ZeroVM
   HOME

TheInfoList



Click Here for Items Related To - ZeroVM
OR:
ZeroVM on:   [Wikipedia]   [Google]   [Amazon]

ZeroVM is an
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
light-weight
virtualization In computing, virtualization (abbreviated v12n) is a series of technologies that allows dividing of physical computing resources into a series of virtual machines, operating systems, processes or containers. Virtualization began in the 1960s wit ...
and sandboxing technology. It virtualizes a single process using the
Google Native Client Google Native Client (NaCl) is a discontinued sandboxing technology for running either a subset of Intel x86, ARM, or MIPS native code, or a portable executable, in a sandbox. It allows safely running native code from a web browser, independ ...
platform. Since only a single process is virtualized (instead of a full operating system), the startup overhead is in the order of 5 ms.


Sandboxing

ZeroVM creates a sandbox around a single process, using technology based on
Google Native Client Google Native Client (NaCl) is a discontinued sandboxing technology for running either a subset of Intel x86, ARM, or MIPS native code, or a portable executable, in a sandbox. It allows safely running native code from a web browser, independ ...
(NaCl). The sandbox ensures that the application executed cannot access data in the host operating system, so it is safe to execute untrusted code. The programs executed in ZeroVM must first be cross-compiled to the NaCl platform. ZeroVM can only execute NaCl code compiled for the
x86-64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit extension of the x86 instruction set architecture, instruction set. It was announced in 1999 and first available in the AMD Opteron family in 2003. It introduces two new ope ...
platform, not the portable Native Client (PNaCl) format. Code executed in ZeroVM cannot call normal
system calls In computing, a system call (syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, accessing a hard disk drive ...
and initially cannot interact with the host environment. All communication with the outside world takes place over ''channels'', which must be declared before the program starts. Outside the sandbox, a channel can be connected to a local file, to a pipe, or to another ZeroVM instance. Inside the sandbox, the program sees the channel as a
file descriptor In Unix and Unix-like computer operating systems, a file descriptor (FD, less frequently fildes) is a process-unique identifier (handle) for a file or other input/output resource, such as a pipe or network socket. File descriptors typically h ...
. The sandboxed program can read/write data from/to the channel, but does not know where the channel is connected in the host. Programs compiled for ZeroVM can optionally use the ZeroVM Runtime library called ZRT. This library aims to provide the program with a
POSIX The Portable Operating System Interface (POSIX; ) is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. POSIX defines application programming interfaces (APIs), along with comm ...
environment. It does this by replacing parts of the
C standard library The C standard library, sometimes referred to as libc, is the standard library for the C (programming language), C programming language, as specified in the ISO C standard.International Organization for Standardization, ISO/International Electrote ...
. In particular, ZRT replaces
C file input/output The C programming language provides many standard library functions for file input and output. These functions make up the bulk of the C standard library header . The functionality descends from a "portable I/O package" written by Mike Lesk at ...
functions such as fopen and opendir with versions that operate on an in-memory filesystem. The root filesystem is provided as a tarball. This allows a program to "see" a normal Unix environment. The ZRT also replaces C date and time functions such as time to give programs a fixed and ''deterministic'' environment. With fixed inputs, every execution is guaranteed to give the same result. Even non- functional programs become deterministic in this restricted environment. This makes programs easier to debug since their behavior is fixed.


Integration with Swift

ZeroVM has been integrated with
Swift Swift or SWIFT most commonly refers to: * SWIFT, an international organization facilitating transactions between banks ** SWIFT code * Swift (programming language) * Swift (bird), a family of birds It may also refer to: Organizations * SWIF ...
, the distributed object storage component of
OpenStack OpenStack is a free, open standard cloud computing platform. It is mostly deployed as infrastructure-as-a-service (IaaS) in both public and private clouds where virtual servers and other resources are made available to users. The software pla ...
. When the ZeroCloud middleware is installed into Swift, a client can make a request to Swift containing a ZeroVM program. The program is then executed directly on the storage nodes. This means that the program has direct access to the data.


History

ZeroVM was developed by LiteStack, an Israeli startup. The first commit in the zerovm
Git Git () is a distributed version control system that tracks versions of files. It is often used to control source code by programmers who are developing software collaboratively. Design goals of Git include speed, data integrity, and suppor ...
repository was added in November 2011. LiteStack was bought by
Rackspace Rackspace Technology, Inc. is an American cloud computing company based in San Antonio, Texas. It also has offices in Blacksburg, Virginia, Blacksburg, Virginia and Austin, Texas, as well as in Australia, Canada, United Kingdom, India, Dubai, Sw ...
in October 2013. ZeroVM participated in Techstars Cloud 2013 incubator program and got $500,000 in seed funding. The first ZeroVM Design Summit was held in January 2014 at the
University of Texas at San Antonio The University of Texas at San Antonio (UTSA or UT San Antonio) is a Public university, public research university in San Antonio, Texas, United States. Established in 1969,Google Native Client Google Native Client (NaCl) is a discontinued sandboxing technology for running either a subset of Intel x86, ARM, or MIPS native code, or a portable executable, in a sandbox. It allows safely running native code from a web browser, independ ...
*
LXC Linux Containers (LXC) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel. The Linux kernel provides the cgroups functionality that allows l ...
(LinuX Containers) *
seccomp seccomp (short for secure computing) is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and wr ...
*
Docker (software) Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called ''containers''. The service has both free and premium tiers. The software that hosts the containers is called Do ...


References


External links

* *
Stable Ubuntu packages

Latest Ubuntu packages
{{Virtualization software Free virtualization software Virtualization software for Linux Free software for cloud computing Free software projects Operating system security