vm-builder
Virtual Machine Build, Life Cycle and Integration in monolithic and microkernel platforms
As each piece of software is built using other software, it is difficult to ensure that a program is not accidentally infected through malicious code interfering anywhere in this process. An important defence is reducing the amount of code one relies upon and strictly isolating the build from any other processes that could influence it, typically by using a virtual machine.
However, the are currently no minimal, portable and final virtual machine build systems which enable effective bootstrapping of operating systems. Delegating this task to container build systems is insufficient, since they are primarily available to the Linux kernel and provide weak isolation properties. Delivering those with a high portability and even (or especially) on low TCB microkernels is key to secure bootstrapping of operating systems and applications on (to be) trusted infrastructure.
The current prototype has proven successfully applicable to nowadays general purpose OSs, templating/inheritance and reproducible builds are to be implemented. An implementation in a more robust programming language like Rust is still lacking and will be completed in the course of this project. The long term goal is to easily build and provide legacy platforms and software especially on microkernels — allowing for a migration path towards operating systems with effectively manageable complexity.
This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.
