Safely work from home with open source 2020/03/30

NGI0 grant for Software Heritage 2020/03/26

Hackers donate 90% of profit to charity 2019/06/13

NGI Zero awarded two EC research and innovation actions 2018/12/01

EC publishes study on Next Generation Internet 2025 2018/10/05


Declarative web service security

[Declarative web service security in NixOS]

This project aims to make NixOS the first computer operating system to package TLS Pool as a service component, and will allow to combine the power of declarative packaging with the unique security characteristics of TLS Pool to create a solid and versatile delivery channel for decentralised internet applications.

Creating secure webservices is non-trivial. Every application has its own security configuration mechanism, which means there is lots of room to make mistakes, neglect flaws and end up with vulnerable systems. TLS Pool is a ground-breaking mechanism from the ARPA2 project to isolate security processes and key material from actual applications themselves, and allows to manage transport layer security at a system level. NixOS is a Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable, and has many other advantages. It is used increasingly in complex environments where reproducible behaviour and configurability matter, from desktop systems to some of the top 500 supercomputers.

The results of this project should greatly simplify the creation and delivery of robust and secure services, on the web and beyond. We will validate and demonstrate the new capabilities resulting from the project by providing a number of examples of different types of web services, such as classic LAMP applications, NodeJS and Java application containers.

"Declarative web service security in NixOS" is supported by NLnet and the Internet Hardening Fund.


Send in your ideas.
Deadline June 1st, 2020.