Play all

Intro

Imperial College London

Clouds: Isolation vs. Sharing

VMs: Strong, Heavyweight Isolation

Containers: Weak, Lightweight Isolation

VMs & Containers: The MMU Tax

CHERI Capabilities

Challenges for Cloud Stacks with Hardware Capabilities

CVM: Intra-Process VM-like Abstraction

Isolation/Sharing for Legacy Cloud Apps?

Support for Native Software

Small-TCB OS Functionality

IPC Interfaces Using Capabilities

CAP-VM Prototype

Comparing with IPC Mechanisms

Description:

Explore a 14-minute conference talk from OSDI '22 that introduces CAP-VMs, a novel approach to capability-based isolation and sharing in cloud environments. Delve into the challenges of balancing application component isolation with efficient data sharing on physical hosts. Learn how forthcoming CPUs with hardware support for memory capabilities offer new opportunities for fine-grained isolation and sharing. Discover the concept of cVMs, a VM-like abstraction that utilizes memory capabilities to isolate components while supporting efficient data exchange. Examine the two capability-based primitives for cross-cVM communication and their implementation using CHERI RISC-V capabilities. Gain insights into how this approach can improve cloud stack security and performance, demonstrated through prototype implementations with Redis and Python services.

CAP-VMs - Capability-Based Isolation and Sharing in the Cloud

USENIX

Add to list

#Conference Talks #OSDI (Operating Systems Design and Implementation) #Programming #Cloud Computing #Computer Science #DevOps #Containers #Cloud Security #Information Technology #Virtualization #Virtual Machines #Operating Systems #Inter Process Communication (IPC)

0:00 / 0:00