XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerrigan, Assured Information Security, Inc.

•

1 like•673 views

High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.

Software

Overview
• Introduction
• Motivation
• Evaluation
• Redfield and redctl
• Libxl Go (Golang) bindings
• Questions

Introduction
• Brendan Kerrigan – Principal Engineer at Assured Information
Security, Inc.
• Hypervisors
• Graphics virtualization
• Embedded
• Nicholas Rosbrook – Software Engineer at Assured Information
Security, Inc.
• Cryptography
• VPNs and Networking
• Go expert

Motivation
• We do a lot of client virtualization work
• Utilizing hypervisors to do end point security
• Mostly OpenXT based products now
• OpenXT isn’t the easiest project to work on (10 years of development
means there are lots of components)
• Sometimes key high-security features can be a hindrance to some use
cases
• Client virtualization is pretty different than server virtualization
• Especially when it comes to toolstacks

Evaluation
• What’s out there we can leverage?
• XenMgr
• Libvirt (+ qubectl)
• What if we had a clean slate?

XenMgr
• XenMgr is high friction
• Haskell
• Esoteric
• Tough to find developers
• Lots of legacy interfaces that are unexercised and unaudited (audit in
progress)
• A lot of cryptic code that essentially reads a database and writes an xl
config and calls exec/fork
• Local and remote APIs are different 
• The command line tool is great

Libvirt
• One layer of abstraction too many
• XML domain configurations are too complex
• Designed to work with several virtualization technologies – KVM, Xen,
LXC, etc.
• We want to work with Xen and do it well
• Does a lot more than we need it to
• There is an existing Go package (developed by DigitalOcean)

redctl
• Introducing redctl, the client toolstack to our Xen
distribution, Redfield
• The good:
• A client toolstack where remote and local management
APIs are unified
• Utilize gRPC
• Don’t dictate transport (IPv4, IPv6, PV channels, Argo, vsock)
• Easy to understand and test language (Go)
• Make the command line tool awesome (like XenMgr’s)
• The bad:
• Still doing exec/fork a lot when dealing with libxl…

What is cgo?
• Cgo enables Go programs to call C code through a pseudo-
package, “C”
• Allows access of C types, variables, and functions
• E.g. C.size_t, C.stdout, C.printf
• The “preamble”
• A block comment used to include headers, set CFLAGS, LDFLAGS, etc.
• Immediately precedes the import “C” statement

What is cgo?
• C fields that cannot be expressed in Go are omitted
• The C type void* is represented by Go’s unsafe.Pointer
• Cannot call C function pointers from Go
• There are some restrictions on passing pointers between C and Go

Writing a Go Package for libxl
• Writing the cgo code by hand is tedious
• Cgo is simple enough to make code generation easy
• We use c-for-go: https://github.com/xlab/c-for-go
• Define translation and generation rules with a YAML configuration file
• Accept or ignore symbols, rename variables, apply rules to a given scope,
and more

Writing a Go Package for libxl
• Finally, we need some wrappers…

Writing a Go Package for libxl
• Instead of:

Writing a Go Package for libxl
• We want:

Future Work
• Continue writing wrappers
• Trim the size of the package
• Integrate into redctl
• Upstream
• Current fork: https://github.com/enr0n/xen/tree/libxl-go

Questions?
• https://ainfosec.com
• https://gitlab.com/redfield

XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerrigan, Assured Information Security, Inc.

The Xen Project is unique in its breadth of adoption and diverse contributions. Many vendors in the ecosystem are not directly competing, enabling collaboration which otherwise would not be possible. While hypervisors were once seen as purely cloud and server technologies, they are now used in many market segments to add compartmentalization and layers of security. This has led to renewed focus on older technologies, such as L4Re/seL4 and new technologies such as zircon, ACRN and others. Meanwhile, the Xen Project has been trailblazing in adopting virtualization in new market segments and continues to innovate and set the direction for the industry. This has enabled downstream Xen developers to build viable businesses and products in areas such as security and embedded. This talk will cover Xen feature changes that are driven by security needs, and the challenges of safety certification within the context of open source projects and Xen Project in particular.

XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...

The Linux Foundation

Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered: Embedded/automotive features of Xen Collaboration with AGL and GENIVI organizations for standardization Efforts on Functional Safety compliance Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.

OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...

The Linux Foundation

Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices. In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.

XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...

The Linux Foundation

XPDDS18: Xen Project Weather Report 2018

The Linux Foundation

XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...

