CoDes: A co-design research lab to advance specialized hardware projects

Co-design allows creating a development cycle that is similar in efficiency to that of software development. It focuses on building specialized hardware blocks and frameworks which have the capabilities and interfaces needed for software integration. Simultaneously, it also focuses on developing software that is also designed to improve workload efficiency, e.g. Unikernels, and contains appropriate out of the box mechanisms for taking advantage of available specialized hardware. CoDes research lab provides the infrastructure and engineering foundation needed to support co-design based specialized hardware research.

Research Project Directory

These major projects involve PhD students, professors, and Red Hat engineers. To work with Red Hat Research on a major project of your own, email us. To suggest a smaller scale project, submit your request here.


ChRIS Research Integration ServiceChRIS (ChRIS Research Integration Service) is an infrastructure that initially started as an open source research project at the Boston …, boston-childrens-hospital boston-university
Optimizing Kernel Paths for Performance and EnergyAdditional detail to be addedboston-university
Discovering Opportunities for Optimizing OpenShift Energy ConsumptionAbstractDrawing from our collective experience, we believe a wide array of opportunities for implementing energy optimization exist within OpenShift. However, …boston-university
Lock ’n Load: Deadlock Detection in Binary-only Kernel ModulesAdditional detail to be addedboston-university
HySe – Hypervisor Security through Component-Wise FuzzingAdditional detail to be addedboston-university
CoFHE: Compiler for Fully Homomorphic EncryptionIn today’s data-driven world, our personal data is frequently shared with enterprises and cloud service providers. Unfortunately, data processing in …boston-university
QUBIP –  Quantum-oriented Update to Browsers and Infrastructures for the PQ TransitionThe exciting frontiers opened by the development of quantum computers (QC) come at the cost of breaking the foundations of …brno
AIDA – A holistic AI-Driven networking and processing framework for Industrial IoTAIDA aims to enable novel trustworthy data-driven real-time industrial IoT applications by building a holistic AI-driven Networking and Processing framework. Indeed, …brnokarlstad-university
AERO: Accelerated EuRopean clOudSeveral European flagship projects have emerged towards European sovereignty in chip design and computing infrastructure. Among them, the EU Processor …, , , brnonational-technical-university-of-athens university-of-geneva university-of-manchester university-of-pisa
CODECO: Cognitive Decentralised Edge Cloud OrchestrationThe overall aim of CODECO is to contribute to a smoother and more flexible support of services across the Edge-Cloud …, brno tel-aviv
CuratorOperator Curator is an air-gapped infrastructure consumption analysis tool for the Red Hat OpenShift Container Platform. The curator retrieves infrastructure …greater-bostonboston-university
CHESS: Cyber-security Excellence Hub in Estonia and South MoraviaThe Cyber-security Excellence Hub in Estonia and South Moravia (CHESS) brings together leading R&I institutions in both regions to build …, brnobrno-university-of-technology masaryk-university
Improving Cyber Security Operations using Knowledge GraphsAbstractThe objective of this project is to improve the workflow and performance of security operation centers, including automating several of …greater-bostonboston-university
Tuning QUIC protocol for Ceph workloadsQUIC (Quick UDP Internet Connections) is a general-purpose transport layer network protocol designed by Google offering significant advantages over TCP, …, , tel-avivhebrew-university-of-jerusalem reichman-university tel-aviv-university
Common Vulnerabilities and Exposures (CVE) mining and predictionWith the continuous increase in reported Common Vulnerabilities and Exposures (CVEs), security teams are overwhelmed by vast amounts of data, …, tel-avivreichman-university tel-aviv-university
Software diagnosis with log filesThis project aims to create an automated tool to identify software failures and isolate the faulty software components (e.g., classes …tel-avivben-gurion-university
AppLearner: learn and predict the resource consumption patterns of your applicationThis project targets the problem of accurately estimating resource requirements for workloads running over Red Hat OpenShift Container Platform and adjusting these estimations during the course of application
Minimal Mobile Systems via Cloud-based Adaptive Task ProcessingThe high cost of robots today has hindered their widespread use. Specifically, a limiting factor involves extensive hardware and software …greater-bostonboston-university
Co-Ops: Collaborative Open Source and Privacy-Preserving Training for Learning to DriveNote: This project is a continuation of OSMOSIS: Open-Source Multi-Organizational Collaborative Training for Societal-Scale AI Systems. AbstractCurrent development of autonomous …greater-bostonboston-university
CoDes : A co-design research lab to advance specialized hardware projectsCoDes research lab provides the infrastructure and engineering foundation needed to support co-design based specialized hardware research. The lab is currently located at Boston University, as part of the Red Hat – Boston University collaboratory.greater-bostonboston-university
