Secure, Fast, and Cheap Execution with ZeroVM
•
1 gefällt mir•1,153 views
1. The document discusses ZeroVM, an open source secure execution environment for running untrusted user code fast and at scale. 2. ZeroVM uses techniques like statically compiled binaries and Linux namespaces to run isolated processes securely without unnecessary syscalls or ability to coordinate. 3. ZeroVM images are only 75kb in size and can spin up processes in 5-35ms, making it optimized for massively scalable and secure execution across infrastructure.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Mehr von Carina C. Zona
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Secure, Fast, and Cheap Execution with ZeroVM
- 1. 1. Fast, 2. Secure, or 3. Cheap Pick Three Carina C. Zona Converged Compute
- 4. SECURE, FAST, OR CHEAP?
- 5. Fast & safe execution of untrusted user code open source sponsored by Rackspace
- 8. NaCL
- 10. Processes can't jump, communicate, or coordinate.
- 11. ZeroVM
- 13. Channels
- 14. Lightweight
- 15. VMs Fat • Shared resources • Slow spin-up • Resource hog • Resource bloat
- 16. Containers Leaner. • However... • Shares even more resources than VMs -> increasing contamination risk • Excessive resources
- 17. ZeroVM : Egg Crates :: Container : Shipping Crates
- 18. Optimized for safe multi-tenancy
- 19. 75kb 5-35ms
- 21. Secure Scalable Execution NaCl + zrt = ZeroVM secure, fast, and cheap
- 22. Execute within the datastore
- 24. Converged Compute (securely & scalably) ZeroVM + Swift = ZeroCloud secure, fast, and cheap
- 25. Write Python apps as if they're stored procedures that can MapReduce
- 26. ZeroCloud Use Cases 1. compute on cold files 2. text analysis 3. image & video manipulation 4. auditing 5. embedded
- 27. environment • NaCL • run isolated processes, securely • execution environment • scale execution • Linux namespacing (similar to LXC) • run isolated apps, conveniently • infrastructure manager • scale deployment primary context • production • isolation for restricting things' access to kernel • deployment • isolation for layering things on kernel strengths • determinism (executables run the same every time) • isolation from kernel • disposable processes • fine-grained metering • embeddable • parallelization • portability (server templates run the same anywhere) • ease of use • ecosystem • abundance of templates & plugins • institutional adoption (Rackspace, New Relic, Google)
- 29. Constraints • X86 64 • cross-compile • C & Python* • Deterministic • Single threaded • MapReduce: 1,000 instances**
- 30. building blocks
- 31. zerovm.org docs.zerovm.org github.com/zerovm …STARTING IN A FEW MINUTES… ZeroVM Hands-On Workshop Lars Butler, Egle Sigler, & Cody Bunch
- 32. Image Credits photos via Flickr under license of Creative Commons Commercial Use "Infinite Box" by rumo_der_wolperdinger "Pink Balloon" by Alan "Carroll House Shipping Container Home" by Inhabit Blog "10,000 Shipping Containers Lost At Sea EachYear" by PaulTownsend "A-salt-ed!" by JD Hancock "Eggs" by Pietro Izzo "debug version 2" by Franz & P "shake your tail feather" by emdot "MonsterTrucks Live - 29th September 2013" by John5199 "Secure Cloud Computing" by FutUndBeidl "Door knob with lockbox" by REO "Engine Arm Aqueduct - BCN Old Main Line - Wolverhampton Level" by Elliott Brown "One Set of Building Blocks" by Hans and Carolyn "The pointed arches of al-As" by Asim Bharwani "Kacao77 & Persue SeventhLetter Exchange LosAngeles Graffiti Art" by A Sin "128/365 Chilling on theTrampoline" by LeahTautkute untitled [Tel N°] by Al King "NOW!That's What I Call Music." by kozumel
- 33. Image Credits from additional sources "Ketchup" designed byTom Glass, Jr. from the thenounproject.com Chromium logo by Logonoid Manta logo by Joyent "The dark side in a whole new light: Evil Star Wars Stormtrooper photographed in tender scenes with young son" by Kristina Alexanderson, in the Daily Mail
- 34. Resource Credits • "Zerovm background" by Prosunjit Biswas http://www.slideshare.net/ prosunjit/zerovm-background • "Docker & Containerization: "Milliseconds Matter" by Ben Golub http://cloudcomputing.sys-con.com/ node/3073584 • ZeroVM documentation http://zerovm.org & http:// docs.zerovm.org/ • "Cluster-wide Java/Scala application deployments with Docker, Chef and Amazon OpsWorks" by Adam Warski http://www.warski.org/blog/2014/06/ cluster-wide-javascala-application- deployments-with-docker-chef-and- amazon-opsworks/
Hinweis der Redaktion
- Containers are driving down the overhead that has been necessary for traditional virtualization. But there have been serious tradeoffs made with their adoption. Containerization's resource sharing approach is exposing more of the host system. We're treating higher exposure as inevitable tradeoff for lower overhead. In multi-tenant environments, that's a heck of a gamble.