The Linux Foundation

Hypervisors are key to enable mixed-criticality systems: a critical workload, typically with real-time requirements, running alongside a larger operating system, such as Linux. The interrupt latency needs to be deterministic, and the boot time of the critical function only a fraction of a second. Hypervisors are also the enabling technology to securely deploy new customers apps at runtime, without affecting system safety. This presentation will give an overview of hypervisor technologies for Xilinx platforms. It will introduce the most recent developments of the Xen hypervisor, including the "null" scheduler and dom0less, and it will explain how to make use of the new features to best configure Xen for embedded environments.

XPDDS19 Keynote: Unikraft Weather Report

The Linux Foundation

In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time. The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.

Unikraft Landing Page Master Slides

The Linux Foundation

Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach. Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach. The topic will cover content such as: * Why virtualisation in embedded * Hypervisor architectures on ARM and a quick roundup of examples * Relevant security technologies * Specific requirements for embedded systems * Example usage of FOSS based hypervisors in embedded * Challenges such as safety certification and how this may be approached

XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...

The Linux Foundation

TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.

OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)

The Linux Foundation

The talk covers several technologies and best practices to managing Security Vulnerabilities, which are told as interconnected stories. We will cover how the largest clouds in production came together through the Xen Project to develop an industry leading open source security process to manage software vulnerabilities effectively, how those vendors collaborated to stop cloud reboots through Live Patching and how security and CPU vendors collaborated to protect against 0-day vulnerabilities and advanced persistent threats using hardware assisted virtual machine introspection. Finally, we will also provide information how you can use tools such as CVE Details to assess how secure an open source technology is relative to another, such that you don't have to rely solely on security stories from the technology press. The talk will cover how these technologies work, the limitations and challenges which still remain and how they are used in practice using examples of Xen Project based products and installations. We will also cover how these technologies impact software vulnerability management processes and system administrators.

Scale17x: Thinking outside of the conceived tech comfort zone

The Linux Foundation

The Xen Project is used by more than 10 million users, powers some of the largest clouds on the planet, and is starting to build momentum in embedded and safety-conscious market segments. It is also nearly 16 years old. The Xen Project’s success and longevity can be attributed to its flexible architecture, but more importantly to enabling community members to contribute ideas and code, even if they are not core to the project's main use-case. This has brought Xen far beyond server virtualization. Lars will share how the project has supported new technologies and ideas, which may include some really interesting things you might not know about Xen (especially around defense applications), and will derive best practices that may help other projects.

Xen Project 15 Years down the Line

The Linux Foundation

What do “Crazy in Love” by Beyonce and the “Xen Project” have in common? They are both 15-year-old hits. Flash forward to today. The Xen Project is used by more than 10 million users, powers some of the largest clouds on the planet, and is starting to build momentum in embedded and safety-conscious market segments. The Xen Project played a key role in developing technologies outside of the hypervisor, like hardware virtualization, and open source security disclosure standards that impact entire industries. The Xen Project’s success and longevity can be attributed to its flexible architecture, but more importantly to enabling community members to contribute ideas and code, even if they are not core to the project's main use-case. We will share how the project has supported new technologies and ideas (sometimes in the form of failures and sometimes wins) and will derive best practices that may help other projects .

OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...

The Linux Foundation

This presentation covers a real-world case study of Bitdefender Hypervisor Introspection (HVI) that is based on Xen Project software. On April 14th, The Shadow Brokers released the Eternalblue exploit toolkit, which exploited an SMBv1 vulnerability across a wide range of Windows operating systems. The exploit was most famously used as a propagation mechanism for the WannaCryransomware. HVI prevented exploitation attempts with no prior knowledge of the exploit or underlying vulnerability. This talk will cover the exploit mechanism, how HVI detects its actions, and illustrate some of the advantages of HVI built through open source collaboration. Audience members will takeaway a better understanding of this type of exploit and how something like hypervisor introspection and security through a hypervisor approach can help companies avoid these types of new exploits.

OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix

The Linux Foundation

NVDIMM is a standard for allowing non-volatile memory to be exposed to as normal RAM, which can be directly mapped to guests. This simple concept has the potential to dramatically change the way software is written; but also has a number of surprising problems to solve. Furthermore, this area is plagued with incomplete specifications and confusing terminology. This talk will attempt to give an overview of NVDIMMs from an operating system perspective: What the terminology means, how they are discovered and partitioned, issues relating to filesystems, a brief description of the functionality available in Linux, and so on. It will then describe the various issues and design choices a Xen system has to make in order to allow Xen systems to use NVDIMMs effectively.

XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...

