MirageOS: Robust Operating System Reengineering from the Grounds Up

Speaker: Hannes Mehnert

I will introduce MirageOS, a library operating system written from scratch in a modular way. The motivation is manifold: cutting the complexity of contemporary operating system configuration and administration, easy compartmentalisation of different services, security and robustness by choosing the high-level modular functional programming language OCaml.

We implemented core Internet protocols (TCP/IP, DNS, TLS, HTTP, …) as the API to communicate with legacy operating systems (such as Unix). A library operating system consists of the programming language runtime and the actual application, all running in kernel mode. There is no longer a process or user abstraction, neither file systems — this means
configuration complexity is much easier and mostly dealt with at compile time. We can deploy MirageOS either as native Unix application (developing and debugging is easy there), standalone Xen guest, rump kernel, …

Instead of reusing decade old barely maintained huge codebases for critical systems, we rewrite them from scratch using modern principles: nqsb-TLS is a descriptive transport layer security implementation with at least an order of magnitude less code than OpenSSL/LibreSSL. Unlike fully formal TLS stacks (which are an order of magnitude slower), nqsb-TLS has a reasonable performance characteristic: 75%-85% of OpenSSL’s bulk throughput.

MirageOS is a research project at University of Cambridge, but applies eat your own dogfood mentality: https://mirage.io, https://nqsb.io, https://ownme.ipredator.se are using MirageOS.

Nymote is a project idea to let people take back control over their personal data, using MirageOS. More information at nymote.org