Intravisor makes containers smaller, more secure, and faster to deploy, thanks to CHERI

Systems Security Consulting offers consulting and research services in systems security, including trusted and confidential computing, and embedded systems. As part of their Technology Access Programme project they used Intravisor to exploit CHERI security features to make containers more secure and faster to deploy in the cloud.

Article type: Case study
author Digital Security
by Design

Testing a novel virtualisation platform built on CHERI capabilities

The Systems Security Consulting team was already part of the Digital Security by Design (DSbD) community, having worked on a CHERI RISC-V implementation and participated on CHERI-CPU, University of Cambridge’s Slack workspace. They joined the DSbD Technology Access Programme (TAP) in 2023, building upon academic research they began at Imperial College London, this time using the Arm Morello prototype board based on CHERI.

While it is possible to port software to CHERI with minimal or no changes, exploiting its potential further requires the use of fine-grained compartmentalisation models. Remodelling can involve time-consuming and labour-intensive decomposition and porting. Systems Security Consulting had already designed their solution, Intravisor, to solve this problem for CHERI users. By focusing on application-level containerisation, the end result could be a much more efficient and cost-effective form of virtualisation than the industry standard, the Open Container Initiative (OCI), used by Docker.

“CHERI is a fundamental technology in our project. Its performance evaluation is impossible without access to hardware. Overall, [our] project seeks… a new virtualisation architecture without the limitations of existing ones. Technically, using CHERI, one can create low-trusted computing base (TCB), low-overhead virtualisation primitives.”

Dr Eng Vasily A Sartakov, CEO, Systems Security Consulting

Joining TAP has given the team access to actual hardware. Previously, they had relied on AWS F1 field-programmable gate array (FPGA) instances while working on CHERI RISC-V. Arm Morello is the first piece of hardware that natively supports rich operating systems with the CHERI protection model. Through TAP, the Systems Security Consulting team were able to evaluate Intravisor and demonstrate their academic research to the wider community, including to potential customers.

Solving the cloud isolation/sharing conundrum

Both isolation and sharing are crucial to cloud solutions. Each tenant’s code and data must be separately secured, in isolation from others as well as the hosting provider. At the same time, sharing is essential for the inter-process communication (IPC) of tenant services. Usually, using virtual machines and containers means choosing between a solution with strong isolation but inefficient sharing, or having a huge trusted computing base (TCB) for efficient and unified communications, but weak isolation.

Intravisor adopts a different compartmentalisation model, using hardware memory capabilities as the foundation for isolation and sharing. This uses intra-process compartments, comprising code and data capabilities constrained by the same borders as well as efficient IPC mechanisms to enable communication between the compartmentalised services. This results in a low-TCB solution with strong isolation and fast communication.

Containerised virtual machines (cVMs) in Intravisor do not rely on the host OS, and require only a few essential kernel mechanisms, such as input/output access, threads, locks and time. Intravisor can be used for secure solutions based on microkernels, enabling the implementation of full-fledged Linux environments, partitioned pure-capability applications, and even rack-scale cloud services. It provides a type-three hypervisor, which is more granular than type-one (used at system level) or type-two used for OCI-style containers. Its economy and all-round low footprint could make it better suited to functions-as-a-service, for example AWS Lambda or Azure Functions.

Through TAP, the Systems Security Consulting team not only evaluated their research prototype on real hardware, they were also able to extend Intravisor’s functionality by integrating Libvirtd cloud orchestration software – an open source virtualisation management toolkit – as a standalone cVM. Porting libvirt to support CHERI required only a few dozen changes to its source code (measured in lines of code). Similarly, their modifications to libvirt to support the team’s product, Intravisor, amounted to about 2,790 lines of code. These are modest changes (<1.0%), compared to the size of libvirt itself (435,238 lines).

“We offer Intravisor as a base for customer solutions, thus, our own CHERI-enabled platform with our in-house software will significantly help us sell our services.”

Dr Eng Vasily A Sartakov, CEO, Systems Security Consulting

Systems Security Consulting is open to contracting work for porting specific applications or developing solutions based on Morello and Intravisor.

About Systems Security Consulting 

Systems Security Consulting offers consulting and research services in systems security, including trusted and confidential computing, and embedded systems.

Sign up to the newsletter

Sign up to the Digital Security by Design newsletter to stay up to date with our events, news, insights and opportunities. Be the first to know about our work and ways to get involved.

UKRI DSbD Councils
Website delivered by Digital Catapult as part of the Technology Access Programme, funded by UKRI through the Digital Security by Design Programme