Calls: Send in your ideas. Deadline April 1, 2024
Grant
Theme fund: NGI Assure
Start: 2023-02
More projects like this
Network infrastructure

MirageVPN

Robust OpenVPN client and server, and QubesOS client

OpenVPN is a virtual private network protocol which is still widely used. We will extend the existing MirageOS OpenVPN implementation in three aspects: develop a unikernel suitable for QubesOS, develop an OpenVPN server, and add recent features (e.g. tls-crypt v2) .

The project builds on top of MirageOS: a library operating system developed in OCaml — a memory-safe functional programming language. In MirageOS, each service is a separate unikernel with a minimal attack surface that only contains the code required to run it. These unikernels are normally executed as a virtualized machine such as KVM, VirtIO, Xen. MIrageOS also supports using a strict security feature of the Linux kernel called seccomp.

The elliptic curve primitives used in this project are correct by construction (and free of timing side channels), and have been developed in Coq as part of the Fiat-Crypto project.

Run by Center for the Cultivation of Technology

Logo NLnet: abstract logo of four people seen from above Logo NGI Assure: letterlogo shaped like a tag

This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.