OCaml published.
Oct 2011. «» At the OCaml Meeting 2011 speaking about MirageOS.
Sep 2011. «» Liveblog on the talks at CUFP 2011.
Jun 2011. «» Note discussing an OCaml interface to our new CIEL dataflow engine / «» Published a note on delimited continuations vs Lwt in OCaml for MirageOS.
Oct 2010. «» Announced that the MirageOS website now self-hosted on MirageOS! / «» At LinkedIn giving tech talk about Mirage.
Jun 2010. «» At HotCloud for the first talk about MirageOS.