Re: [okl4-developer] Developer Digest, Vol 72, Issue 4
10 views
Skip to first unread message
Srujan Kotikela
Sep 25, 2013, 11:19:25 PM9/25/13
to deve...@okl4.org
Hi Anshul,
Bothe Xen and OKL4 are hypervisors (Virtual Machine Monitors). OKL4 is marketed as Microvisor (Microkernel + Hypervisor) due to its legacy in L4 microkernels. Hence in the context of virtualization, they both have same functionality. Hypervisors by design do not have the knowledge or control over individual apps in a virtual machine (read OS). In fact each OS can be said as a process running on top of the hypervisor. If you want to build Bromium kind of solution, you will have to modify Android so that it can communicate the process/app details to the underlying hypervisor. Alternatively you can use Quebes OS (http://qubes-os.org/trac/wiki/QubesArchitecture) approach.
~ SDK
Hi Daniel,
Ok. So you mean you are able turn Android and isolated apps using OKL4 microkernel right ? Was there a need to modify Android ?
Yeah, definitely supporting environment for app would be required ::A OS would be required by applications to run.. So yes, we would need to route the calls to the OS.. For eg. , we have an Andoid OS running on mobile, and one app like email , then whenever app will require services from the OS , the calls will be routed to the OS.
Our main objective is to implement isolation on apps with single host OS i.e each running app is executed in its own VM (Just like Bromium has done for PCs Intel architecture)... for eg if user opens a browser or an email app, then a small VM is created just for that pariticular app. Currently we are not concentrating on hosting multiple OSes.
So currently confused whether to use Microkernel based apprach ie. OKL4 or hypervisor based approach i.e Xen.
Xen , in present form doesn't provide isolation for applicationa. Xen requires each VM to have its own guest and then guest can have its own individual set of applications. So , if we go for xen based approach then lot of work will be required to implement a small vm for each user process.
I think now you have better understanding of what we are trying to make. So , please can you suggest whether OKL4 can fit into the picture.
Please suggest.
Anshul Makkar
www.justkernel.com
http://www.linkedin.com/groups/Just-Kernel-3033180
On Wed Sep 25 2013 00:36:57 GMT+0530 (India Standard Time), Daniel Potts <dan...@ok-labs.com> wrote:
> Hi Anshul,
>
>
>
>
> Yes - we do this today to run one or more Android or other apps isolated (in their own Virtual Machine), but they're are some important nuances. Firstly, you still need a supporting environment for the app, even if just to route traps to the main OS. More likely there would be a cut-down and isolated Android OS just to host the app, and that would need a host of virtual drivers and other support infrastructure.
>
>
>
>
> On true, flexible, type-1 hypervisors, what runs above should be able to be anything from a full OS, through to something more cutdown - creating a componentized system. Your challenge is building in top of this how your components interact and what they offer., and what role they play.
>
>
>
>
> For example in Xen you reference dom0 which is really just one VM that offers out hosting of native devices (drivers) to other VMs. Even in Xen, you aren't really constrained this way - multiple VMs could fulfill the "dom0" role in collaboration.
>
>
>
>
> You should also take a look at container technology such as samsung's Knox or Fixmo containers if you haven't already (google android containers). While they do not provide sufficient security, they are probably closer to what you are after unless you truly want the isolation that only a type-1 hypervisor offers.
>
>
> On 24 Sep 2013, at 10:52 am, "anshul_makkar" <<anshul...@justkernel.com>> wrote:
>
>
>
> > Hi Daniel,
> >
> > Thanks for the reply.
> >
> > Basically, I want to implement security by isolation on mobile where each application will be executed in it's own micro visor and there will be single os like Android on the system. So please can you let me know if this possible using okl4.
> >
> > Xen has that architecture where os resides in domain 0.
> >
> >
> >
> >
> > Please suggest if we can achieve the above results with okl4. ? And I hope it's under gpl license.
> >
> >
> >
> >
> > Thanks
> >
> > Anshul makkar
> >
> > Www. <http://Justkernel.com>
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Sent from Samsung Mobile
> >
> >
> >
> > -------- Original message --------
> > From: Daniel Potts <<dan...@ok-labs.com>>
> > Date:
> > To: Tim Newsham <<tim.n...@gmail.com>>
> > Cc: "<<anshul...@justkernel.com>>" <<anshul...@justkernel.com>>,developer <<deve...@okl4.org>>
> > Subject: Re: [okl4-developer] OKL4 + security by isolation
> >
> >
> > Hi Ansjul, Tim,
> >
> > There are several mature L4-based systems out there, and L4 is ideal for implementing systems requiring components with separation and isolation. They do not require a full guest OS, and in fact, for security applications you should be aiming for minimality anyway.
