Title: Would an OCaml Unikernel API for bitcoin help improve security? Post by: fibble on September 10, 2016, 11:38:32 PM Been reading about things like MirageOS and Unikernels. Mirage turns OCaml code into a kernel that runs directly under Xen, no OS as such just enough code to do its job,
There is also this: http://ocaml-bitcoin.forge.ocamlcore.org/ OCaml library for bitcoind interaction. Im thinking, would an OCaml unikernel that exposed the bitcoin API, then optionally applied some logic and passed through the request to an off-line (no internet) bitcoind provide some value? e.g. no OS or stack to attack, attack vectors massively reduced. Also if doing processing on requests Exchanges using for hot wallets could check nobody ever moves more than X btc, or than an amount martches a verified withdrawl in another DB or cache.. Basically youd never run bitcoind on an exposed linux machine, all would be via unikernel tcp stack. Thoughts appreciated. |