Prototyping a Distributed, Asynchronous Workflow for Iterative Near-Term Ecological ForecastingAbstractThe ongoing data revolution has begun to fuel the growth of near-term iterative ecological forecasts: continually-updated predictions about the future …greater-bostonboston-university
FHELib: Fully Homomorphic Encryption Hardware Library for Privacy-preserving ComputingNote: Please visit the Privacy-Preserving Cloud Computing using Homomorphic Encryption project page for information on a related project. In today’s …greater-bostonboston-university
SECURE-ED: Open-Source Infrastructure for Student Learning Disability Identification and Treatment The project aims to develop an infrastructure that would enable users to input data about an individual student and receive …greater-bostonboston-university
INCODE: Programming Platform for Intelligent Collaborative Deployments over Heterogeneous Edge-IoT EnvironmentsThe emergence of cloud-computing, coupled with the shift of processing intelligence towards the very network edge has lowered the bar …, , , , brno tel-avivpanepistimio-patron politecnico-di-milano university-of-manchester university-of-the-west-of-scotland
DDoS Attacks on Cloud Auto-scaling MechanismsAuto-scaling mechanisms are an important line of defense against distributed denial of service (DDoS) attacks in the cloud. Using auto-scaling, …, tel-avivreichman-university tel-aviv-university
Relational Memory ControllerNote: See the Near-Data Data Transformation project page for information about the work that led to this project. Abstract: Data movement …greater-bostonboston-university
Learned Cost-Models for Robust TuningNote: Please see the Robust Data Systems Tuning project page for earlier results associated with this research. Abstract: Data systems’ performance is …greater-bostonboston-university
Security and safety of Linux systems in a BPF-powered hybrid user space/kernel worldWith the introduction of BPF into the Linux kernel, we are seeing a sea change in the traditional application model. With BPF it is now possible to execute parts of the application logic in kernel space, leading to a novel hybrid userspace/kernel model. This is an exciting development that brings with it many opportunities, but also some challenges especially in the area of security. We have recently seen an example of this around the “kernel lockdown” functionality in the kernel, which would disable BPF entirely in its “confidentiality” mode.brnokarlstad-university
CONNECT: Continuous and Efficient Cooperative Trust Management for Resilient CCAMCONNECT addresses the convergence of security and safety in CCAM by assessing dynamic trust relationships and defining a trust reasoning …tel-aviv
ICOS: IoT2Cloud Operating SystemThe ICOS project aims at covering the set of challenges coming up when addressing this continuum paradigm, proposing an approach embedding a well-defined set of functionalities, ending up in the definition of an IoT2cloud Operating System (ICOS)., , , brno tel-avivnational-and-kapodistrian-university-of-athens technische-universitat-braunschweig universitat-politecnica-de-catalunya-upc
Open-Source Toolchain Optimization for FPGA CADAdditional details to be added soon! Project Poster Link to full size project postergreater-bostonumass-lowell
StrIoT: functional stream processingStrIoT is a functional stream-processing system written in the Haskell programming language. The StrIoT library provides a set of stream-processing …brnonewcastle-university
Cloud Cost OptimizerThe goal of this project is to design and implement a scalable multi-cloud cost optimizer capable of calculating the best …tel-avivtechnion
SnappyOS: Fault-Tolerant and Energy-Efficient Framework for HPC ApplicationsThis project aims to design, implement and evaluate a system to enhance the security and privacy of emerging satellite communications infrastructure using in-network computing and software-defined networking.brnouniversity-of-oxford
Understanding accuracy decay in online image retrieval systems within the context of open-set classification and unsupervised clusteringImage retrieval systems are extremely useful to political scientists and human rights advocates attempting to understand the scope and spread of disinformation in massive datasets. However, in standard image retrieval tasks the corpus of images is unchanging as time moves forward. When considering online disinformation this is clearly not the case. Image retrieval in an online system can essentially be modeled as an open-set problem, where there is no guarantee that the classes of images seen before will have any correspondence to the classes of images seen at present or in the future.greater-bostonuniversity-of-notre-dame
Advanced proactive caching for heterogeneous storage systemsThis project targets improving the performance of distributed storage systems, such as Ceph and NooBaa, by developing novel caching frameworks …tel-avivben-gurion-university
Automated detection of memory safety vulnerabilities in RustIn comparison to C, the Rust language provides significant memory safety guarantees through its concept of lifetimes and its borrow-checker. …greater-bostoncolumbia-university
Tuning the Linux kernelThe Linux kernel is a complicated piece of software with multiple components interacting with each other in complex ways. The …greater-boston
