Update on Overleaf.

diagrams/attack-surface-vs-linux-compatibility.tex

@@ -0,0 +1,93 @@
+\documentclass[12pt,crop,tikz]{standalone}
+
+\providecommand{\rootdir}{..}
+\usepackage{tikz}
+\usetikzlibrary{backgrounds}
+\usetikzlibrary{positioning}
+\usetikzlibrary{calc}
+\usetikzlibrary{decorations.pathreplacing}
+
+\tikzstyle{arrow} = [thick,->,>=stealth]
+
+% The Tableau20 colours
+\definecolor{TabLightOrange}{RGB}{255,187,120}
+\definecolor{TabOrange}{RGB}{255,127,14}
+\definecolor{TabLightBlue}{RGB}{174,199,232}
+\definecolor{TabBlue}{RGB}{31,119,180}
+\definecolor{TabGreen}{RGB}{44,160,44}
+\definecolor{TabLightGreen}{RGB}{152,223,138}
+\definecolor{TabSalmon}{RGB}{255,152,150}
+\definecolor{TabRed}{RGB}{214,39,40}
+\definecolor{TabPurple}{RGB}{148,103,189}
+\definecolor{TabLightPurple}{RGB}{197,176,213}
+\definecolor{TabLightPink}{RGB}{247,182,210}
+\definecolor{TabPink}{RGB}{227,119,194}
+\definecolor{TabLightBrown}{RGB}{196,156,148}
+\definecolor{TabBrown}{RGB}{140,86,75}
+\definecolor{TabGray}{RGB}{127,127,127}
+\definecolor{TabOlive}{RGB}{188,189,34}
+\definecolor{TabLightOlive}{RGB}{219,219,141}
+\definecolor{TabLightGray}{RGB}{199,199,199}
+\definecolor{TabLightCyan}{RGB}{158,218,229}
+\definecolor{TabCyan}{RGB}{23,190,207}
+
+\begin{document}
+
+\def\titlepad{0.1}
+\def\boxspacing{40mm}
+
+\def\layer{0.3}
+
+\def\inner{0.3}
+\def\innerspace{0.2}
+
+\def\layerwidth{5cm}
+\def\halflayerwidth{2.35cm}
+\def\layerheight{0.8cm}
+\def\innerwidth{4.4cm}
+\def\halfinnerwidth{2.1cm}
+
+\begin{tikzpicture}[ every node/.style={font=\small}
+  , layer/.style=    {rectangle, draw=black!50, thick, minimum width=\layerwidth    , minimum height=\layerheight}
+  , halflayer/.style={rectangle, draw=black!50, thick, minimum width=\halflayerwidth, minimum height=\layerheight}
+  , inner/.style=    {rectangle, draw=black!50, thick, minimum width=\innerwidth    , minimum height=\layerheight}
+  , halfinner/.style={rectangle, draw=black!50, thick, minimum width=\halfinnerwidth, minimum height=\layerheight}
+  , red/.style={fill=TabPurple!40}
+  , orange/.style={fill=TabBlue!40}
+  , yellow/.style={fill=TabCyan!40}
+  , green/.style={fill=TabLightGreen!60}
+  , node distance = 0cm
+	, arrow={->,>=stealth}
+  ]
+  
+    \begin{scope}[local bounding box=graph-body]
+        \node[layer,orange] (void-processes) {Void Processes (§\ref{sec:system-design})};
+        \node[circle,fill,inner sep=1.5pt, yellow, below = \innerspace of void-processes] (void-processes-dot) {};
+
+        \node[circle,fill,inner sep=1.5pt, yellow, above left=3*\layerheight and 3*\layerheight of void-processes-dot] (unikernels-dot) {};
+        \node[layer, above = \innerspace of unikernels-dot] (unikernels) {Unikernels};
+        
+        \node[circle,fill,inner sep=1.5pt, yellow, below right=3*\layerheight and 2*\layerheight of void-processes-dot] (containers-dot) {};
+        \node[layer, above = \innerspace of containers-dot] (containers) {Containers (§\ref{sec:priv-sep-perspective})};
+        
+        \node[circle,fill,inner sep=1.5pt, yellow, below left=5*\layerheight and 1*\layerheight of void-processes-dot] (virtual-machines-dot) {};
