Each quarter, Red Hat Research Quarterly highlights new and ongoing research collaborations from around the world. This quarter we highlight collaborative projects in the greater Boston area of the United States.
There are many more active projects, so be sure to check research.redhat.com listings. You also can join live Research Interest Group (RIG) presentations each month to discuss new project proposals and review the latest results from other research collaborations. Subscribe to the US research mailing list to stay current on the interest group meetings.
PROJECT: Unikernel Linux
Academic investigators: Orran Krieger, Renato Mancuso, Ali Raza, Thomas Unger, and Parul Sohal (Boston University)
Red Hat investigators: Richard Jones, Larry Woodman, and Ulrich Drepper
The Red Hat Collaboratory’s Unikernel Linux (UKL) research project expanded its investigation of adapting unikernels to Linux. In situations where the performance of one (trusted) application is critical, the team is experimenting with co-optimizing the application and the Linux kernel. With just a simple recompilation, dozens of applications tested thus far have shown modest performance gains. For example, Redis’s 99th tail latency is improved by 10%, and throughput is improved by 21%. With more effort, expert developers can perform deep optimizations that call internal kernel functionality and employ techniques that enable link time optimizations across the application/kernel boundary. With only ten lines of code changed, Redis’s tail latency is improved by 23%, and its throughput is improved by 33% using the unikernel.
While UKL can allow optimization for only one process at a time, standard scripts can be used to launch that process, and other processes can run alongside it, enabling the use of standard Linux user-level tools and infrastructure. UKL supports both virtualized and bare metal x86-64 systems. Although the team has not yet done extensive testing, UKL should support all Linux devices and accelerators. Researchers are reviewing UKL’s modest (<1500 LOC) changes to the Linux kernel with collaborators and plan to submit a patch to the Linux kernel mailing list (LKML) early in 2022. The UKL code is available on GitHub.
PROJECT: High-performance certified trust for cloud-scale enclaves
Academic investigators: Zhong Shao, Richard Habeeb, and Hao Chen (Yale University)
Red Hat investigator: Bandan Das
This project, which investigates the feasibility of building trusted, formally verified computing enclaves for the ARM and x86 platforms, has implemented more of its formal language for specifying and composing enclave layers. Remote attestation libraries and a lightweight version of the ROS-like middleware (called ThinROS) are now running on top of the CertiKOS hypervisor kernel. The ARM platform boots CertiKOS (with real-time support) in the secure world (under TrustZone) and standard Linux in the normal world. A newly implemented security monitor allows normal-world Linux to be treated as if it were a VM process running on top of the secure mode CertiKOS. The x86 platform work explores ways to support VM-based enclaves and I/O device passthrough, based on a lightweight KVM-based Type 1.5 hypervisor. In related work at Yale, the group investigated how to formally verify the isolation property of a distributed memory manager for a large-scale datacenter with a disaggregated architecture.
PROJECT: Fuzzing device emulation in QEMU
Academic investigators: Manuel Egele and Alexander Bulekov (Boston University)
Red Hat investigators: Bandan Das and Stefan Hajnoczi
The QEMU fuzzing team will share new results at the 31st Usenix Security Symposium in August 2022. This work, conducted as part of the QEMU project, presents the Morphuzz hypervisor fuzzer, which reshapes virtual device input space to generically fuzz complex I/O protocols. Virtual devices are a critical interface enabling cloud environments. This work identifies means to insert a fuzzing framework that exercises initialization, teardown, control, and data flow paths without the need for expert knowledge of device internals. Morphuzz is now continuously fuzzing new changes to QEMU code. It provides 81% coverage over 28 virtual device implementations and has identified more than 66 unique and reproducible crashing bugs, all of which were reported to QEMU developers.
The team’s current work applies techniques similar to Morphuzz to simplify the problem of kernel system-call fuzzing. A snapshot-based kernel fuzzer can achieve high coverage over complex interfaces, such as KVM, without the need for detailed grammars or descriptions. By reducing the manual effort required for fuzzing, developers can allocate more resources toward fixing bugs and implementing safer interfaces, ensuring a safer environment for all cloud users. A prepublication PDF is available.
PROJECT: An abstraction for diagnosing performance problems in distributed applications
Academic investigators: Raja R. Sambasivan (Tufts) and Mark Crovella (Boston University)
Red Hat investigator: Juraci Kröhling
A new joint project including Tufts, Boston University, and Red Hat will build and evaluate the efficacy of tools to mine motifs from distributed traces and diagnosis tools that operate on request-workflow traces.
Diagnosing performance problems in distributed applications continues to grow more challenging. One cause is the mismatch between the powerful abstractions developers use to build increasingly complex distributed applications and the simple ones engineers have available to diagnose problems in them. This project proposes a novel abstraction for performance diagnosis, called the Workflow Motif, which describes frequently recurring processing actions. Raja Sambasivan, a leader of the Open Telemetry Working Group, hopes to apply these tools to telemetry data for large datacenter environments collected and shared through that working group. The researchers plan to publish code, documentation, and datasets used for their work with an open source license and contribute to the relevant communities fixes for any bugs they find and diagnose using the new tools.