Unikernel Linux

A Greater Boston RIG project

Unikernels are small, lightweight, single address space operating systems with the kernel included as a library within the application. Because unikernels run a single application, there is no sharing or competition for resources among different applications, improving performance and security. Unikernels have thus far seen limited production deployment. This project aims to turn the Linux kernel into a unikernel with the following characteristics: 1) are easily compiled for any application, 2) use battle-tested, production Linux and glibc code, 3) allow the entire upstream Linux developer community to maintain and develop the code, and 4) provide applications normally running vanilla Linux to benefit from unikernel performance and security advantages.

Hardware and the OS

The cloud might abstract away the hardware and OS layers on which it’s built, but at some point, the success of all computing, even the cloud, relies on the interdependencies between hardware features and the software OS that exposes those features to applications. With edge computing advancing and the performance and scale requirements of cloud, new hardware types are rapidly evolving and software innovation must keep pace. We are very interested in projects that amplify hardware innovation and especially in projects that push software-defined capabilities forward.

Projects

ProjectSummaryResearch AreaRIGUniversitieshf:tax:righf:tax:partner_university
DRIVE (Data-driven latency-sensitive mobile services for a digitalised society)The overall goal of DRIVE is to conduct world-leading research and education within the field of data-driven latency-sensitive mobile services …, brnokarlstad-university
CoFHE: Compiler for Fully Homomorphic EncryptionIn today’s data-driven world, our personal data is frequently shared with enterprises and cloud service providers. Unfortunately, data processing in …, , boston-university
AIDA – A holistic AI-Driven networking and processing framework for Industrial IoTAIDA aims to enable novel trustworthy data-driven real-time industrial IoT applications by building a holistic AI-driven Networking and Processing framework. Indeed, …, , , brnokarlstad-university
AERO: Accelerated EuRopean clOudSeveral European flagship projects have emerged towards European sovereignty in chip design and computing infrastructure. Among them, the EU Processor …, , , brnonational-technical-university-of-athens university-of-geneva university-of-manchester university-of-pisa
CoDes : A co-design research lab to advance specialized hardware projectsCoDes research lab provides the infrastructure and engineering foundation needed to support co-design based specialized hardware research. The lab is currently located at Boston University, as part of the Red Hat – Boston University collaboratory., , greater-bostonboston-university
FHELib: Fully Homomorphic Encryption Hardware Library for Privacy-preserving ComputingNote: Please visit the Privacy-Preserving Cloud Computing using Homomorphic Encryption project page for information on a related project. In today’s …, , greater-bostonboston-university
Security and safety of Linux systems in a BPF-powered hybrid user space/kernel worldWith the introduction of BPF into the Linux kernel, we are seeing a sea change in the traditional application model. With BPF it is now possible to execute parts of the application logic in kernel space, leading to a novel hybrid userspace/kernel model. This is an exciting development that brings with it many opportunities, but also some challenges especially in the area of security. We have recently seen an example of this around the “kernel lockdown” functionality in the kernel, which would disable BPF entirely in its “confidentiality” mode., brnokarlstad-university
Open-Source Toolchain Optimization for FPGA CADAdditional details to be added soon! Project Poster Link to full size project postergreater-bostonumass-lowell
Tuning the Linux kernelThe Linux kernel is a complicated piece of software with multiple components interacting with each other in complex ways. The …, greater-bostonboston-university
AI for Cloud OpsThis project aims to address this gap in effective cloud management and operations with a concerted, systematic approach to building and integrating AI-driven software analytics into production systems. We aim to provide a rich selection of heavily-automated “ops” functionality as well as intuitive, easily-accessible analytics to users, developers, and administrators, , greater-bostonboston-university
DISL: A Dynamic Infrastructure Services Layer for Reconfigurable HardwareOpen programmable hardware offers tremendous opportunities for increased innovation, lower cost, greater flexibility, and customization in systems we can now …, greater-bostonboston-university
Practical Programming of FPGAs with Open Source ToolsThis project has evolved from the Practical programming of FPGAs in the data center and on the edge project. Please see …, greater-bostonboston-university