+        \node[layer, above = \innerspace of virtual-machines-dot] (virtual-machines) {Virtual Machines (§\ref{sec:priv-sep-another-machine})};
+        
+        \node[circle,fill,inner sep=1.5pt, yellow, below right=5*\layerheight and 11*\layerheight of void-processes-dot] (ambient-authority-dot) {};
+        \node[layer, above left=\innerspace and \innerspace of ambient-authority-dot] (ambient-authority) {Ambient Authority};
+    \end{scope}
+    
+    \coordinate (graph-body-nw) at ($ (graph-body.north west) + (-0.3, 0.3 + \titlepad) $);
+    \coordinate (graph-body-ne) at ($ (graph-body.north east) + ( 0.3, 0.3 + \titlepad) $);
+    \coordinate (graph-body-sw) at ($ (graph-body.south west) + (-0.3,-0.3) $);
+    \coordinate (graph-body-se) at ($ (graph-body.south east) + ( 0.3,-0.3) $);
+    
+    % Axes
+    \draw[->] ($ (graph-body-nw) + (0.15, 0) $) -- (graph-body-ne);
+    \draw[->] (graph-body-nw) -- (graph-body-sw);
+    
+    % Axis labels
+    \node[rectangle,fill=white] at ($ (graph-body-nw)!0.5!(graph-body-ne) $) (x-axis-label) {Attack surface};
+    \node[rectangle,fill=white,rotate around={90:($ (graph-body-nw)!0.5!(graph-body-sw) $)}] at ($ (graph-body-nw)!0.5!(graph-body-sw) $) (y-axis-label) {Linux compatibility};
+\end{tikzpicture}
+\end{document}

diagrams/openbsd-syslogd-privsep.tex

@@ -0,0 +1,176 @@
+\documentclass[12pt,crop,tikz]{standalone}
+
+\providecommand{\rootdir}{..}
+\usepackage{tikz}
+\usetikzlibrary{backgrounds}
+\usetikzlibrary{positioning}
+\usetikzlibrary{calc}
+\usetikzlibrary{decorations.pathreplacing}
+
+\tikzstyle{arrow} = [thick,->,>=stealth]
+
+% The Tableau20 colours
+\definecolor{TabLightOrange}{RGB}{255,187,120}
+\definecolor{TabOrange}{RGB}{255,127,14}
+\definecolor{TabLightBlue}{RGB}{174,199,232}
+\definecolor{TabBlue}{RGB}{31,119,180}
+\definecolor{TabGreen}{RGB}{44,160,44}
+\definecolor{TabLightGreen}{RGB}{152,223,138}
+\definecolor{TabSalmon}{RGB}{255,152,150}
+\definecolor{TabRed}{RGB}{214,39,40}
+\definecolor{TabPurple}{RGB}{148,103,189}
+\definecolor{TabLightPurple}{RGB}{197,176,213}
+\definecolor{TabLightPink}{RGB}{247,182,210}
+\definecolor{TabPink}{RGB}{227,119,194}
+\definecolor{TabLightBrown}{RGB}{196,156,148}
+\definecolor{TabBrown}{RGB}{140,86,75}
+\definecolor{TabGray}{RGB}{127,127,127}
+\definecolor{TabOlive}{RGB}{188,189,34}
+\definecolor{TabLightOlive}{RGB}{219,219,141}
+\definecolor{TabLightGray}{RGB}{199,199,199}
+\definecolor{TabLightCyan}{RGB}{158,218,229}
+\definecolor{TabCyan}{RGB}{23,190,207}
+
+\begin{document}
+
+\def\titlepad{0.1}
+\def\boxspacing{40mm}
+
+\def\layer{0.3}
+
+\def\inner{0.3}
+\def\innerspace{0.2}
+
+\def\layerwidth{5cm}
+\def\halflayerwidth{2.35cm}
+\def\layerheight{0.8cm}
+\def\innerwidth{4.4cm}
+\def\halfinnerwidth{2.1cm}
+
+\begin{tikzpicture}
+  [ every node/.style={font=\small}
+  , layer/.style=    {rectangle, draw=black!50, thick, minimum width=\layerwidth    , minimum height=\layerheight}
+  , halflayer/.style={rectangle, draw=black!50, thick, minimum width=\halflayerwidth, minimum height=\layerheight}
+  , inner/.style=    {rectangle, draw=black!50, thick, minimum width=\innerwidth    , minimum height=\layerheight}
