[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MirageOS-devel] Some Mirage student projects


Over the past year I've had the pleasure of supervising (with Nik
Sultana in the case of Rupert Horlick and Daniel Spencer) several
excellent final year undergraduate projects that related to Mirage.
(If you really care, then for background on what such projects are
supposed to entail, see

Now that the exams are finished and the results are in, I thought it
would be worth telling everyone what they were in case of interest. At
least some of them have been or will shortly be open sourced too-- I
include GitHub URLs where I have them. Please feel free to contact
either me for more details!  (Some of authors may be on the list too.)

* Alex Rakowski, EIDOLON: TCP/IP-based OS spoofing with MirageOS

Alex used the Mirage TCP/IP stack to do a feasibility study as to
whether it could accurately spoof nmap into believing a unikernel was
actually Linux or Windows, achieving this by making nmap believe this
for specific versions of both with >90% probability.

* Daniel Spencer, Secure tamper-evident logging

Daniel started from work by Schneier and Kelsey on tamper evident
logging, and used the Dog logging prototype, built over Irmin, to
produce a prototype of a tamper-evident logging service (client and
server) suitable for logging from a large number of largely unattended
devices (eg., IoT). Client authentication uses TLS, and an
intermediate node that can act as a log concentrator (rather than
requiring a single centralised log server to receive all the logs) was
also implemented.

* Daniel Karaj (https://github.com/dnkrj), Transport Data Web Server
in MirageOS with support for SQL queries

Daniel implemented a webservice that used CoHTTP to receive transport
data protobufs (GTFS), parsed them using a custom OCaml parser, logged
them as CSV files in Irmin, and finally had a (partial) SQL parser
using Menhir and OCamlLex that enabled clients to execute simple SQL
queries across the CSV files.

* Gabriela Sklencarova (https://github.com/gabisklencar/irmin-tcpip),
Functional Network Stacks with MirageOS and Irmin

Following from Mindy's work on Irmin/ARP, Gabriela applied similar
process to the TCP/IP stack: the stack was modified so that all state
and state changes were stored in Irmin.

* Rupert Horlick (https://github.com/ruhatch/mirage-oram), Encrypted
Keyword Search Using Path ORAM on MirageOS

Rupert started with the Path-ORAM design for ORAM (Oblivious RAM -- a
way to obfuscate access patterns), and implemented it as a functor
implementing the BLOCK interface. To test this, he also built a B-tree
implementation (https://github.com/ruhatch/mirage-btrees) to support a
simple inode-based filesystem
(https://github.com/ruhatch/mirage-block-fs), over which he built an
inverted index document search module.

Richard Mortier

MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.