"Cette présentation a pour but de présenter MirageOS et ses applications à l'écriture d'applications IoT sécurées. En particulier, MirageOS permet de développer des applications d'infrastructure réseau --- firewalls, proxy VPN, serveurs d'emails, etc. --- qui peuvent être déployées sur des processeurs embarqués de type ARMv8, ESP32 ou RISC-V. Nous expliquerons comment nous nous appuierons sur cette couche d'infrastructure entièrement open-source pour développer OSMOSE, une plateforme sécurisée et décentralisée permettant de construire des application IoT centrées sur l'utilisateur et le respect de sa vie privée. "

1. MirageOS
Secure-by-design infrastructure for IoT applications
Thomas GAZAGNAIRE
Paris - 10/12/2019
thomas@tarides.com
@eriangazag

2. Who we are

3. Programming
languages
2018
Operating
Systems
Story
Public cloud
creation
Private cloud:
+1M nodes
Docker Desktop:
+1M daily users
MirageOS 200+
contributors
ITMarket
2005 2010 2015
Unikernel
Systems

4. Team
Engineering and product
team with a background in
formal verification,
security and systems
Education: ENS,
Polytechnique, ENSIMAG,
EPITECH, University of
Cambridge, 42
Industrial/startup
experience: Facebook,
Docker, Citrix, Cryptosense,
Systerel, Airbus, OCamlPro
Etienne Millon
Principal Software
Engineer
Clément Pascutto
Software Engineer
Guillaume Petiot
Software Engineer
Nathan Rebours
Software Engineer
Jules Aguillon
Software Engineer
Romain Calascibetta
Software Engineer
Craig Ferguson
Software Engineer
Céline Laplassotte
Operations &
Partnerships Manager
Charles-Edouard
Lecat
Software Engineer
Magnus Skjegstad
Principal Software
Engineer
Carine Morel
Software Engineer
Ioana Cristescu
Software Engineer
Gabriel de
Perthuis
Software Engineer
Quentin Hocquet
Principal Software
Engineer
Enguerrand Decorne
Software Engineer
Frédéric Bour
Principal Software
Engineer
Gargi Sharma
Software Engineer
Sabine Schmaltz
Software Engineer
Thomas Gazagnaire
CEO/CTO (France)
Anil Madhavapeddy
Advisor (UK)
KC Sivaramakrishnan
Advisor (India)
Gemma Gordon
Advisor (UK)

5. 3mainhubs
Solu7ons
Network and storage appliances
Secure communication services
OSMOSE: A user-centric infrastructure for secure-by-design IoT apps
Support & Development
Research & Innovation
Development services
Support and maintenance of open-source components
Training
Animation of an open-source ecosystem
Academic, scientific and industrial partnerships
Participation to collaborative projects
robur

6. What are the issues with
IoT security?

7. Fundamental flaws with the current
architecture based on the Cloud
• Low performance (latency & bandwidth)
• Security issues
• Data privacy & transparency issues
• Lack of interoperabilityOptimised for code flexibility
to improve time to market and
market fit and not security!
IoT: Reality check
Cloud

8. • Application code is a small % of the runtime
environment
• Runtime is historically split into abstraction
layers with different communities
• In deployment environments, developers do not
control that stack (vs. operators)
Complexity of today’s software
stack makes full analysis impossible
Firmware
Hypervisor
Kernel
Language Runtime
Shared Libraries
Configuration files
Application
Secure IoT: Reality check

9. Our solutions

10. We want to fix root causes and ensure they
will never happen again
Extend the feedback loop to fix the tools instead
of the code
Use static analysis to eliminate full class of
bugs automatically

11. Microsoft: 70 percent of all security bugs
are memory safety issues
(Source: Microsoft Security Response Center, July 2019)

12. MirageOS
Unikernels reduce
runtime complexity,
resulting in an increase
in security, convenience
and efficiency
• MIT/BSD license
• Single-purpose appliances compiled from a high-level
language directly into virtual machine images (unikernel)
• Unikernels eliminate much of the runtime overhead of a
legacy software stack via build-time assembly
• Cold boot and serve traffic in ~10ms
• Full image size <1 MB for typical web server
• Modern programming technology = secure software
Firmware
Hypervisor
Kernel
Language Runtime
Shared Libraries
Configuration files
Application
MirageOS
compiler
Sandbox
Application
OCaml Runtime

13. What makes us unique
• No segmentation faults!
• Static type checking - no runtime errors
• Immutable variables
• No unbounded array access (dynamic checks)
• Include all protocol logic and device driver libraries
• AFL fuzzing - DHCP
• Backends: Xen, KVM, ESP32, RISC-V
Modern programming language (OCaml)
Clean slate approach
Eliminate entire class of bugs and vulnerabilities

14. “The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and
earlier and KVM, allows local guest users to cause a denial of service (out-
of-bounds write and guest crash) or possibly execute arbitrary code).”
Example: CVE-2015-3456 aka. VENOM

15. Use Cases

16. Bitcoin Piñata
Use-case
Holds 10 Bitcoins and designed to help the attacker
Features
• An HTTPS unikernel with a fully memory safe SSL/TLS stack
• All the supporting libraries from HTTP, DNS,TCP
• Genetic diversity in critical services (no Linux, no OpenSSL)
Results
• Many attacks for 3 years
• Some found software bugs but all resulted in clean exceptions
• No data loss: bitcoins were safe

17. Qubes OS firewall
Use-case
A desktop operating system made up of multiple virtual
machines, running under Xen
Features
• Replacing the default Linux VM Firewall by a MirageOS unikernel
• A firewall unikernel with a fully memory safe TCP/IP stack
• Choice between static or a memory safe DSL for configuring routes
Results
• Uses less than 1/10 of the memory
• Boots several times faster
• Much easier to audit or extend

18. Docker for Desktop
Use-case
Running Linux Containers on MacOS and Windows
Features
• A fully memory safe user-space network stack embedded in a
desktop application (not a unikernel)
• A fully memory safe FUSE driver performing binary emulation
• POSIX translations (Linux vs. MacOS and Linux vs. Windows)
Results
• Rewrites the network traffic of Linux containers
• Shares Apple Filesystem volumes with Linux containers
(including filesystem events)
• Tens of millions of active users

19. Our vision

20. OSMOSE: IoT
disconnected-by-default
Use-case
A secure (by-design), distributed, efficient and user-centric
platform for IoT applications
Features
• Move computation closer to the data
• Auditable and transparent distributed storage substrate
• User-centric, open-source, developer APIs and marketplace
Results
• Improves latency
• Removes the need to transfer and store raw data
• Increases user trust and system scalability
• Enables developers to create a rich ecosystem of IoT applications.

21. • Use and contribute to MirageOS
• Participate to the next MirageOS
hackathon in Marrakesh (03/2020)
• Challenge our use-cases
• Partner with us on a collaborative
project
What can
we build
next
together?

22. Merci
www.tarides.com
@tarides_