+  , halfinner/.style={rectangle, draw=black!50, thick, minimum width=\halfinnerwidth, minimum height=\layerheight}
+  , red/.style={fill=TabPurple!40}
+  , orange/.style={fill=TabBlue!40}
+  , yellow/.style={fill=TabCyan!40}
+  , green/.style={fill=TabLightGreen!60}
+  , node distance = 0cm
+	, arrow={->,>=stealth}
+  ]
+
+  %-----------------------------------------------------------------------------
+  %   conventional syslogd
+  %-----------------------------------------------------------------------------
+
+  \begin{scope}[local bounding box=syslogd]
+    \node[layer] (syslogd-root) {Root privilege};
+    
+    % hack to get the spacing right
+    \coordinate (std-spaced_app1) at ($ (syslogd-root.south)+(0,-\inner) $); 
+    
+    \node[layer, orange, below = 2mm of syslogd-root] (syslogd-app) {syslogd.c};
+
+    \node[layer, fill=white, below = 2*\layer of syslogd-app] (syslogd-untrusted) {Untrusted user data};
+    
+    % Lines down the left
+    \coordinate (std-lline) at ($ (syslogd-app) + (-1.15,0) $);
+    \draw[->] (std-lline |- 0, 0 |- syslogd-root.south) -- (std-lline |- 0, 0 |- syslogd-app.north);
+
+    % Lines down the right
+    \coordinate (std-rline) at ($ (syslogd-app) + (1.15,0) $);
+    \draw[->] (std-rline |- 0, 0 |- syslogd-app.north) -- (std-rline |- 0, 0 |- syslogd-root.south);
+
+  \end{scope}
+
+  \begin{scope}[local bounding box=syslogd-kernel]
+    \fill[gray!15] ($ (syslogd-untrusted.north west) + (-\layer,\layer) $) rectangle ($ (syslogd-untrusted.south east) + (\layer, -\layer) $);
+  \end{scope}
+  \draw[-, gray, dashed] (syslogd-kernel.north west) -- (syslogd-kernel.north east);
+
+  \node[layer, fill=white, below = 2*\layer of syslogd-app] (syslogd-untrusted) {Untrusted user data};
+  \draw[->] (std-lline |- 0, 0 |- syslogd-app.south) -- (std-lline |- 0, 0 |- syslogd-untrusted.north);
+  \draw[<-] (std-rline |- 0, 0 |- syslogd-app.south) -- (std-rline |- 0, 0 |- syslogd-untrusted.north);
+  
+  \coordinate (syslogd-nw) at ($ (syslogd.north west) + (-\inner, \inner + \titlepad) $);
+  \coordinate (syslogd-ne) at ($ (syslogd.north east) + ( \inner, \inner + \titlepad) $);
+  \coordinate (syslogd-sw) at ($ (syslogd.south west) + (-\inner,-\inner) $);
+  \coordinate (syslogd-se) at ($ (syslogd.south east) + ( \inner,-\inner) $);
+    
+  \draw[draw, thick] (syslogd-nw) rectangle (syslogd-se);
+  \node[rectangle, fill=white] at ($(syslogd-nw)!0.5!(syslogd-ne)$) (syslogd_label) {\normalsize\textbf{Conventional syslogd}};
+  
+  %-----------------------------------------------------------------------------
+  %   privsep syslogd
+  %   -----------------------------------------------------------------------------
+
+  \begin{scope}[local bounding box=client]
+    % \coordinate[right=5cm of syslogd-] (client_center)
+    
+    \node[layer, below = 3cm of syslogd] (privsep-syslogd-root) {Root privilege};
+    
+    % hack to get the spacing right
+    \coordinate (spaced_app1) at ($ (privsep-syslogd-root.south)+(0,-\inner) $); 
+
+    \begin{scope}[local bounding box=privsep-syslogd-app]
