Enabling seL4 Containers to Support Legacy Applications

Hui LuAssistant Professor, SUNY Binghamton

1

A Secure Embedded Cloud Infrastructure?

2

Traditional nodesServices of a cloud application

seL4 nodes

A Pragmatic Challenge from Microkernel

• It is tough to implement applications• from scratch with

• a new (component-based) programming model (e.g., CAmkES)

• caring more platform/hardware details (e.g., memory management, file system, network drivers, IPC, etc.)

• In practice, few opportunities for engineering a system from scratch for security

Application

logic

File

server

Network

stack

Microkernel

Memory

ManagementRetrofit seL4 microkernel

for legacy applications?

3

State of the Art – VM Virtualization

VFS, System calls

IPC, File systems

Scheduler, Virtual

memory

Device drivers

Applications

seL4 Microkernel

Virtual Machine Monitor

Virtual Machine

• Performance overhead

• Security concerns

4

A Light-Weight Alternative?

VFS, System calls

IPC, File systems

Scheduler, Virtual

memory

Device drivers

Applications

seL4 Microkernel

Virtual Machine Monitor

Virtual Machine

• A tailored kernel with only required drivers and the basic support routines for these drivers to function

5

A Light-Weight Alternative?

System

calls

Memory

Allocation

TCP/IP

Applications

seL4 Microkernel

Virtual Machine Monitor

Virtual Machine

• A tailored kernel with only required drivers and the basic support routines for these drivers to function

• A minimal “kernel”

• No user/kernel space separation neededPCI/NIC driver

6

A Light-Weight Alternative?

Procedure

calls

Memory

Allocation

TCP/IP

Applications

seL4 Microkernel

Virtual Machine Monitor

Virtual Machine

• A tailored kernel with only required drivers and the basic support routines for these drivers to function

• A minimal “kernel”

• No user/kernel space separation needed

• Fast access to kernel from user applications

PCI/NIC driver

7

A Light-Weight Alternative?

Procedure

calls

Memory

Allocation

TCP/IP

Applications

seL4 Microkernel

Virtual Machine Monitor

Virtual Machine

• A tailored kernel with only required drivers and the basic support routines for these drivers to function

• A minimal “kernel”

• No user/kernel space separation needed

• Fast access to kernel from user applications

• A thin, platform-specific software layer to access underlying resources

PCI/NIC driver

8

A Light-Weight Alternative?

Procedure

calls

Memory

Allocation

TCP/IP

Applications

seL4 Microkernel

Virtual Machine

• A tailored kernel with only required drivers and the basic support routines for these drivers to function

• A minimal “kernel”

• No user/kernel space separation needed

• Fast access to kernel from user applications

• A thin, platform-specific software layer to access underlying resources

PCI/NIC driver

Hypervisor

Unikernel

9

seL4 Container

Bins/Libs

Applications

Host OS

Docker Container

• Run legacy applications as native seL4 threads in a self-contained environment, including

• application code

• dependencies (libraries)

• required system services (e.g., file systems and network devices)

• and hypervisor

10

Docker

Customized, tailored

kernel

Applications

seL4 Microkernel

seL4 Container

Hypervisor

Bins/Libs

A Rumprun Unikernel Implementation

Customized, tailored

kernel

Applications

Source code Rumprun compiler Intermediate Binary

base

disk

net

usb

ext4

…

Kernel Components Baking

!

Bootable

unikernalimage

netbase

Hypervisor

How to build a seL4 container image?

11

Hypervisor

Hypervisorhttps://github.com/SEL4PROJ/rumprun-sel4-demoapps

A Rumprun Unikernel Implementation

seL4 Microkernel

Root

taskA seL4 container

seL4 Root task:

• Prepares the runningproperties for a seL4 container instance:

• Capability space

• Address space

• I/O space

• Interrupts

• Launches the seL4 container instance with the container image

How to launch a seL4 container?

seL4

Kernel

seL4

User

12

Performance Evaluation

13

0

5000

10000

15000

20000

25000

30000

Re

qu

ests

per

se

con

d

on Linux on seL4

• A rough idea about performance of seL4 container

Redis key-value database

(Memory intensive)

0

10000000

20000000

30000000

40000000

50000000

60000000

70000000

Sysbench CPU

Co

mp

letion

Tim

e (

Mic

roseco

nd

s)

on Linux on seL4

Sysbench (CPU intensive)

Supporting Multiple seL4 Containers

seL4 Microkernel

Root

task

seL4

Container1

seL4

Kernel

seL4

User

seL4

Container2seL4

Native

Root

shell

14

Limitations

• Need non-trivial effort to port a legacy application

• A “single-core” solution

• Non-preemptive scheduling

• Hardware resources are not shared

• …

15

Future Work: An Enhanced Design

User Space

A seL4 container running as a group of

customized, composable seL4 threads

seL4 Kernel seL4 IPC

(With explicit authority, hence higher assurance)

Legacy

Application 1

Legacy File

system, SCSI

diver

Legacy

TCP/IP,

Net driver

seL4 Microkernel

16

seL4

Native

Wireless

Conclusions

• “Small” kernel space -> “Big” user space

• More design exploration in the user space is needed

• seL4 containers could serve as one option to support legacy applications in a light-weight manner

• We do not need extra support from seL4 kernel

• We do need the source code of legacy applications

17

Thanks

• Lok Yan for advising throughout the project

• Daniel Limbrick for insightful discussions

• https://github.com/SEL4PROJ/rumprun-sel4-demoapps

• Air Force Research Lab and Griffis Institute

18