13.03.2026 –, Vorträge 1 Sprache: English
MirageOS started more than a decade ago as a research project at University of Cambridge. Nowadays it provides various useful services, from web server over DNS & DHCP, eMail server (including mailing lists), VPN, CalDAV (calendar), firewall, ... Security is built-in: few attack vectors (by using the memory-safe and type-safe programming language OCaml), tiny attack surface (much smaller binaries), reproducible builds (supply chain security).
We also developed a lean web user interface for managing MirageOS unikernels, together with an orchestrator that allows you to deploy via CI actions, or from a build server, including lifecycle management (updates, restart on failure, monitoring, ...).
Over the years, we also managed to simplify the code of the simplest unikernel by removing abstraction (that was introduced prematurely). Take a look at the screencast https://asciinema.org/a/681922
I will show the general idea, what is available right now (and how easy to use it is), and how we moved this project from a research experiment to production.
- you can run your own infrastructure at scale using functional programming
- using a functional programming language at the core of your operating system / service makes it smooth to update, and reason about code changes, separating code from data
- the tiny API between the host system and the unikernel is all that is needed for Internet services
- adding security features (supply chain security etc.) requires a lot of work
- reproducible builds have a nice simple definition (bit-by-bit equality), but as well need some work to get them right
- moving from paper-oriented software to production software is tough
- premature abstraction makes code hard to understand, removing it at a later point is API-breaking but worth doing
In computer security since >20 years. PhD "formal verification of the correctness of OO code" (separation logic & Coq). Learned that verifiying existing code is tedious (mutable state). Redeveloping OS in FP brings trustworthy systems. Works full-time on MirageOS since >10 years, now at robur.coop. Since 2025 leading the OCaml Security team.