Software Execution Environmens - process, virtual machine, and container

Software Execution Environmens - process, virtual machine, and container

This slide introduces the various software execution environments, like process, virtual, and container.

842515eaf8fbb2dfcc75197e7797dc15?s=128

Satoru Takeuchi

May 16, 2020
Tweet

Transcript

  1. 1.

    Software execution Environments ~Process, virtual machine, and container May 15,

    2020 Kanazawa.rb meetup #93 Satoru Takeuchi (twitter: satoru_takeuchi, EnSatoru) 1
  2. 3.

    Process with primitiv kernels like poor embedded system 3 Process

    hardware access Process access 〇 〇 kernel access 〇 〇 access
  3. 4.

    Process with modern kernels like Linux and NT kernel 4

    kernel hardware process ①Requests with system calls • File access • Hardware access • Inter process communication ②access access × × access 〇 〇 process
  4. 5.

    Virtual machine (qemu + kvm) 5 kernel hardware Process for

    virtual machine Virtual hardware kernel プロセス プロセス process ①trap ③request ④request access × ②
  5. 7.

    Two types of containers 7 System container (for full featured

    OS environment) Application container (for only one application like Docker container) container Environment for all apps container app app Environment for an app app
  6. 8.

    Security risks • The required steps to attack other process

    8 kernel kernel hardware hardware container プロセス プロセス process Virtual machine container Virtual machine Virtual hardware kernel process ① process ① process ② ② ③ ④
  7. 9.

    Various container runtimes • System call steps 9 runC(basic way)

    Kata Containers gVisor Namespace app kernel VM app kernel kernel app Userland kernel kernel hardware ① ② ① ② ① ② ④ ③ ⑤