You are here

DevSecOps Enablement via High Assurance seL4 Microkernel

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8649-23-P-0252
Agency Tracking Number: FX224-OCSO1-0124
Amount: $74,938.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: X224-OCSO1
Solicitation Number: X22.4
Solicitation Year: 2022
Award Year: 2023
Award Start Date (Proposal Award Date): 2022-11-01
Award End Date (Contract End Date): 2023-02-03
Small Business Information
3445 Lake Eastbrook SE
Grand Rapids, MI 49546-1111
United States
DUNS: 079456476
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Robert VanVossen
 (616) 389-8328
Business Contact
 Lance Hilbelink
Phone: (616) 389-8320
Research Institution

Containers have exploded in popularity due to their portability, modularity, and small overhead compared to virtual machines (VMs). This adoption has fueled design of DevSecOps pipelines in industry that enable a more rapid development cycle of systems with security baked in.  These same development practices can be applied to many commercial embedded devices, but there exists a wide range of applications for which container-based workloads are not an ideal match due to security, real-time, I/O, and many other requirements. Using a high assurance type 1 hypervisor such as the formally proven seL4 hosting virtual machines can provide security and isolation assurances baked in from the start, and using containers within these virtual machines can provide significant development flexibility while also taking advantage of the greater isolation benefits of virtual machines.  The DornerWorks VMComposer tool helps developers, design, configure, and deploy virtual machine-based systems.  The proposed work seeks to extend this support to include containers in order to allow DevSecOps workloads to be quickly deployed to embedded devices and allow the user to make intelligent trade-offs between running an individual application in a container or a virtual machine on the embedded target. DornerWorks also intends to explore unikernels as a potential middleground between virtual machines and containers, since they can be used to create light weight VM packages comparable to containers supporting micro-services while increasing performance and security by removing the need for a GPOS.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government