Graphene Linux-compatible library OS

RPC Streams Between Pico Processes

In Cap-lore discussions with Norm Hardy, Norm posed the question: Do you imagine doing away with kernels? cap-lore In architecting an Ethereum SaaS blockchain hybrid I had been lead to understand RPC streams better and the structure of Realms. Researching led me to find Cooperation and Security Isolation of Library OSes for Multi-Process Applications paper

# What is the benefit of running applications in Graphene library OS?

Compared to running an application in a VM with a complete legacy guest OS, which requires hundreds of MB to GB of memory, Graphene's memory overheads are closer to a Linux process (tens of MB). Graphene still has higher performance overheads than Linux (which we are working to improve), but maintains the qualitative benefits of virtualization, such as security isolation. Graphene also introduces some useful mechanisms for application sandboxing. paper The following is a list of multi-process abstractions that are currently supported in Graphene: -fork (with PID allocation) / execve -Exit notification / waitpid -Signaling -/proc/[pid] to get process metadata -System V message queues and semaphores

# Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX

This paper demonstrates that these concerns are exaggerated, and that a fully-featured library OS can rapidly deploy unmodified applications on SGX with overheads comparable to applications modified to use “shim” layers. We present a port of Graphene to SGX, as well as a number of improvements to make the security benefits of SGX more usable, such as integrity support for dynamically-loaded libraries, and secure multi-process support. paper