> >
> > As to which L4-based system? Well, I think it really depends on what you are trying to do, including what applications or OSes you wish to host.
> >
> > OKL4 is certainly suitable and most of our programs are focused on security/safety/reliability use-cases. Xen-based systems that are properly architected are also a good candidate.
> >
> >
> > On 24/09/2013, at 3:27 PM, Tim Newsham <<tim.n...@gmail.com>> wrote:
> >
> > > check out <http://genode.org> . They've got an L4-based system that has isolated
> > > components similar to qubes. they've got a live cd demo you can boot
> > > to play around with...
> > >
> > > On Mon, Sep 23, 2013 at 4:07 PM, anshul makkar
> > > <<anshul...@justkernel.com>> wrote:
> > >> Hi,
> > >>
> > >> Just confused whether to reuse OKL4 or QUBES to implement security by
> > >> isolation on mobile platform.
> > >>
> > >> Based on the knowledge that I have , it seems that each of the trusted
> > >> domains/ compartments that I can create using OKL4 need to have a guest OS.
> > >> Isn't it possible to have just applications executing in their own trusted
> > >> compartments ? A concept similar to QUBES, where applications/ user
> > >> processes can executed in their own trusted domain.
> > >>
> > >> Anshul Makkar
> > >> <http://www.justkernel.com>
> > >> <http://www.linkedin.com/groups/Just-Kernel-3033180>
> > >>
> > >> _______________________________________________
> > >> Developer mailing list
> > >> <Deve...@okl4.org>
> > >> <https://lists.okl4.org/mailman/listinfo/developer>
> > >>
> > >
> > >
> > >
> > > --
> > > Tim Newsham | <http://www.thenewsh.com/~newsham> | @newshtwit | <http://thenewsh.blogspot.com>
> > >
> > > _______________________________________________
> > > Developer mailing list
> > > <Deve...@okl4.org>
> > > <https://lists.okl4.org/mailman/listinfo/developer>
> >
> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.okl4.org/pipermail/developer/attachments/20130925/68d2088b/attachment.html
------------------------------
Message: 2
Date: Wed, 25 Sep 2013 05:58:11 -1000
From: Tim Newsham <tim.n...@gmail.com>
Subject: Re: [okl4-developer] OKL4 + security by isolation
To: anshul...@justkernel.com
Cc: "deve...@okl4.org" <deve...@okl4.org>
Message-ID:
<CAGSRWbhnKkbO_nMmK=ud-2BKL=LnTkAOa9uqxU...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Android will not quite be android if you completely isolate
each app from each other. A large bit of the android experience
is one activity using IPC to invoke other activities and to pass
data back and forth across activities.
On Tue, Sep 24, 2013 at 9:30 PM, anshul makkar
<anshul...@justkernel.com> wrote:
> Hi Daniel,
>
> Ok. So you mean you are able turn Android and isolated apps using OKL4
> microkernel right ? Was there a need to modify Android ?
>
> Yeah, definitely supporting environment for app would be required ::A OS
> would be required by applications to run.. So yes, we would need to route
> the calls to the OS.. For eg. , we have an Andoid OS running on mobile, and
> one app like email , then whenever app will require services from the OS ,
> the calls will be routed to the OS.
>
> Our main objective is to implement isolation on apps with single host OS i.e
> each running app is executed in its own VM (Just like Bromium has done for
> PCs Intel architecture)... for eg if user opens a browser or an email app,
> then a small VM is created just for that pariticular app. Currently we are
> not concentrating on hosting multiple OSes.
>
> So currently confused whether to use Microkernel based apprach ie. OKL4 or
> hypervisor based approach i.e Xen.
> Xen , in present form doesn't provide isolation for applicationa. Xen
> requires each VM to have its own guest and then guest can have its own
> individual set of applications. So , if we go for xen based approach then
> lot of work will be required to implement a small vm for each user process.
>
> I think now you have better understanding of what we are trying to make. So
> , please can you suggest whether OKL4 can fit into the picture.
>
> Please suggest.
