SandStorm.io on Genode ?

Peter Lindener lindener.peter at ...9...
Sun Feb 28 00:35:49 CET 2016


Hi
    Norman-

    you wrote: "*Sure, it is possible to run a guest OS on top of Genode.
But what would*
*be the benefit for Sandstorm users?*"

   to clarify, here, I was suggesting that Kenton might want to consider
running SandStorm UNDER Genode,  potentially providing a development path
towards better security for SandStorm.io in the longer run...   Norman I'm
not sure why you would see the value that Genode would bring to SandStorm's
longer term growth path...   You certainly have put in the effort.. to make
Genode a great security oriented foundation upon which to build..   I'm
sure Kenton see's the real security concerns surrounding the all to large
TCB of Linux, even after Kenton's team as whittled the Linux Kernel down a
bit.

  Once Sandstorm is running UNDER the Genode OS, I would gather that one
would utilize the opportunity to incrementally migrate part of Snadstorm's
security orientated service infrastructure to run under the Genode API,
without relying on the Linux Kernel as part of it's fully trusted code
base..

   Norman I take encouragement from your suggestion that I "*get **your
hands dirty, e.g., by building a prototype*", but then perhaps you have
overlooked the note that I sent that started this thread..
..   I'm already in the thick of it,   But in all honesty, I really don't
want to be put in the position of having to pick which platform to use
during early development..   That is:  If you want Genode to claim center
stage as THE security orientated OS to build our future on...   Working
with Kenton and his team might be just the way to help make it happen...
 That is what I am asking...
   My hunch is that if Kenton...ends up liking what he see's in Genode's
underlying design..  he will Likelty have good things to say to other's who
might see the wisdom in further financial support for Genode Labs...  (ie.
a potential contract to help address the security oriented aspects of
Sandstorm's longer term development path...

   As for my own (rather significant) in the computational aspects of
Information/Game Theoretic Social Decision Systems theory...   I will
continue to do most of my work in Python and C++, while doing my best to
avoid counting on much from the underlying target platform, that is...
until I can see that both Genode and Sandstorm..are doing well enough that
the longer term development of both is a sure bet (I think the odds are
good) in the longer run, you have to admit it is about sharing some vision
about development directions.
   It is fairly likely, that Capt'n Proto will come into the picture as the
more demanding computations in my code (Strategic VnM ranked Ballot
Tallying) scale up via network distributed computation..

   My hunch is that most people would not take kindly to nation states
(surveilling the (supposedly privet, personal) input data of such a
system..  and thus I take the need for security the system that will
ultimately run this code...  For this reason, I am doing my best to
encourage SandStorm.io and Genode Labs to consider the benefits of working
together...   I.e...  My code, will need what both combined together would
offer...

   To this end...  I write both suggesting a dialog as to how these systems
could grow in the same directions..   That Kenton, might give some thought
with the support of Genode Labs, as to how Sandstorm.io, over time could
further secure its TCB via a migration path where Genode's API would become
fairly easy to assess...   I also see that Capt'n Proto, might bring about
some real value to the Genode OS... and yes, when I get the chance, I will
see about what it might take to port Capt'n Proto to Genode...   but in all
honesty...   I rather that the financial minds supporting SandStorm.io..
might see the wisdom in the security orientated migration path for
SandStorm...  so hopefully I can keep my own focus on the Game Theoretic
aspects of the Social Decision systems problem...

   all the best

      -Peter (SaxMan) Lindener

On Sat, Feb 27, 2016 at 1:44 AM, Norman Feske <norman.feske at ...1...>
wrote:

> Hello Peter,
>
> your enthusiasm about our projects is great to see.
>
> Admittedly, I feel a bit uneasy about being urged to deliver a statement
> about how both projects relate to each other. As I am not proficient in
> the domain of web applications, an assessment from my side would be
> shallow at best.
>
> When I first stumbled upon Standstorm (on Hacker News), I could not spot
> an obvious connection between Sandstorm and Genode. And still, I'm
> somehow lacking the imagination to see it. Granted, both projects
> facilitate capability-based security. But they are seemingly based on
> different premises (i.e., with respect to the reliance on a monolithic
> OS) and address different domains (web applications vs. OS services).
>
> >    Good to hear that things are beginning to work well in Sandstorm
> Land..
> > Norman and others at Genode Labs, have already brought up Virtual_Box
> > under Genode, so perhaps, one might be able to alreay run a SandStorm
> > server within Genode's Virual_Box ? ...
>
> Sure, it is possible to run a guest OS on top of Genode. But what would
> be the benefit for Sandstorm users?
>
> >   It would be great if Genode were to adopt Capt'n_Proto.. as part of
> > it's next Gen RPC support... but my hunch is that both might learn a few
> > tricks from the other...
>
> On Genode, we don't delegate capabilities over the network. In your
> previous email, you mentioned Genode's "Server API" in the context of
> Capt'n'Proto. The ambiguous terminology may misguided you a bit. Our
> server API is not related to networking. In the context of Genode, a
> server is simply a software component living in a dedicated address
> space (think of a process on Unix) that provides a service to another
> software component running on the same machine.
>
> > ..so I'm hopping that the Technical exchange between the teams at Genode
> > Labs and Sandstorm turns out to be a gold mine for architecting the next
> > generation of significant innovation in both.
>
> You obviously see opportunities worth exploring. I encourage you to get
> your hands dirty, e.g., by building a prototype. Once someone like you
> who has a natural interest in both projects steps up and pursues the
> actual integration work, your vision may become more tangible to all of us.
>
> Cheers
> Norman
>
> --
> Dr.-Ing. Norman Feske
> Genode Labs
>
> http://www.genode-labs.com · http://genode.org
>
> Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
> Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20160227/d60410d9/attachment.html>


More information about the users mailing list