DeepAI AI Chat
Log In Sign Up

CAP-VMs: Capability-Based Isolation and Sharing for Microservices

by   Vasily A. Sartakov, et al.

Cloud stacks must isolate application components, while permitting efficient data sharing between components deployed on the same physical host. Traditionally, the MMU enforces isolation and permits sharing at page granularity. MMU approaches, however, lead to cloud stacks with large TCBs in kernel space, and page granularity requires inefficient OS interfaces for data sharing. Forthcoming CPUs with hardware support for memory capabilities offer new opportunities to implement isolation and sharing at a finer granularity. We describe cVMs, a new VM-like abstraction that uses memory capabilities to isolate application components while supporting efficient data sharing, all without mandating application code to be capability-aware. cVMs share a single virtual address space safely, each having only capabilities to access its own memory. A cVM may include a library OS, thus minimizing its dependency on the cloud environment. cVMs efficiently exchange data through two capability-based primitives assisted by a small trusted monitor: (i) an asynchronous read-write interface to buffers shared between cVMs; and (ii) a call interface to transfer control between cVMs. Using these two primitives, we build more expressive mechanisms for efficient cross-cVM communication. Our prototype implementation using CHERI RISC-V capabilities shows that cVMs isolate services (Redis and Python) with low overhead while improving data sharing.


Capstone: A Capability-based Foundation for Trustless Secure Memory Access (Extended Version)

Capability-based memory isolation is a promising new architectural primi...

Elasticizing Linux via Joint Disaggregation of Memory and Computation

In this paper, we propose a set of operating system primitives which pro...

Faasm: Lightweight Isolation for Efficient Stateful Serverless Computing

Serverless computing is an excellent fit for big data processing because...

The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization

Commodity applications contain more and more combinations of interacting...

Uninitialized Capabilities

This technical report describes a new extension to capability machines. ...

Quest-V: A Virtualized Multikernel for High-Confidence Systems

This paper outlines the design of `Quest-V', which is implemented as a c...