>
> Anshul Makkar
> www.justkernel.com
> http://www.linkedin.com/groups/Just-Kernel-3033180
>
> On Wed Sep 25 2013 00:36:57 GMT+0530 (India Standard Time), Daniel Potts
> <dan...@ok-labs.com> wrote:
>
> Hi Anshul,
>
> Yes - we do this today to run one or more Android or other apps isolated (in
> their own Virtual Machine), but they're are some important nuances. Firstly,
> you still need a supporting environment for the app, even if just to route
> traps to the main OS. More likely there would be a cut-down and isolated
> Android OS just to host the app, and that would need a host of virtual
> drivers and other support infrastructure.
>
> On true, flexible, type-1 hypervisors, what runs above should be able to be
> anything from a full OS, through to something more cutdown - creating a
> componentized system. Your challenge is building in top of this how your
> components interact and what they offer., and what role they play.
>
> For example in Xen you reference dom0 which is really just one VM that
> offers out hosting of native devices (drivers) to other VMs. Even in Xen,
> you aren't really constrained this way - multiple VMs could fulfill the
> "dom0" role in collaboration.
>
> You should also take a look at container technology such as samsung's Knox
> or Fixmo containers if you haven't already (google android containers).
> While they do not provide sufficient security, they are probably closer to
> what you are after unless you truly want the isolation that only a type-1
> hypervisor offers.
>
> On 24 Sep 2013, at 10:52 am, "anshul_makkar" <anshul...@justkernel.com>
> wrote:
>
> Hi Daniel,
> Thanks for the reply.
> Basically, I want to implement security by isolation on mobile where each
> application will be executed in it's own micro visor and there will be
> single os like Android on the system. So please can you let me know if this
> possible using okl4.
> Xen has that architecture where os resides in domain 0.
>
> Please suggest if we can achieve the above results with okl4. ? And I hope
> it's under gpl license.
>
> Thanks
> Anshul makkar
> Www. Justkernel.com
>
>
>
>
> Sent from Samsung Mobile
>
>
>
> -------- Original message --------
> From: Daniel Potts <dan...@ok-labs.com>
> Date:
> To: Tim Newsham <tim.n...@gmail.com>
> Cc: "<anshul...@justkernel.com>"
> <anshul...@justkernel.com>,developer <deve...@okl4.org>
> Subject: Re: [okl4-developer] OKL4 + security by isolation
>
>
> Hi Ansjul, Tim,
>
> There are several mature L4-based systems out there, and L4 is ideal for
> implementing systems requiring components with separation and isolation.
> They do not require a full guest OS, and in fact, for security applications
> you should be aiming for minimality anyway.
>
> As to which L4-based system? Well, I think it really depends on what you
> are trying to do, including what applications or OSes you wish to host.
>
> OKL4 is certainly suitable and most of our programs are focused on
> security/safety/reliability use-cases. Xen-based systems that are properly
> architected are also a good candidate.
>
>
> On 24/09/2013, at 3:27 PM, Tim Newsham <tim.n...@gmail.com> wrote:
>
>> check out genode.org . They've got an L4-based system that has isolated
>> components similar to qubes. they've got a live cd demo you can boot
>> to play around with...
>>
>> On Mon, Sep 23, 2013 at 4:07 PM, anshul makkar
>> <anshul...@justkernel.com> wrote:
>>> Hi,
>>>
>>> Just confused whether to reuse OKL4 or QUBES to implement security by
>>> isolation on mobile platform.
>>>
>>> Based on the knowledge that I have , it seems that each of the trusted
>>> domains/ compartments that I can create using OKL4 need to have a guest
>>> OS.
>>> Isn't it possible to have just applications executing in their own
>>> trusted
>>> compartments ? A concept similar to QUBES, where applications/ user
>>> processes can executed in their own trusted domain.
>>>
>>> Anshul Makkar
>>> www.justkernel.com
>>> http://www.linkedin.com/groups/Just-Kernel-3033180
>>>
>>> _______________________________________________
>>> Developer mailing list
>>> Deve...@okl4.org
>>> https://lists.okl4.org/mailman/listinfo/developer
>>>
>>
>>
>>
>> --
>> Tim Newsham | www.thenewsh.com/~newsham | @newshtwit |
>> thenewsh.blogspot.com
>>
>> _______________________________________________
>> Developer mailing list
>> Deve...@okl4.org
>> https://lists.okl4.org/mailman/listinfo/developer
>
>
> _______________________________________________
> Developer mailing list
> Deve...@okl4.org
> https://lists.okl4.org/mailman/listinfo/developer
>
--
Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com
------------------------------
_______________________________________________
Developer mailing list
Deve...@okl4.org
https://lists.okl4.org/mailman/listinfo/developer
End of Developer Digest, Vol 72, Issue 4
****************************************
Reply all
Reply to author
Forward
0 new messages