Introduction

Zaragoza Summer School

Industry session

Paul-Elliot Anglès d'Auriac and Ulysse Gérard

Introduction

Tarides in a few words

Founded in January 2018
Business based on Open Source

An academic background: University of Cambridge, ENS, inria, IIT Madras
and industry/startup veterans: XenSource, Citrix, Unikernel Systems, Docker

Around 70 software engineers specialised in systems, programming languages and security


Tarides philosophy

At Tarides, we develop products centered on security

Reduce bugs

More than 70% of security bugs are memory safety issues (Microsoft, Chromium, Android, public 0-days exploits)

OCaml compiler ensures to be free from memory issues
OCaml type system allows to catch many bugs at compilation time

Reduce the attack surface.

Application code is a small % of the runtime environnement

OCaml code can be compiled to unikernels, using MirageOS

Use offline first and decentralized approach

Cloud-centric architecture is fundamentally flawed with security, data privacy and transparency issues

Tarides develops Irmin, a distributed key-value git-like database, written in OCaml.

Tarides' products

One language: OCaml
  • The static analysis catch many bugs at compile-time
  • The developper tools allows for easy entry to a large codebase
  • The module system facilitates the multiplicity of backends
  • js_of_ocaml allows to write websites and editor extensions in OCaml
Three projects:
Mirage OS: MirageOS is a library operating system that constructs unikernels for secure, high-performance network applications across a variety of cloud computing and mobile platforms. Used by Docker Desktop to manage all the container network traffic.
Irmin: Irmin is an OCaml library for building mergeable, branchable distributed data stores. Used by Tezos to store the entire blockchain state.
The OCaml Platform represents the best way for developers, both new and experienced, to write software in OCaml. Used by Jane-Street to trade continuously on more than 200 electronic exchanges and other venues, at volumes that make them one of the world’s largest market makers.
MirageOS

MirageOS: a library operating system

Unikernel compiler: Instead of compiling to an executable to be run inside an OS, compiles to a unikernel.

Library operating system: MirageOS ecosystem includes as libraries all the functionalities usually provided by the OS: time, networking, storage.

Advantages:

  • Small surface of attack
  • Lightweight and portable
  • Written using a high-level language. (Everything has to be rewritten!)
Why OCaml is suitable for that:
  • Static analysis, free from memory exceptions...
  • Parametrization by implementation!
module HelloWorld (Time : Mirage_time.S) = struct

  let start _time =
    Logs.info (fun f -> f "Waiting one second...");
    Time.sleep_ns (Duration.of_sec 1) >>= fun () ->
    Logs.info (fun f -> f "Hello World!");
    Lwt.return_unit

end
              
(* ARP implementation is parametrized by the Ethernet 
   and Time implementation *)

module Make (Ethernet : Ethernet.S) (Time : Mirage_time.S) : sig
  include S

  val connect : Ethernet.t -> t Lwt.t
end

The piñata experiment

  • February 10th 2015:

    • A MirageOS unikernel implementing the HTTPS protocol is set up.

    • In the unikernel, there are 10 bitcoins which will be transfered if given an appropriately signed certificate.

    • An anouncement is made, calling hackers to break into the unikernel and get the bitcoins.

    • The code is open source, and all attack vectors are legit (except social engineering).

  • March 18th 2018:

    • Many attemps: More than 500 000 accesses to the Piñata website, and more than 150,000 attempts at connecting to the Piñata bounty.

    • Some found software bugs

    • No bugs were exploitable

 Irmin

Irmin: a distributed git-like store

Irmin is:
  • A key-value store.
  • Built with the same principle as git, with support for:
    • Browsing the history.
    • Defining a merging strategy
      Example with a counter.
      • A: "balls" → 4
      • Meanwhile, B: "balls" → 1
      • Merging strategy "balls" →
        2 = 3 + (4-3) + (1-3)
  • Distributed and works offline!
Once again, the implementation of the backend is abstracted using functors. Multiple backends are available, both for Unix and MirageOS:
  • FS
  • Memory
  • Git
  • IndexedDB to run Irmin in the browser
  • ...
 OCaml ecosystem
  • Defining and maintaining a set of "official" tools to make programming in OCaml a pleasant experience, including:
    • Opam, the package manager
    • Dune, the build system
    • Merlin, and the editor extensions for OCaml
    • odoc, the documentation generator
    • Ppxlib, a metaprogramming framework
    • ocamlformat, the code formatter
    • dune-release, the package publisher
    • UTop, an enhanced OCaml toplevel
    • Mdx, for litterate programming and example-testing
  • OCaml 5 is a major release of OCaml which will integrate two main additions:
    • Algebraic effects for (amongst other things) concurrent programming
    • Domains for multicore programming.
  • Tarides is working on having the ecosystem ready:
    • all tools have to be compatible,
    • tutorials available,
    • a low entry bar, ...

Other initiatives

  • OCE, an initiative providing OCaml formation, startup contest, ...

  • Working for diversity and inclusion in OCaml community:

    • Ada Tech School: a programming school designed for women
    • Recurse Center: a self-directed, community-driven educational retreat for programmers
    • She Can Code: SheCanCode's mission is to close the Tech Gender Gap
    • Oxbridge Women in Computer Science: an annual one-day event
    • Outreachy: provides internships to people subject to systemic bias and impacted by underrepresentation in the technical industry where they are living.
Conclusion
Thanks for your attention!