The Linux Foundation

Despite the popularity of the Xen hypervisor, there are very few tools capable of performing virtual machine introspection (VMI) on Xen guests — not even a full-featured debugger! This is in large part because Xen's VMI APIs are obscure and poorly documented; even among Xen developers, there are very few people who know how to use them. This has serious consequences for projects targeting Xen, as the lack of tooling makes it difficult to verify the correctness and security of software running on Xen. In this presentation, Spencer will introduce and explain Xen's VMI APIs in detail, with the goal of providing all the information necessary to construct fully-featured Xen VMI API clients and analysis tools. In doing so, he will share the hands-on experience he gained while developing his recently-released tool Xendbg, a feature-complete reference implementation of a modern Xen VMI debugger.

XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...

The Linux Foundation

Thursday, July 13 • 11:55 - 12:25 Edit Speaker Tools Hypervisor-Based Security: Bringing Virtualized Exceptions Into the Game - Mihai Dontu, Bitdefender Click here to add to My Sched. http://sched.co/AjH7 Tweet Share Feedback form is now closed. With this presentation, Mihai Donțu will cover the current status of #VE support in Xen, how Bitdefender plans to use it to improve the performance of its Hypervisor Introspection (HVI) solution, and the changes Bitdefender is working on mainlining in the hope that they will find their way into all major Xen deployments. The aim is to make VMI an even more appealing security option for customers running workloads on supporting Intel hardware.

2018 Genivi Xen Overview Nov Update

The Linux Foundation

ALSS14: Xen Project Automotive Hypervisor (Demo)

The Linux Foundation

XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...

The Linux Foundation

Docker and other container runtimes are gathering momentum and becoming the new industry standard for server applications. Linux namespaces, commonly used to run Docker apps, come with a large surface of attack which is difficult to reduce. Intel’s Clear Containers use KVM to run containers as VMs to provide additional isolation. It is possible to provide VM-like isolation for containers without sacrificing performance. This talk focuses on the benefits of using Xen to provide an execution environment for Docker apps. The presentation starts by listing the requirements of this environment. It explains why monitoring container syscalls is important and what its security benefits are. The talk introduces a new paravirtualized protocol to virtualize IP sockets and provides the design and implementation details. The presentation clarifies the impact of the new protocol from a security perspective. The discussion concludes by comparing performance figures with the traditional PV network frontend and backend drivers in Linux, explaining the reasons for any performance gaps.

XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix

The Linux Foundation

2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes. This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.

OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...

The Linux Foundation

Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project. In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.

XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...

The Linux Foundation

The members of the Automotive Grade Linux (AGL) project have been developing the Unified Code Base (UCB) distribution for automotive use since 2015. Initially the focus was on In-Vehicle Infotainment systems, but lately the project has turned towards instrument cluster, telematics, heads-up display, and other safety critical systems that require ISO 26262 ASIL-B certification. Car and truck manufacturers are looking for AGL to provide a solution that makes use of AGL in a way that meets the demands of ISO 26262 and is readily available to a broad community. Walt takes a look at what has been done on the AGL community to prepare for this and looks to how AGL can work with the Xen project to make this a reality.

OSSA17 - Mixed License FOSS Projects

The Linux Foundation

Many projects start out with the intention of staying single license FOSS projects. As your project grows, reality hits: some components or files may need to use different licenses than originally anticipated. There are many reasons why this can happen: you may need to interface with projects of another license, you may want to import code from other projects or your developers may not understand the subtleties of the licenses in use. Besides the obvious challenges of managing mixed license FOSS projects, such as license compatibility and tracking what licenses you use, you are running the risk of exposing your project to unintended consequences. This talk will explore unintended consequences, risks and best practices using some examples from the recent history of the Xen Project. In particular we will cover: Refactoring can lead to licensing changes: best practices and unintended consequences when importing code from elsewhere. Making code archeology easy from a licensing perspective and why it is important. A worked example of a license change of a key component: process, pain points, their causes and how they could have been avoided The perils of LGPL/GPL vX (or Later): the unintended consequences of not providing pre-defined copyright headers in your source base We will conclude with a summary of lessons and best practices from both the Xen Project and a quick overview of how usage of SPDX and other tools may help you.

XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...

The Linux Foundation

Software Guard Extensions (SGX) is Intel's unique security feature which has been present in Intel's processors since Skylake generation. Existing HW/SW solutions hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel SGX solves this by using enclave, which is a protected portion of userspace application where the code/data cannot be accessed directly from outside by any software, including privileged ones, such as BIOS and VMM. This discussion is intended for the deep dive introduction to SGX, and the design discussion of adding SGX virtualization to Xen. We will start with SGX deep dive, and then go into SGX virtualization design, from high level design to details, such as EPC management/virtualization, CPUID handling, interaction with VMX, live migration support, etc.

OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...

