An Introduction to Unikernels with the HaLVM

Unikernels, or library operating systems, offer a new method for building and managing lightweight services in the cloud. Instead of building a service on an operating system, unikernels compile the core operating system components they need into a single binary bundle. Unlike systems like Docker, these bundles then run directly on Xen, instead of running as a protected process under Linux. This makes them extremely lightweight and flexible, as they only need to include the operating system services they absolutely require. In addition, they can provide better security than traditional systems, including Docker, as they contain less code to exploit and are, by definition, highly diverse.

There are a growing number of unikernel development systems out there, each for a different language: Rump Kernels or OSv for C, Mirage for OCaml, etc. In this workshop, we will introduce attendees to the open source Haskell Lightweight Virtual Machine (HaLVM). Using a high-level language like Haskell with unikernels brings great benefits: abstraction allows us to build significant services quickly, and the language's type system gives us the safety to program with confidence in an austere environment. Imagine finding that your low-level service contains an unsafe cast of a 32-bit to 64-bit number at compile time, instead of as a random crash during execution!

To help get started quickly, we'll provide a development environment ahead of the workshop in the form of a virtual machine image, give a brief overview of Haskell fundamentals, and then get down to business. After a couple finger exercises to understand the basics of unikernel development and debugging, we'll jump into building web services with the HaLVM. You'll see how small web services running on the HaLVM can be, while still providing useful services. We'll develop, deploy, and test them on our virtual machines. Those with Amazon EC2 accounts will then be able to upload their unikernels and run them on Amazon's cloud.

Adam Wick

Galois, Inc.

Dr. Adam Wick leads Galois's systems software and mobile security team, and was the creator of the HaLVM. In his current role, he has led projects that have used the HaLVM for communications and network security tasks, and has given talks at several Xen Summits as well as QCon SF about this work. Beyond the HaLVM, Adam has led Galois's investigations into secure operating system design, trustworthy mobile roots of trust, and predictive security for UAVs. Before Galois, Adam received his Ph.D. from the University of Utah, and his B.S from Indiana University.

Trevor Elliott

Galois, Inc.

Trevor Elliott is an engineer at Galois, and the designer and implementer of the Haskell Network Stack (HaNS). Trevor has extensive experience with the HaLVM, having used it in several engineering efforts at Galois. In addition, Trevor has worked on a wide variety of projects at Galois, including efforts in compiler design, cryptography, network security, and web system design. Trevor earned his B.S. in Computer Science from Portland State University in 2008.

Adam Foltzer

Galois, Inc.

Adam Foltzer is a research engineer at Galois, and a member of the Haskell.org Committee. Adam was lucky enough to begin programming in Scheme when he was quite young, and has since then had a passion for functional and denotational programming. While getting a B.S. and M.S. in Computer Science from Indiana University, he began using Haskell while studying the theory, design, and implementation of programming languages; parallel and concurrent programming; and quantum and reversible computing. Prior to studying Computer Science, he studied Russian language and literature, archaeology, and how to fly small aircraft.