- ZeroVM is an open source project sponsored by Rackspace. It's easy to talk about ZeroVM & ZeroCloud as if they're interchangeable terms. They're not. ZeroCloud is converged compute built on capabilities provided by ZeroVM. So let's start with looking at that foundation: ZeroVM is simply a generic technology for [READ]: Validate code, sandbox application processes, parallelize.
- In a nutshell: [read] We'll be walking through each of these characteristics.
- Validate & isolate. Of processes (vs containers isolating apps, or hypervisors isolating OSs).
- Validate once, with security guarantees.
- NaCl also reduces the number of syscalls available. Then passes off to ZeroVM environment. Essentially ZeroVM is a trampoline. It locks down syscalls down to near-zero, then executes each processes in isolation. [Vocabulary sidenote on overloading of term]
- Over 100 syscalls in Linux, etc. ZeroVM stubs out nearly all. [READ list] When we talk about virtualization for the cloud, this is one of those attributes. Most of the kernel doesn't need to be exposed, and it's unwise to. e.g. ZeroVMs cannot access host networking.
- The runtime provides virtual in-memory file system.You can connect to resources on the host, or other ZeroVM instances, only via declared I/O channels. ZRT throws aways writes unless you declare a channel for them to persist to.
- ZeroVM virtualizes, but not in the ways that we conventionally think about.
- Rather than trying to force containers to poorly serve that need.
- 75 kilobytes 5-35 milliseconds So it's very embeddable. We'll revisit that topic later.
- Parallelizes application processes as individual ZeroVM instances.
- [READ equation], a baseline technology for [READ title]. I promised that this talk is about fast, secure, and cheap. ZeroVM provides security guarantees. While its light weight enables fast & cheap. Now let's look at how ZeroCloud contributes to these.
- Because it's lightweight: execute on the datastore Because it's secure: execute untrusted user code on datastore. MapReduce on large datasets becomes trivial.
- Swift is so scalable, great API, tremendous community supporting development. We wrote middleware that uses ZeroVM to turn Swift into converged compute platform. Benefits of converge: no compute cluster, no network, no latency.]
- So, ZeroCloud is that integration. Mapreduce in the object store. Great for untrusted user code in multi-tenant cloud. There's one more thing...
- ZeroCloud extends Swift's feature set. The middleware adds capabilities that are akin to stored procedures. Which you can write in Python.
- #1 (17GB / 5 hours / 3 minutes. In-memory decompression.) #2 project gutenberg, log search, machine learning #3 watermarking, vid screenshots, transcoding #4 compliance & regulatory (healthcare record privacy, financial auditors) #5 SSDs, IoT
- That said, running zerovm instances inside a Docker container is potentially a great option for bringing more security to the container.
- Isolation, speed, stored procedures, & determinism are the primary distinctions Hadoop: mapreduce & stored procedures are hard. Mongo: mapreduce is slow, race conditions, JS Manta: meters by second. proprietary. PaaS. (otoh, fewer constraints on what executables are possible)
- * Python 2.7.3 (core), Lua port, PHP port. ** Each instance can pass around a lot of file descriptors (1,000?) So for the most part, not legacy apps.
- NaCl, ZeroVM, Swift, middleware...they're all building blocks. ZeroCloud is just one combination. I promised "Fast, Secure, or Cheap: Pick Three". But you can pick 2 or 1. They're each incredibly versatile for building on. e.g. Adapt the middleware. Explore interesting ways to use ZeroVM (e.g. Raspberry pi? Parallelized queues?). Share use cases for converged compute in Swift.