+      \node[inner, red, below = \layer of spaced_app1, yshift=-0.2cm] (rpc1) {privsep.c};
+
+      \node[inner, orange, below = 10mm of rpc1] (rpc2) {syslogd.c};
+    \end{scope}
+
+    \coordinate (rpc1-nw) at ($ (privsep-syslogd-app.north west) + (-0.3, 0.3 + \titlepad) $);
+    \coordinate (rpc1-ne) at ($ (privsep-syslogd-app.north east) + ( 0.3, 0.3 + \titlepad) $);
+    \coordinate (rpc1-sw) at ($ (privsep-syslogd-app.south west) + (-0.3,-0.3) $);
+    \coordinate (rpc1-se) at ($ (privsep-syslogd-app.south east) + ( 0.3,-0.3) $);
+
+    \draw[draw,thick,dotted] (rpc1-nw) rectangle (rpc1-se);
+
+    \coordinate (rpc-bottom) at ($(privsep-syslogd-app.south west)!0.5!(privsep-syslogd-app.south east) + (0, -0.3)$);
+    
+    \node[layer, fill=white, below = 3*\layer of privsep-syslogd-app] (privsep-syslogd-untrusted) {Untrusted user data};
+    
+    % Lines down the left
+    \coordinate (lline) at ($ (privsep-syslogd-app) + (-1.15,0) $);
+    \draw[->] (lline |- 0, 0 |- privsep-syslogd-root.south) -- (lline |- 0, 0 |- rpc1.north);
+    \draw[->] (lline |- 0, 0 |- rpc1.south) -- node[left, text width = 1cm, align = center]
+    {\normalsize\emph{open files}} (lline |- 0, 0 |- rpc2.north);
+
+    % Lines down the right
+    \coordinate (rline) at ($ (privsep-syslogd-app) + (1.15,0) $);
+    \draw[->] (rline |- 0, 0 |- rpc1.north) -- (rline |- 0, 0 |- privsep-syslogd-root.south);
+    %\draw[->] (rline |- 0, 0 |- rpc2.north) -- (rline |- 0, 0 |- rpc1.south);
+    \draw[->] (rline |- 0, 0 |- rpc2.north) -- node[right, text width = 1cm, align = center]
+    {\normalsize\emph{RPCs}} (rline |- 0, 0 |- rpc1.south);
+  \end{scope}
+
+  \begin{scope}[on background layer, local bounding box=client-kernel]
+    \fill[gray!15] ($ (privsep-syslogd-untrusted.north west) + (-\layer,\layer) $) rectangle ($ (privsep-syslogd-untrusted.south east) + (\layer, -\layer) $);
+  \end{scope}
+  
+  \draw[-, gray, dashed] (client-kernel.north west) -- (client-kernel.north east);
+
+  \coordinate (client-nw) at ($ (client.north west) + (-\inner, \inner + \titlepad) $);
+  \coordinate (client-ne) at ($ (client.north east) + ( \inner, \inner + \titlepad) $);
+  \coordinate (client-sw) at ($ (client.south west) + (-\inner,-\inner) $);
+  \coordinate (client-se) at ($ (client.south east) + ( \inner,-\inner) $);
+    
+  \draw[draw, thick] (client-nw) rectangle (client-se);
+  \node[rectangle, fill=white] at ($(client-nw)!0.5!(client-ne)$) (client_label) {\normalsize\textbf{privsep syslogd}};
+  
+  \draw[->] (lline |- 0, 0 |- privsep-syslogd-app.south) -- (lline |- 0, 0 |- privsep-syslogd-untrusted.north);
+  \draw[<-] (rline |- 0, 0 |- privsep-syslogd-app.south) -- (rline |- 0, 0 |- privsep-syslogd-untrusted.north);
+
+  \coordinate (yheight) at ($ (syslogd-root.east) + (0, -1) $);
+  \coordinate (trans-arrow-l) at (syslogd-kernel.east |- 0, 0 |- yheight);
+  \coordinate (trans-arrow-r) at (client-kernel.west |- 0, 0 |- yheight);
+  %\draw[very thick, ->] ($(trans-arrow-l) + (0.5, 0)$) -- node[above, text width = 4cm, align = center, yshift=3mm]
+  
+  %\draw[very thick, ->] (syslogd-kernel) -- ($ (client.north) + (0, 2*\inner) $)
+  