The Linux Foundation

Unikernels have produced impressive performance, including fast instantiation times, tiny memory footprints, and high consolidation, plus potentially a reduced attack surface and easier certification. Their main drawback is that they require applications to be manually ported to the underlying minimal OS; this means both expert work and considerable amount of time. In this talk we present Unikraft, an incubator project under the auspices of the Xen Project and the Linux Foundation aimed at automating the process of building customized images tailored to specific applications and thus significantly reducing development time. Unikraft decomposes the OS into elementary pieces (e.g., schedulers, memory allocators, drivers, etc.) that users can pick and choose from. It then builds images tailored to the needs of specific applications as well as the target platform (e.g., KVM, Xen) and architecture (e.g., ARM or x86).

Scale 12x Securing Your Cloud with The Xen Hypervisor

The Linux Foundation

XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM

The Linux Foundation

Unikernels have good performance and a very tiny footprint. But the process of converting an application to a Unikernel requires expert porting work and a considerable amount of time. Wei will introduce a new Unikernel development model – Unikraft. Unikraft aims to free Unikernels from the fundamental drawback of manual porting costs. Since Unikraft was announced, Wei has been actively working with the community to get involved in this project. In this presentation Wei intends to share some knowledge of Unikraft, including: 1) The concept and architecture of Unikraft, 2) The tool stack and config menu, 3) Features available on Arm, 4) Upcoming features on Arm. Wei also will run a demo on an Arm server showing: 1) Conversion of an application to Unikernel, 2) Configuration of this Unikernel through a menu system, 3) The converted Unikernel running!

DevOpsCon 2015 - DevOps in Mobile Games

Andreas Katzig

CrikeyCon 2015 - iOS Runtime Hacking Crash Course

eightbit

What's hot

Fosdem 18: Securing embedded Systems using Virtualization

The Linux Foundation

XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...

The Linux Foundation

OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)

The Linux Foundation

Scale17x: Thinking outside of the conceived tech comfort zone

The Linux Foundation

Xen Project 15 Years down the Line

The Linux Foundation

OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...

The Linux Foundation

OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix

The Linux Foundation

XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...

The Linux Foundation

XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...

The Linux Foundation

2018 Genivi Xen Overview Nov Update

The Linux Foundation

ALSS14: Xen Project Automotive Hypervisor (Demo)

The Linux Foundation

XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...

The Linux Foundation

XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix

The Linux Foundation

OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...

The Linux Foundation

XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...

The Linux Foundation

OSSA17 - Mixed License FOSS Projects

The Linux Foundation

XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...

The Linux Foundation

OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...

The Linux Foundation

Scale 12x Securing Your Cloud with The Xen Hypervisor

The Linux Foundation

XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM

The Linux Foundation

What's hot (20)

Fosdem 18: Securing embedded Systems using Virtualization

XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...

OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)

Scale17x: Thinking outside of the conceived tech comfort zone

Xen Project 15 Years down the Line

OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...

OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix

XPDDS19: Xen API Archaeology: Creating a Full-Featured VMI Debugger for the...

XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...

2018 Genivi Xen Overview Nov Update

ALSS14: Xen Project Automotive Hypervisor (Demo)

XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...

XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix

OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...

XPDDS19: Using Xen to Enable an Open Source Safety Certifiable Automotive Gra...

OSSA17 - Mixed License FOSS Projects

XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...

OSSEU18: From Handcraft to Unikraft: Simpler Unikernelization of Your Applica...

Scale 12x Securing Your Cloud with The Xen Hypervisor

XPDDS18: Unikraft: An easy way of crafting Unikernels on Arm - Kaly Xin, ARM

Similar to XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerrigan, Assured Information Security, Inc.

DevOpsCon 2015 - DevOps in Mobile Games

Andreas Katzig

CrikeyCon 2015 - iOS Runtime Hacking Crash Course

eightbit

Security research over Windows #defcon china

Peter Hlavaty

Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.

Wahckon[2] - iOS Runtime Hacking Crash Course

eightbit

cadec-2017-golang

TiNguyn863920

Forge - DevCon 2016: Implementing Rich Applications in the Browser

Autodesk

Sebastian Dunkel, Autodesk Cloud based web applications running in the browser have fundamental advantages over their desktop based siblings: They run on any device and are not tied to a certain operating system. The transition to web applications can solve many of the deployment problems and facilitates effortless real-time collaboration in a connected world. However, implementing rich browser applications is challenging. Besides general technical limitations, leveraging existing technology is far from trivial. In this presentation we will discuss these and other challenges based on selected browser-based applications developed at Autodesk. Moreover, we will show how Forge technology can help to accelerate application development and improve the development experience.

