Vasily Sartakov | CAP-VMs: Capability-Based Isolation and Sharing in the Cloud #19
DisseminateJanuary 23, 2023x
4
36:1033.12 MB

Vasily Sartakov | CAP-VMs: Capability-Based Isolation and Sharing in the Cloud #19

Summary:

Cloud stacks must isolate application components, while permitting efficient data sharing between components deployed on the same physical host. Traditionally, the memory management unit (MMU) enforces isolation and permits sharing at page granularity. MMU approaches, however, lead to cloud stacks with large trusted computing bases in kernel space, and page granularity requires inefficient OS interfaces for data sharing. Forthcoming CPUs with hardware support for memory capabilities offer new opportunities to implement isolation and sharing at a finer granularity. In this episode, Vasily talks about his work on cVMs, a new VM-like abstraction that uses memory capabilities to isolate application components while supporting efficient data sharing, all without mandating application code to be capability-aware. Listen to find out more!


Links:



Hosted on Acast. See acast.com/privacy for more information.