+  \draw[very thick, ->] (syslogd-kernel.south) -- node[right, text width = 3.9cm, align = center, yshift=0.5mm]
+    {\normalsize\emph{Pass file descriptors \\[1mm] rather than \\[1mm] ambient privilege}} ($ (client.north) + (0, 2*\inner) $);
+
+\end{tikzpicture}
+\end{document}

diagrams/tls-server-processes.tex

@@ -0,0 +1,127 @@
+\documentclass[12pt,crop,tikz]{standalone}
+
+\providecommand{\rootdir}{..}
+\usepackage{tikz}
+\usetikzlibrary{backgrounds}
+\usetikzlibrary{positioning}
+\usetikzlibrary{calc}
+\usetikzlibrary{decorations.pathreplacing}
+
+\tikzstyle{arrow} = [thick,->,>=stealth]
+
+% The Tableau20 colours
+\definecolor{TabLightOrange}{RGB}{255,187,120}
+\definecolor{TabOrange}{RGB}{255,127,14}
+\definecolor{TabLightBlue}{RGB}{174,199,232}
+\definecolor{TabBlue}{RGB}{31,119,180}
+\definecolor{TabGreen}{RGB}{44,160,44}
+\definecolor{TabLightGreen}{RGB}{152,223,138}
+\definecolor{TabSalmon}{RGB}{255,152,150}
+\definecolor{TabRed}{RGB}{214,39,40}
+\definecolor{TabPurple}{RGB}{148,103,189}
+\definecolor{TabLightPurple}{RGB}{197,176,213}
+\definecolor{TabLightPink}{RGB}{247,182,210}
+\definecolor{TabPink}{RGB}{227,119,194}
+\definecolor{TabLightBrown}{RGB}{196,156,148}
+\definecolor{TabBrown}{RGB}{140,86,75}
+\definecolor{TabGray}{RGB}{127,127,127}
+\definecolor{TabOlive}{RGB}{188,189,34}
+\definecolor{TabLightOlive}{RGB}{219,219,141}
+\definecolor{TabLightGray}{RGB}{199,199,199}
+\definecolor{TabLightCyan}{RGB}{158,218,229}
+\definecolor{TabCyan}{RGB}{23,190,207}
+
+\begin{document}
+
+\def\titlepad{0.1}
+\def\boxspacing{40mm}
+
+\def\layer{0.3}
+
+\def\inner{0.3}
+\def\innerspace{0.2}
+
+\def\layerwidth{15cm}
+\def\halflayerwidth{2.35cm}
+\def\thirdlayerwidth{4.85cm}
+\def\layerheight{0.8cm}
+\def\innerwidth{4.4cm}
+\def\halfinnerwidth{2.1cm}
+
+\begin{tikzpicture}
+  [ every node/.style={font=\small}
+  , layer/.style=    {rectangle, draw=black!50, thick, minimum width=\layerwidth    , minimum height=\layerheight}
+  , halflayer/.style={rectangle, draw=black!50, thick, minimum width=\halflayerwidth, minimum height=\layerheight}
+  , inner/.style=    {rectangle, draw=black!50, thick, minimum width=\innerwidth    , minimum height=\layerheight}
+  , halfinner/.style={rectangle, draw=black!50, thick, minimum width=\halfinnerwidth, minimum height=\layerheight}
+  , dashed/.style=   {rectangle, draw=black!25, dotted, thick, minimum width=\innerwidth, minimum height=\layerheight}
+  , red/.style={fill=TabPurple!40}
+  , orange/.style={fill=TabBlue!40}
+  , yellow/.style={fill=TabCyan!40}
+  , green/.style={fill=TabLightGreen!60}
+  , node distance = 0cm
+	, arrow={->,>=stealth}
+  ]
+
+  \begin{scope}[local bounding box=std-client]
+    \node[layer] (ambient-authority) {Ambient Authority};
+    \node[layer, orange, below = 2mm of ambient-authority] (void-orchestrator) {Void Orchestrator};
+    
+    \draw[->] (ambient-authority.south) -- (void-orchestrator.north);
+    
+    % hack to get the spacing right
+    \coordinate (std-spaced_app1) at ($ (void-orchestrator.south)+(0,-\inner) $); 
+
+    \begin{scope}[local bounding box=spawners]
+      \node[inner, red, below = \layer of std-spaced_app1, yshift=-0.2cm] (tls-handler-spawner) {TLS Handler Spawner};
