Application Security Testing: An Integral Part of DevOps
Midori is a technology incubation project that was born out of Microsoft Researchs (MSR) Singularity operating system, the tools and libraries of which are completely managed code. Microsoft has designed Midori to be Internet-centric with an emphasis on distributed concurrent systems. It also introduces a new security model that sandboxes applications.
Singularity is a research project focused on the construction of dependable systems through innovation in the areas of systems, languages, and tools. Microsoft is building a research operating system prototype (called Singularity), extending programming languages, and developing new techniques and tools for specifying and verifying program behavior.
Security is a watchword for Midori, the operating system that Microsoft is incubating in hopes of freeing itself from its legacy Windows software architecture. SD Times has viewed internal Microsoft documents that detail Midoris security proposition. The highlights include memory safety and type safety, and a least-privileged mode. As well, hardware support may enable a secure boot mechanism and a remote chain of trust on top of secure booting.
"Midori is an attempt to create a new foundation for the operating system that runs inside the box, on the desktop and in the rack. As such, it's willing to break with compatibility (or at least wall off compatibility to a virtual machine)," explained Larry OBrien, a private consultant and author of the "Windows & .NET Watch" column for SD Times.
"We're seeing a gulf opening up right now between serial and parallel programming; only a small minority of rocket-scientist types can actually write code that works effectively in a parallel, multicore world, Hammond added. I think it's pretty clear that Midori is on the other side of that scale-out gulf. From a development point of view, those that can make the leap solidify their skills and employment opportunities for the next decade and beyond."
It would make sense for Microsoft to use the Azure platform as a vehicle for introducing Midori, Forrester's Hammond said. "It's essentially a .NET-centric (and Internet-centric) scale-out runtime.
"A distributed network-aware OS is the perfect thing to host in the cloud, and what better place to knock out the kinks than your own data center, where you have 100% control over the hardware and infrastructure you're testing on? This also allows them to test it underneath parts of the overall infrastructure: for example, hosting an individual service," Hammond explained.
Further, Microsoft is battling for new territorydistributed applicationswith the Windows Azure platform, O'Brien said. As such, the platform has little legacy codebase, as well as ample funding in money and talent, along with new challenges, he added.
"While I don't think that we know if Midori would work as something fed down the pipe to the consumer, the idea that Azure might ultimately benefit from its own operating system is definitely worthy of debate," O'Brien said.
Recent additions to the .NET Framework adhere to the concurrent programming principles outlined in the Midori documents that SD Times viewed in 2008. Silverlight and the Windows Azure platform could also be complementary to a potential release of Midori