13 practical tips for writing secure golang applications

Karthik Gaekwad

Delivering Developer Tools at Scale

Oracle Developers

Gocd – Kubernetes/Nomad Continuous Deployment

Leandro Totino Pereira

JavaZone 2017 - Microservices in action at the Dutch National Police

Bert Jan Schrijver

Microservices in action at the Dutch National Police

Bert Jan Schrijver

OpenValue meetup October 2017 - Microservices in action at the Dutch National...

Bert Jan Schrijver

Developing a mobile cross-platform library

Kostis Dadamis

Here, I am including the experience I had while exploring solutions for developing a mobile cross-platform library, i.e. a single codebase that could be part of mobile apps running under different platforms. It covers my journey from mobile cross-platform developments tools (PhoneGap, Titanium, and the likes), code porting tools, and WebViews that weren't up to the task, to C++ and JavaScript engines that did work. There aren't many resources out there explaining how to approach this problem, so we thought it could be helpful if we shared this experience.

A Tail of Two Containers: How docker made ci great again

Kyle Rames

Codeship has been powered by containers from the very beginning. In this talk we will discuss our initial implementation using LXC, how we use it and the limitations that we have encountered. Using the lessons we learned from our first gen implementation, we’ll look at the evolution of our next generation Docker service. We’ll dive into how this implementation works and discover some of the benefits and challenges of using Docker for CI.

CodeMotion Amsterdam 2018 - Microservices in action at the Dutch National Police

Bert Jan Schrijver

Microservices in action at the Dutch National Police - Bert Jan Schrijver - C...

Codemotion

At the Cloud, Big Data and Internet division of the Dutch National Police, 4 DevOps teams use the latest open source technology to build high tech, cloud native web applications using Spring Boot, Angular 5, Spark, Kafka and Jenkins 2. I'll share our experiences and real-world use cases for microservices. I’ll show how 4 teams work together on one product and I’ll talk about how we apply the principles of DevOps and Continuous Delivery. I’ll show how we handle security, build pipelines, test automation, performance tests, service discovery, automated deployments, monitoring and more!

Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...

Lean IT Consulting

Everything-as-code. A polyglot adventure. #DevoxxPL

Mario-Leander Reimer

As modern, agile architects and developers we need to master several different languages and technologies all at once to build state-of-the-art solutions and yet be 100% productive. We define our development environments using Gradle. We implement our software in Java, Kotlin or another JVM based language. We use Groovy or Scala to test our code at different layers. We construct the build pipelines for our software using a Groovy DSL or JSON. We use YAML and Python to describe the infrastructure and the deployment for our applications. We document our architectures using AsciiDoc and JRuby. Welcome to Babel! Making the right choices in the multitude of available languages and technologies is not easy. Randomly combining every hip technology out there will surely lead into chaos. What we need is a customized, streamlined tool chain and technology stack that fits the project, your team and the customer’s ecosystem all at once. This code intense, polyglot session is an opinionated journey into the modern era of software industrialization.

Everything-as-code - A polyglot adventure

QAware GmbH

Devoxx 2017, Poland: Talk by Mario-Leander Reimer (@LeanderReimer, Principal Software Architect at QAware). Abstract: As modern, agile architects and developers we need to master several different languages and technologies all at once to build state-of-the-art solutions and yet be 100% productive. We define our development environments using Gradle. We implement our software in Java, Kotlin or another JVM based language. We use Groovy or Scala to test our code at different layers. We construct the build pipelines for our software using a Groovy DSL or JSON. We use YAML and Python to describe the infrastructure and the deployment for our applications. We document our architectures using AsciiDoc and JRuby. Welcome to Babel! Making the right choices in the multitude of available languages and technologies is not easy. Randomly combining every hip technology out there will surely lead into chaos. What we need is a customized, streamlined tool chain and technology stack that fits the project, your team and the customer’s ecosystem all at once. This code intense, polyglot session is an opinionated journey into the modern era of software industrialization.

ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...

Frank Lyaruu

OSGi offers an excellent service discovery mechanism, but it is limited to services inside the JVM. With Docker nowadays it is trivially easy to deploy all kind of (micro) services, using pretty much any technology stack, so we’d like to discover those as easily as the ones inside the JVM. We will have a look at how we can use the Docker API to discover services in other containers, and how we can use Consul to expand service discovery to other hosts.

Similar to XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerrigan, Assured Information Security, Inc. (20)

DevOpsCon 2015 - DevOps in Mobile Games

CrikeyCon 2015 - iOS Runtime Hacking Crash Course

Security research over Windows #defcon china

Wahckon[2] - iOS Runtime Hacking Crash Course

cadec-2017-golang

Forge - DevCon 2016: Implementing Rich Applications in the Browser

13 practical tips for writing secure golang applications

Delivering Developer Tools at Scale

Gocd – Kubernetes/Nomad Continuous Deployment

JavaZone 2017 - Microservices in action at the Dutch National Police

Microservices in action at the Dutch National Police

OpenValue meetup October 2017 - Microservices in action at the Dutch National...

