Sandboxes + IoT Flashcards
What is gVisor? How it works and what are the drawbacks?
it is a container sandbox and It minimizes the system api attack vector.
sentry intercepts the suscalls made by the application.
Then syscalls pass through the seccomp for filtering.
Drawbacks:
not all syscalls are implemented and
not suited for syscall heavy workloads.
What is AWS Firecracker?
A virtual machine manager (hypervisor) that uses kernel virtual machine to create and manage microVMs.
It is designed for serveless computing.
It has enhanced security and isolation over traditional VMs.
startup time and memory footprint are reduced.
What is kata containers?
It provides secure and isolated containers with a separate kernel.
What is edge computing?
The computation and the data are are shifted to computers which are at the edge of the network. The intention is to bring the computation and the storage closer to the physical location where it is needed to improve response time and save bandwidth.
Example: Autonomous car
What are the 3 Iot Architectures?
IoT Cloud architecture.
IoT Edge architecture.
Iot Fog architecture.
What is fog computing? What is a fog nodes?
Fog computing is an extension of edge computing. Instead of sending all the information after the edge layer is done to the cloud, fog layer will decide whether this information is important to send it to the cloud.
Fog nodes are either a physical or virtual components that are coupled to the end devices and they provide computing resource to them. A fog node is aware of its geographical distribution and logical location.