Disinformation Detection at ScaleThe increased prevalence of fake and manipulated visual media on the Internet has led to social and technical dilemmas in …, greater-bostonunicamp-universidade-estadual-de-campinas university-of-notre-dame
AI for Cloud OpsThis project aims to address this gap in effective cloud management and operations with a concerted, systematic approach to building and integrating AI-driven software analytics into production systems. We aim to provide a rich selection of heavily-automated “ops” functionality as well as intuitive, easily-accessible analytics to users, developers, and administratorsgreater-bostonboston-university
Creating a global open research platform to better understand social sustainability using data from a real-life smart villageA BU team is working with SmartaByar and the Red Hat Social Innovation Program in order to create a global …greater-bostonboston-university
DISL: A Dynamic Infrastructure Services Layer for Reconfigurable HardwareOpen programmable hardware offers tremendous opportunities for increased innovation, lower cost, greater flexibility, and customization in systems we can now …greater-bostonboston-university
Practical Programming of FPGAs with Open Source ToolsThis project has evolved from the Practical programming of FPGAs in the data center and on the edge project. Please see …greater-bostonboston-university
Near-Data Data TransformationBU faculty members Manos Athanassoulis and Renato Mancuso will work with Red Hat researchers Uli Drepper and Ahmed Sanaullah to create a hardware-software co-design paradigm for data systems that implements near-memory processing.greater-bostonboston-university
Towards high performance and energy efficiency in open-source stream processing.BU faculty members Vasiliki Kalavari and Jonathan Appavoo will work with Red Hat researcher Sanjay Arora to create an open-source …greater-bostonboston-university
OSMOSIS: Open-Source Multi-Organizational Collaborative Training for Societal-Scale AI SystemsThe goal of our project is to develop a novel framework and cloud-based implementation for facilitating collaboration among highly heterogeneous research, development, and educational settings.greater-bostonboston-university
Privacy-Preserving Cloud Computing using Homomorphic EncryptionNote: Please visit the FHELib: Fully Homomorphic Encryption Hardware Library for Privacy-preserving Computing project page for information on a related …greater-bostonboston-university
Serverless Streaming Graph AnalyticsIn this project, we will focus on graph streams that can be used to model distributed systems, where workers are represented as nodes connected with edges that denote communication or dependencies.greater-bostonboston-university
Enabling Intelligent In-Network Computing for Cloud SystemsWith the network infrastructure becoming highly programmable, it is time to rethink the role of networks in the cloud computing …greater-bostonboston-university
Linux Computational CachingIn this speculative work we are attempting to explore a biologically motivated conjecture on how memory of past computing can be stored and recalled to automatically improve a system’s behavior.greater-bostonboston-university
The Open Education Project (OPE)In this project we are developing an exemplar set of materials for an introductory computers systems class that exploits, Jupyter, Jupyter Books, OpenShift and the the Mass Open Cloud to develop and deliver a unique educational experience for learning about how computer systems work.greater-bostonboston-university
Symbiotes: A New step in Linux’s EvolutionThis work explores how a new kind of software entity, a symbiotie, might bridge this gap. By adding the ability for application software to shed the boundary that separates it from the OS kernel it is free to integrate, modify and evolve in to a hybrid that is both application and OS.greater-bostonboston-university
Intelligent Data Synchronization for Hybrid CloudsThe goal of this project is to design configurable synchronization solutions on a common platform for a wide range of edge computing scenarios relevant to Red Hat. These solutions will be thoroughly validated on a state-of-the-art testbed capable of emulating realistic environments (e.g., smart cities).greater-bostonboston-university
Secure cross-site analytics on OpenShift logsThe project aims to explore whether cryptographically secure Multi-Party Computation, or MPC for short, can be used to perform secure cross-site analytics on OpenShift logs with minimum client participation.greater-bostonboston-university
Robust Data Systems TuningNote: Please see the Learned Cost-Models for Robust Tuning project page for research that has grown from this project. See …greater-bostonboston-university
Test Case Prioritization: Towards Efficient and Reliable Continuous IntegrationAutomatic regression testing is a crucial step of any CI/CD pipeline. Its primary goal is to detect bugs and defects introduced by recent changes as early as possible while keeping verification costs at a very low level. The goal of the TCP project is to create a novel ML-based tool that solves the TCP (Test Case Prioritization) problem in software regression
Robust LSM-Trees Under Workload UncertaintyWe introduce a new robust tuning paradigm to aid in the design of data systems with uncertain assumptions by modeling the behavior of the system and then utilizing these models in conjunction with techniques in robust optimization. Our approach is demonstrated through tuning a popular log-structured merge-tree based storage engine, RocksDBgreater-bostonboston-university