+      \node[dashed, left = 5.5mm of tls-handler-spawner] (connection-listener-spawner) {};
+      \node[inner, red, right = 5.5mm of tls-handler-spawner] (http-handler-spawner) {HTTP Handler Spawner};
+    \end{scope}
+    
+    \node[inner, green, below = 3*\layer of connection-listener-spawner] (connection-listener) {Connection Listener};
+    \node[inner, green, below = 3*\layer of tls-handler-spawner] (tls-handler) {TLS Handler};
+    \node[inner, green, below = 3*\layer of http-handler-spawner] (http-handler) {HTTP Handler};
+
+
+    \coordinate (spawners-nw) at ($ (spawners.north west) + (-0.3, 0.3 + \titlepad) $);
+    \coordinate (spawners-ne) at ($ (spawners.north east) + ( 0.3, 0.3 + \titlepad) $);
+    \coordinate (spawners-sw) at ($ (spawners.south west) + (-0.3,-0.3) $);
+    \coordinate (spawners-se) at ($ (spawners.south east) + ( 0.3,-0.3) $);
+
+    \draw[draw,thick,dotted] (spawners-nw) rectangle (spawners-se);
+    \node[rectangle,fill=white] at ($(spawners-nw)!0.5!(spawners-ne)$) (spawners_label) {\textit{Spawners}};
+    
+    % Left line locations (to avoid spawner header)
+    \coordinate (left-lline) at ($ (connection-listener-spawner) + (-1.15,0) $);
+    \coordinate (mid-lline) at ($ (tls-handler-spawner) + (-1.15,0) $);
+    \coordinate (right-lline) at ($ (http-handler-spawner) + (-1.15,0) $);
+    
+    \coordinate (left-rline) at ($ (connection-listener-spawner) + (1.15,0) $);
+    \coordinate (mid-rline) at ($ (tls-handler-spawner) + (1.15,0) $);
+
+    % Lines for the left set
+    \draw[->] (left-lline |- 0, 0 |- void-orchestrator.south) -- (left-lline |- 0, 0 |- connection-listener.north);
+    
+    % Lines for the center set
+    \draw[->] (mid-lline |- 0, 0 |- void-orchestrator.south) -- (mid-lline |- 0, 0 |- tls-handler-spawner.north);
+    \draw[->] (mid-lline |- 0, 0 |- tls-handler-spawner.south) -- (mid-lline |- 0, 0 |- tls-handler.north);
+    
+    % Lines for the right set
+    \draw[->] (right-lline |- 0, 0 |- void-orchestrator.south) -- (right-lline |- 0, 0 |- http-handler-spawner.north);
+    \draw[->] (right-lline |- 0, 0 |- http-handler-spawner.south) -- (right-lline |- 0, 0 |- http-handler.north);
+    
+    % Special lines
+    \draw[->] (connection-listener.east) -- ($(connection-listener.east)!0.5!(tls-handler.west)$) -- ($(connection-listener-spawner.east)!0.5!(tls-handler-spawner.west)$) -- (tls-handler-spawner.west);
+    \draw[->] (tls-handler.east) -- ($(tls-handler.east)!0.5!(http-handler.west)$) -- ($(tls-handler-spawner.east)!0.5!(http-handler-spawner.west)$) -- (http-handler-spawner.west);
+    
+  \end{scope}
+
+  \coordinate (std-client-nw) at ($ (std-client.north west) + (-\inner, \inner + \titlepad) $);
+  \coordinate (std-client-ne) at ($ (std-client.north east) + ( \inner, \inner + \titlepad) $);
+  \coordinate (std-client-sw) at ($ (std-client.south west) + (-\inner,-\inner) $);
+  \coordinate (std-client-se) at ($ (std-client.south east) + ( \inner,-\inner) $);
+    
+  \draw[draw, thick] (std-client-nw) rectangle (std-client-se);
+
+\end{tikzpicture}
+\end{document}