I am for some reason reminded of this https://xkcd.com/2030/ at least that was my initial reaction
Announcement
Collapse
No announcement yet.
Nebulet: A Rust Microkernel Running WebAssembly In Ring 0
Collapse
X
-
Originally posted by VanCoding View PostCan someone explain to me why this is only possible with WebAssembly? If I understand it correctly, the WebAssembly language itself does not support reading or writing to memory locations that are not assigned to the application. If that's true, then programs would not have to be checked, because they are safe by design. But the GitHub repo says the WebAssembly code is still verified. Why?
Originally posted by VanCoding View PostAnd:
- is WebAssembly seriously the first language to provide this safety?
- does this mean that on a computer running this kernel, the only native program will be the kernel itself, and the rest has to be written in WebAssembly, or interpreted by a program written in WebAssembly?
I believe that’s what Android RunTime does (apks are compiled from Dalvik byte code to native ARM or x64 during installation).
- Likes 1
Comment
-
silmeth thanks If that's true, then this is absolutely brilliant and a much bigger thing than one would expcect. I mean this could completely revolutionize how kernels are written. I'm just surprised that it's 2018 and noone had the idea to create a specific programming language that is safe to run in ring 0 alongside the kernel and making any hardware memory protection systems obsolete :/ I hope this gets the attention it deserves!
- Likes 1
Comment
-
This is very similar to Singularity, the research project from Microsoft to write a kernel that runs managed code in kernel space and avoids context switches.
Essentially the isolation between processes is done by software, not hardware. When code is loaded, it is JIT compiled. The JIT and verifier guarantee that the process wont touch memory it is not allowed to.
- Likes 1
Comment
-
Oh I see it even mentions the compiler used in the README:
The Cranelift compiler is used to compile WebAssembly to native machine code. Once compiled, there are no complex interactions between the application and the runtime (unlike jit compilers, like v8) to reduce surface area for vulnerabilities.
- Likes 2
Comment
-
Originally posted by VanCoding View PostI'm just surprised that it's 2018 and noone had the idea to create a specific programming language that is safe to run in ring 0 alongside the kernel and making any hardware memory protection systems obsolete :/ I hope this gets the attention it deserves!
1. you need a complex virtual machine ( a lot of code that runs in ring 0 and creates a big attack surface )
2. performance are subpar in respect to hardware switching in normal ( and even micro ) kernels
The best paper on the subject has been written by the developers behind OKL4, who have tested Singularity and their OS.
- Likes 3
Comment
-
pabloski
Also , an alternative to software based memory protection ( which negates the need for rings but incurs in a runtime cost ) and basic software type checking ( https://webassembly.org/docs/security/ ) ; Is proof carrying conde . An structure attached to an untrusted program that is used to verify that it wont fail or commit illegal behavior , that is type safe in a broader sense that includes memory safety . This Is becoming practical because of the rise in popularity of borrow checker and functional based languages which are particularly easy to subject to theorem provers and are safe by default in that aforementioned wayLast edited by GunpowaderGuy; 29 August 2018, 03:12 PM.
- Likes 1
Comment
Comment