Developing a mobile cross-platform library

A Tail of Two Containers: How docker made ci great again

CodeMotion Amsterdam 2018 - Microservices in action at the Dutch National Police

Microservices in action at the Dutch National Police - Bert Jan Schrijver - C...

Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...

Everything-as-code. A polyglot adventure. #DevoxxPL

Everything-as-code - A polyglot adventure

ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...

More from The Linux Foundation

ELC2019: Static Partitioning Made Simple

The Linux Foundation

Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other. This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary. This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.

XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...

The Linux Foundation

XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx

The Linux Foundation

This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional. Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings. The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.

XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...

The Linux Foundation

As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion? This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.

XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender

The Linux Foundation

This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.

XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd

The Linux Foundation

The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency. In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management. During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.

XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...

The Linux Foundation

For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM). Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'. In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.

XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D

The Linux Foundation

PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests. This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.

XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems

The Linux Foundation

XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...

The Linux Foundation

Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform. XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.

XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...

The Linux Foundation

XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE

The Linux Foundation

Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling. This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.

XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security

The Linux Foundation

The use of Virtual GPUs (vGPUs) has widely grown in server farms to give Virtual Machines (VMs) dedicated graphics. Software rendering with virtual CPUs can only take us so far and even with Intel-GVT, which uses integrated graphics, there isn't enough power to do the fun stuff. In this presentation, Jon Farrell will be talking about the process of implementing AMD MxGPU on Xen, challenges that he encountered while doing it, and discussing performance metrics of bare metal and vGPU VM on popular benchmarks like 3D Mark* and The Witcher 3. To wrap up his presentation, Jon will share his thoughts about future research and where this technology can take us.

XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSE

The Linux Foundation

Current support of nested virtualization with Xen is limited to fully emulated devices for the L1 hypervisor (L0 hypervisor being the one running on the physical machine). For being able to let L2 dom0 make use of L1 PV devices several new interfaces are needed. In this design session I'll present my ideas how to add support of PV devices for L2 dom0. There are several possibilities how to do the work which I'd like to discuss.

XPDDS19: Application Agnostic High Availability Solution On Hypervisor Level ...

The Linux Foundation

In today's public and private cloud markets, availability is a very important metric for all cloud service providers. COLO is an ideal Application-agnostic Solution for Non-stop service in the cloud. Our solution can protect user service even from physical network or power interruption. And the the switching process is difficult for users to perceive (TCP connection will not be terminated). Under COLO mode, both primary VM (PVM) and secondary VM (SVM) are running parallel. The COLO has more than ten times performance increase compared with previous solution (like Remus). Current COLO codes has been merged in QEMU community, we can use COLO in upstream without any other addition patches. In this talk, we will talk about the COLO implementation in QEMU and Xen, the new designed COLO-Proxy, discussing on problems we've met while developing COLO. and report the latest progress from Intel.

XPDSS19: Live-Updating Xen - Amit Shah & David Woodhouse, Amazon

The Linux Foundation

Xen currently has two major mechanisms to maintain security while hosting untrusted VMs without causing disruption to those guests: live patching, and live migration. We introduce a third method: live updating Xen. A live-update operation involves loading of the newly-staged hypervisor into RAM, the currently-running Xen serializing its state, and then transferring control to the newly-staged Xen, all without disrupting running instances, beyond a little downtime when neither hypervisor is running guest vCPUs. We present a proposal on the design of such a feature, and invite comments and feedback.

XPDDS19: Secure Unikraft Applications with Solo5 - Haibo Xu, ARM

The Linux Foundation

XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...

The Linux Foundation

The Open Source Xen-Blanket software was developed by researchers at IBM and Cornell University, as extensions to the Xen hypervisor and its PV drivers, to enable seamless use of Xen PV drivers in guest VMs of nested Xen deployments. It was presented at the EuroSys 2012 conference, with a paper that has been widely cited since, and deployed in Cornell's SuperCloud. Xen-Blanket has never been presented to the Xen Community and the software left unmaintained. However, recent work by Star Lab has modernized its implementation, aiming to encourage its adoption and incorporation into the Xen Project software. This session will introduce the Xen-Blanket, describing its motivation and features; present the structure of the implementation in the hypervisor and device drivers; outline an example architecture for its deployment; and summarize its current state and plans within the Xen Project.

XPDSS19: Improve the Reliability and Efficiency of Late Microcode Update - Ch...

