A Boston University project
Virtual devices are the most common site for security bugs in hypervisors. In our evaluation, we found new bugs in devices such as serial and virtio-net, ranging from memory corruptions to denial-of-service vulnerabilities. By combining well known coverage guidance techniques with domain-specific feedback, we found promising fuzzer performance, even for complex targets such as hypervisors.
Our flagship partnership, Boston University is the center of two major Red Hat initiatives: The Red Hat Collaboratory at Boston University, and the Mass Open Cloud. Both initiatives are dedicated to the idea that marrying research to the open source development methodology, using a partnership between scientists and open source developers, is a uniquely fast and fruitful way of putting great ideas into practice. Boston University is also the center of our Boston intern program, which generates more and more new Red Hatters with each passing year.
On March 2nd and 3rd, Boston University hosted the 2020 Open Cloud Workshop, with key stakeholders of the Open Cloud Testbed, the OpenStack Foundation, the Open Infra Labs project, and the New England Research Cloud.
The BU Center for Information and Systems Engineering (CISE) hosted a workshop for IBM, Red Hat and Boston University (BU) on Cloud Computing topics on February 14, where we shared progress and results from many interesting projects.
Title Summary Research Area Workflow-Centric Tracing for Cloud Applications Workflow-centric tracing allows traces (i.e., graphs) of requests’ workflows to be constructed by stitching together trace points with the same request context. Three collaboratory projects focus on improving the observability and diagnosability of Red Hat products using this technique. Cloud-DS Hybrid Cloud Caching A fundamental goal of the Hybrid Cloud Cache project is to allow simplified integration into existing data lakes, to enable caching to be transparently introduced into hybrid cloud computation, to support efficient caching of objects widely shared across clusters deployed by different organizations, and to avoid the complexity of managing … Volume Storage Over Object Storage This project creates a hybrid storage system composed of a high-speed local device (e.g. Optane) to store short term data, along with a write-once object store (e.g, Ceph RGW) to store data blocks permanently. Cloud-DS Kariz Cache Prefetching and Management Kariz is a caching system that works closely with analytic frameworks scheduler to find the best caching policy for the current running application. Cloud-DS PACT: Private Automated Contact Tracing Security, Privacy, Cryptography OpenInfra Labs OpenInfra Labs is an OpenStack Foundation project connecting open source projects to production to advance … AI-ML, Cloud-DS, Hardware and the OS, Security, Privacy, Cryptography, Testing and Ops Elastic Secure Infrastructure This project encompasses work in several areas to design, build and evaluate secure bare-metal elastic infrastructure for data centers. Cloud-DS, Security, Privacy, Cryptography, Testing and Ops Open Cloud Testbed The Open Cloud Testbed project will build and support a testbed for research and experimentation into new cloud platforms – the underlying software which provides cloud services to applications. Testbeds such as OCT are critical for enabling research into new cloud technologies – research that requires experiments which potentially change … AI-ML, Cloud-DS, Hardware and the OS, Security, Privacy, Cryptography, Testing and Ops Implementing Secure Multi-Party Computing Secure Multiparty Computation (MPC) is a cryptographic primitive that allows several parties to jointly and privately compute desired functions over secret data. Building and deploying practical MPC applications faces several obstacles, including performance overhead, complicated deployment and setup procedures, and adoption of MPC protocols into modern software stacks. MPC applications … Cloud-DS, Security, Privacy, Cryptography Outfitting QEMU/KVM with Partitioning Hypervisor Functionality This project extends the virtualization capabilities of QEMU and KVM by adding partitioning hypervisor functionality. With this implementation, hardware resources can be exclusively assigned to specific tasks and VMs. Current work supports KVM Isolation IOCTLs to query CPUs to find isolated CPUs. Hardware and the OS An Optimizing Operating System: Accelerating Execution With Speculation To optimize performance, Automatically Scalable Computation (ASC), a Harvard/BU collaboration attempts to auto-parallelize single threaded workloads, reducing any new effort required from programmers to achieve wall clock speedup. SEUSS takes a different approach by splicing a custom operating system into the backend of a high throughput distributed serverless platform, Apache … Cloud-DS, Hardware and the OS Kernel Techniques to Optimize Memory Bandwidth with Predictable Latency Recent processors have started introducing the first mechanism to monitor and control memory bandwidth. Can we use these mechanisms to enable machines to be fully used while ensuring that primary workloads have deterministic performance? This project presents early results from using Intel’s Resource Director Technology and some insight into this … Hardware and the OS Unikernel Linux This project aims to turn the Linux kernel into a unikernel with the following characteristics: 1) are easily compiled for any application, 2) use battle-tested, production Linux and glibc code, 3) allow the entire upstream Linux developer community to maintain and develop the code, and 4) provide applications normally running … Hardware and the OS Code2Vec: Learning code representations This project analyzed semantic similarities of learned code embeddings parsed from open source python libraries such as numpy, pandas and sklearn. Still in progress is another analysis that learns code embeddings in a supervised manner with the C++ codebase for performance measurement of program execution in CPU with performance counters … AI-ML Fuzzing Device Emulation in QEMU Hypervisors—the software that allows a computer to simulate multiple virtual computers—form the backbone of cloud computing. Because they are both ubiquitous and essential, they are security-critical applications that make attractive targets for potential attackers. Hardware and the OS, Security, Privacy, Cryptography, Testing and Ops D3N: A Multi-Layer Cache for Data Centers This project designs and develops D3N, a novel multi-layer cooperative caching architecture that mitigates network imbalances by caching data on the access side of each layer of hierarchical network topology. A prototype implementation, which incorporates a two-layer cache, is highly-performant (can read cached data at 5GB/s, the maximum speed of … Cloud-DS FPGAs in Large-Scale Computer Systems We will highlight many ways to deploy FPGAs in a data center node, such as traditional back-end accelerators, tightly coupled off-load processors, Smart NICs, Bump-in-the-Wire, MPC accelerators and even FPGAs in the router itself. We will also discuss our efforts to make these devices accessible globally accessible, through deeper integration … Cloud-DS, Hardware and the OS, Security, Privacy, Cryptography Automatic Configuration of Complex Hardware In this project, we pursue three goals towards this understanding: 1) identify, via a set of microbenchmarks, application characteristics that will illuminate mappings between hardware register values and their corresponding microbenchmark performance impact, 2) use these mappings to frame NIC configuration as a set of learning problems such that an … Hardware and the OS Quest-V, a Partitioning Hypervisor for Latency-Sensitive Workloads Quest-V is a separation kernel that partitions services of different criticality levels across separate virtual machines, or sandboxes. Each sandbox encapsulates a subset of machine physical resources that it manages without requiring intervention from a hypervisor. In Quest-V, a hypervisor is only needed to bootstrap the system, recover from certain … Hardware and the OS Performance Management for Serverless Computing Serverless computing provides developers the freedom to build and deploy applications without worrying about infrastructure. … Cloud-DS