Near-Data Data TransformationBU faculty members Manos Athanassoulis and Renato Mancuso will work with Red Hat researchers Uli Drepper and Ahmed Sanaullah to create a hardware-software co-design paradigm for data systems that implements near-memory processing., greater-bostonboston-university
Towards high performance and energy efficiency in open-source stream processing.BU faculty members Vasiliki Kalavari and Jonathan Appavoo will work with Red Hat researcher Sanjay Arora to create an open-source …greater-bostonboston-university
Privacy-Preserving Cloud Computing using Homomorphic EncryptionNote: Please visit the FHELib: Fully Homomorphic Encryption Hardware Library for Privacy-preserving Computing project page for information on a related …, , greater-bostonboston-university
Linux Computational CachingIn this speculative work we are attempting to explore a biologically motivated conjecture on how memory of past computing can be stored and recalled to automatically improve a system’s behavior., , greater-bostonboston-university
Symbiotes: A New step in Linux’s EvolutionThis work explores how a new kind of software entity, a symbiotie, might bridge this gap. By adding the ability for application software to shed the boundary that separates it from the OS kernel it is free to integrate, modify and evolve in to a hybrid that is both application and OS., greater-bostonboston-university
Robust Data Systems TuningNote: Please see the Learned Cost-Models for Robust Tuning project page for research that has grown from this project. See …, greater-bostonboston-university
Robust LSM-Trees Under Workload UncertaintyWe introduce a new robust tuning paradigm to aid in the design of data systems with uncertain assumptions by modeling the behavior of the system and then utilizing these models in conjunction with techniques in robust optimization. Our approach is demonstrated through tuning a popular log-structured merge-tree based storage engine, RocksDBgreater-bostonboston-university
Building the next generation of programmable networking – powered by LinuxThe project seeks to explore areas related to programmable networking, with a particular focus on the eXpress Data Path (XDP) technology in the Linux kernel.karlstad-university
Open Cloud TestbedThe Open Cloud Testbed project will build and support a testbed for research and experimentation into new cloud platforms – the underlying software which provides cloud services to applications. Testbeds such as OCT are critical for enabling research into new cloud technologies – research that requires experiments which potentially change the operation of the cloud itself., , , , , , greater-bostonboston-university northeastern-university umass-amherst
Kernel Techniques to Optimize Memory Bandwidth with Predictable LatencyRecent processors have started introducing the first mechanism to monitor and control memory bandwidth. Can we use these mechanisms to enable machines to be fully used while ensuring that primary workloads have deterministic performance? This project presents early results from using Intel’s Resource Director Technology and some insight into this new hardware support. The project also examines an algorithm using these tools to provide deterministic performance on different workloads.greater-bostonboston-university
Unikernel LinuxThis project aims to turn the Linux kernel into a unikernel with the following characteristics: 1) are easily compiled for any application, 2) use battle-tested, production Linux and glibc code, 3) allow the entire upstream Linux developer community to maintain and develop the code, and 4) provide applications normally running vanilla Linux to benefit from unikernel performance and security advantages.greater-bostonboston-university
Fuzzing Device Emulation in QEMUHypervisors—the software that allows a computer to simulate multiple virtual computers—form the backbone of cloud computing. Because they are both ubiquitous and essential, they are security-critical applications that make attractive targets for potential attackers., , greater-bostonboston-university
Automatic Configuration of Complex HardwareIn this project, we pursue three goals towards this understanding: 1) identify, via a set of microbenchmarks, application characteristics that will illuminate mappings between hardware register values and their corresponding microbenchmark performance impact, 2) use these mappings to frame NIC configuration as a set of learning problems such that an automated system can recommend hardware settings corresponding to each network application, and 3) introduce either new dynamic or application instrumented policy into the device driver in order to better attune dynamic hardware configuration to application runtime behavior.greater-bostonboston-university
Quest-V, a Partitioning Hypervisor for Latency-Sensitive WorkloadsQuest-V is a separation kernel that partitions services of different criticality levels across separate virtual machines, or sandboxes. Each sandbox encapsulates a subset of machine physical resources that it manages without requiring intervention from a hypervisor. In Quest-V, a hypervisor is only needed to bootstrap the system, recover from certain faults, and establish communication channels between sandboxes.greater-bostonboston-university