The Linux Foundation

Microcode update is used to correct errata by loading an Intel-supplied data block (so-called microcode) into the processor. Especially, late microcode update (aka, load microcode to processors at run-time) avoids system reboot which is necessary in early microcode update and greatly reduces system downtime. But, current late microcode update on Xen may fail in some cases as microcode becomes more complex in order to fix some sophisticated security issues. Chao will introduce his work to improve reliability and efficiency of microcode update.

XPDDS19: When Unikraft Meets Arm64 - Jia He, Arm

The Linux Foundation

Unikraft allows developers to build unikernels targeted at specific applications easily. Since Unikraft was announced, Arm has been actively involved to enable it on arm64 kvm platform. In this presentation I intend to share: 1) Features status on arm64, kvm platform(merged and under review) 2) Scalability: multi-thread, SMP support 3) Todo list I will also show some demos on Arm64 among them: 1) 2 veth NIC tx/rx using virtio-mmio bus 2) a lightweight web server

More from The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple

XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...

XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx

XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...

XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender

XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd

XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...

XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D

XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems

XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...

XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...

XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE

XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security

XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSE

XPDDS19: Application Agnostic High Availability Solution On Hypervisor Level ...

XPDSS19: Live-Updating Xen - Amit Shah & David Woodhouse, Amazon

XPDDS19: Secure Unikraft Applications with Solo5 - Haibo Xu, ARM

XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...

XPDSS19: Improve the Reliability and Efficiency of Late Microcode Update - Ch...

XPDDS19: When Unikraft Meets Arm64 - Jia He, Arm

Recently uploaded

SOCRadar Research Team: Latest Activities of IntelBroker

SOCRadar

The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month. The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies. However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News. Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!

Globus Compute wth IRI Workflows - GlobusWorld 2024

Globus

As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.

In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...

Juraj Vysvader

Advanced Flow Concepts Every Developer Should Know

Peter Caitens

Vitthal Shirke Microservices Resume Montevideo

Vitthal Shirke

Globus Connect Server Deep Dive - GlobusWorld 2024

Globus

Visitor Management System in India- Vizman.app

NaapbooksPrivateLimi

Your Digital Assistant. Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data. Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you. Feasible Features One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated User Friendly – can be easily used on Android, iOS, and Web Interface Multiple Accessibility – Log in through any device from any place at any time One app for all industries – a Visitor Management System that works for any organisation. Stress-free Sign-up Visitor is registered and checked-in by the Receptionist Host gets a notification, where they opt to Approve the meeting Host notifies the Receptionist of the end of the meeting Visitor is checked-out by the Receptionist Host enters notes and remarks of the meeting Customizable Components Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments Alerts & Notifications – Get notified on SMS, email, and application Parking Management – Manage availability of parking space Individual log-in – Every user has their own log-in id Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization. "Secure Your Premises with VizMan (VMS) – Get It Now"

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...

informapgpstrackings

First Steps with Globus Compute Multi-User Endpoints

Globus

In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.

How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?

XfilesPro

top nidhi software solution freedownload

vrstrong314

This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.

Using IESVE for Room Loads Analysis - Australia & New Zealand

IES VE

2024 RoOUG Security model for the cloud.pptx

Georgi Kodinov

Prosigns: Transforming Business with Tailored Technology Solutions

Prosigns

Unlocking Business Potential: Tailored Technology Solutions by Prosigns Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support. Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth. Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices. AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making. Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency. DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration. Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly. Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business. Join us on a journey of innovation and growth. Let's partner for success with Prosigns.

BoxLang: Review our Visionary Licenses of 2024

Ortus Solutions, Corp

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf

AMB-Review

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos https://www.amb-review.com/tubetrivia-ai Exclusive Features: AI-Powered Questions, Wide Range of Categories, Adaptive Difficulty, User-Friendly Interface, Multiplayer Mode, Regular Updates. #TubeTriviaAI #QuizVideoMagic #ViralQuizVideos #AIQuizGenerator #EngageExciteExplode #MarketingRevolution #BoostYourTraffic #SocialMediaSuccess #AIContentCreation #UnlimitedTraffic

Into the Box 2024 - Keynote Day 2 Slides.pdf

Ortus Solutions, Corp

Corporate Management | Session 3 of 3 | Tendenci AMS

Tendenci - The Open Source AMS (Association Management Software)

Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have. For more Tendenci AMS events, check out www.tendenci.com/events

Accelerate Enterprise Software Engineering with Platformless

WSO2

Key takeaways: Challenges of building platforms and the benefits of platformless. Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience. How Choreo enables the platformless experience. How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo. Demo of an end-to-end app built and deployed on Choreo.

Developing Distributed High-performance Computing Capabilities of an Open Sci...

Globus

COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.

