Rust-based, Secure and Lightweight Container Runtime for Embedded Systems

Explore a conference talk on a Rust-based container runtime designed for embedded systems, focusing on security and lightweight performance. Discover how this innovative solution addresses the challenges of existing container runtimes in resource-constrained environments. Learn about the runtime's fast-startup mechanism, fine-grained access control using seccomp notify, and its impressive performance improvements compared to runc. Gain insights into the architecture, real-time support, and future developments of this Rust-based container runtime, which offers 7.4x faster launch times and 4.4x less memory usage than traditional solutions.

Syllabus

Intro
Outline of the Talk
Container Virtualization
What is Container Runtime?
Container Runtime Stack
Requirements of Embedded Systems
Containers on Embedded Systems
Problems of the Existing Runtimes
Rust-based Container Runtime
Comparison with the Existing Runtimes
Why Rust?
Crates for the Container Runtime
Architecture Overview
Real-Time (RT) Support
Design of Fast Startup and RT Support
Fine-Grained Access Control (FGAC)
Seccomp Notify Feature
Design of FGAC
Evaluation
Results: Start Time
Results: Memory Usage
Future Work
Conclusion