Recently uploaded (20)

SOCRadar Research Team: Latest Activities of IntelBroker

Globus Compute wth IRI Workflows - GlobusWorld 2024

In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...

Advanced Flow Concepts Every Developer Should Know

Vitthal Shirke Microservices Resume Montevideo

Globus Connect Server Deep Dive - GlobusWorld 2024

Visitor Management System in India- Vizman.app

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...

First Steps with Globus Compute Multi-User Endpoints

How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?

top nidhi software solution freedownload

Using IESVE for Room Loads Analysis - Australia & New Zealand

2024 RoOUG Security model for the cloud.pptx

Prosigns: Transforming Business with Tailored Technology Solutions

BoxLang: Review our Visionary Licenses of 2024

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf

Into the Box 2024 - Keynote Day 2 Slides.pdf

Corporate Management | Session 3 of 3 | Tendenci AMS

Accelerate Enterprise Software Engineering with Platformless

Developing Distributed High-performance Computing Capabilities of an Open Sci...

XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerrigan, Assured Information Security, Inc.

1. Client Virtualization Toolstack in Go Nicholas Rosbrook, Software Engineer, Assured Information Security Brendan Kerrigan, Principal Software Engineer, Assured Information Security

2. Overview • Introduction • Motivation • Evaluation • Redfield and redctl • Libxl Go (Golang) bindings • Questions

3. Introduction • Brendan Kerrigan – Principal Engineer at Assured Information Security, Inc. • Hypervisors • Graphics virtualization • Embedded • Nicholas Rosbrook – Software Engineer at Assured Information Security, Inc. • Cryptography • VPNs and Networking • Go expert

4. Motivation • We do a lot of client virtualization work • Utilizing hypervisors to do end point security • Mostly OpenXT based products now • OpenXT isn’t the easiest project to work on (10 years of development means there are lots of components) • Sometimes key high-security features can be a hindrance to some use cases • Client virtualization is pretty different than server virtualization • Especially when it comes to toolstacks

5. Evaluation • What’s out there we can leverage? • XenMgr • Libvirt (+ qubectl) • What if we had a clean slate?

6. XenMgr • XenMgr is high friction • Haskell • Esoteric • Tough to find developers • Lots of legacy interfaces that are unexercised and unaudited (audit in progress) • A lot of cryptic code that essentially reads a database and writes an xl config and calls exec/fork • Local and remote APIs are different  • The command line tool is great

7. Libvirt • One layer of abstraction too many • XML domain configurations are too complex • Designed to work with several virtualization technologies – KVM, Xen, LXC, etc. • We want to work with Xen and do it well • Does a lot more than we need it to • There is an existing Go package (developed by DigitalOcean)

8. redctl • Introducing redctl, the client toolstack to our Xen distribution, Redfield • The good: • A client toolstack where remote and local management APIs are unified • Utilize gRPC • Don’t dictate transport (IPv4, IPv6, PV channels, Argo, vsock) • Easy to understand and test language (Go) • Make the command line tool awesome (like XenMgr’s) • The bad: • Still doing exec/fork a lot when dealing with libxl…

9. What is cgo? • Cgo enables Go programs to call C code through a pseudo- package, “C” • Allows access of C types, variables, and functions • E.g. C.size_t, C.stdout, C.printf • The “preamble” • A block comment used to include headers, set CFLAGS, LDFLAGS, etc. • Immediately precedes the import “C” statement

10. What is cgo?

11. What is cgo? • C fields that cannot be expressed in Go are omitted • The C type void* is represented by Go’s unsafe.Pointer • Cannot call C function pointers from Go • There are some restrictions on passing pointers between C and Go

12. Writing a Go Package for libxl • Writing the cgo code by hand is tedious • Cgo is simple enough to make code generation easy • We use c-for-go: https://github.com/xlab/c-for-go • Define translation and generation rules with a YAML configuration file • Accept or ignore symbols, rename variables, apply rules to a given scope, and more

13. Writing a Go Package for libxl

14. Writing a Go Package for libxl • Finally, we need some wrappers…

15. Writing a Go Package for libxl • Instead of:

16. Writing a Go Package for libxl • We want:

17. Future Work • Continue writing wrappers • Trim the size of the package • Integrate into redctl • Upstream • Current fork: https://github.com/enr0n/xen/tree/libxl-go

18. Questions? • https://ainfosec.com • https://gitlab.com/redfield

XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerrigan, Assured Information Security, Inc.

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerrigan, Assured Information Security, Inc.

Similar to XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerrigan, Assured Information Security, Inc. (20)

More from The Linux Foundation

More from The Linux Foundation (20)

Recently uploaded

Recently uploaded (20)

XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerrigan, Assured Information Security, Inc.