PHYSICS: oPtimized HYbrid Space-time servIce Continuum in faaSJoin Red Hat Research for the next Research Days event, “PHYSICS EU Project: Advancing FaaS applications in the cloud continuum,” on November 16, 2022, …, brno tel-aviv
SpotOS – a distributed cloud-based operating system over unreliable resourcesThe aim of this project is to devise and implement a distributed cloud-based operating system that uses unreliable or temporarily …tel-avivtechnion
Does efficient, private, agnostic learning imply efficient, agnostic online learning?Users of online services today must trust platforms with their personal data. Platforms can choose to enable privacy by default …greater-bostonboston-university
Are Adversarial Attacks a Viable Solution to Individual Privacy?Users of online services today must trust platforms with their personal data. Platforms can choose to enable privacy by default …greater-bostonboston-university
Secured API in Hybrid CloudRecently we see many companies that are moving their data from local data centers to public-managed clouds. But with these movements, some questions raise
Side-channel attacks on embedded devices and smartcardsThis project focuses on several aspects of side-channel attacks on embedded devices and smartcards, utilizing timing, power-analysis and other side-channels. …brnomasaryk-university
Sec-certs: Mining issued Common Criteria and FIPS140-2 certificatesThe security certification reports might be long but is also a trove of publicly available data about otherwise proprietary devices …brnomasaryk-university
Kubernetes Optimized Service Discovery Across ClustersThe Submariner project provides an ability to connect multiple Kubernetes clusters into a secure shared network which allows various services to communicate with each other., tel-avivhebrew-university-of-jerusalem reichman-university
Smart CommuteBecause an individual’s driving style has an impact of ~25/30% on the CO2 emissions and carpooling can save up to …
Building the next generation of programmable networking – powered by LinuxThe project seeks to explore areas related to programmable networking, with a particular focus on the eXpress Data Path (XDP) technology in the Linux kernel.karlstad-university
Verifying constant-time cryptographic algorithm implementationsThe aim of this project is to verify the timing side-channel resistance of cryptographic implementations. The project focuses on the constant time (and constant memory access) generic cryptographic implementations of selected cryptographic algorithms. Tbrnomasaryk-university
Trusted Computing EcosystemThe project aims to study the TPM ecosystem as currently exists in deployed devices and software applications using it, establish the types of chips and their properties one can encounter, investigate the state of patching of known vulnerabilities like ROCA against Infineon’s TPM (CVE-2017-15361) or TPMFail against Intel’s fTPM (CVE-2019-11090) and STM’s TPM (CVE-2019-16863) and analyze a reliability of stored integrity measurements (PCRs) for remote attestation and disk encryption uses.brnomasaryk-university
Accelerating Microarchitectural Security ResearchWe are working on processes and tooling to lower the barrier to entry into the field and accelerate attack research and mitigation across academia and industry.brnotu-graz
Authentication in public open-source repositoriesThis project focuses on user authentication in public repositories containing open-source projects, which are then used by commercial companies (e.g. Red Hat) as a source for their internally maintained repositories.brnomasaryk-university
Hybrid Cloud CachingA fundamental goal of the Hybrid Cloud Cache project is to allow simplified integration into existing data lakes, to enable caching to be transparently introduced into hybrid cloud computation, to support efficient caching of objects widely shared across clusters deployed by different organizations, and to avoid the complexity of managing a separate caching service on top of the data lake, greater-bostonboston-university northeastern-university
Volume Storage Over Object StorageThis project creates a hybrid storage system composed of a high-speed local device (e.g. Optane) to store short term data, along with a write-once object store (e.g, Ceph RGW) to store data blocks permanently., greater-bostonboston-university northeastern-university
OpenInfra LabsOpenInfra Labs is an OpenStack Foundation project connecting open source projects to production to advance open source infrastructure. The project …, , boston-university northeastern-university umass-amherst
Elastic Secure InfrastructureThis project encompasses work in several areas to design, build and evaluate secure bare-metal elastic infrastructure for data centers.greater-bostonboston-university
Open Cloud TestbedThe Open Cloud Testbed project will build and support a testbed for research and experimentation into new cloud platforms – the underlying software which provides cloud services to applications. Testbeds such as OCT are critical for enabling research into new cloud technologies – research that requires experiments which potentially change the operation of the cloud itself., , greater-bostonboston-university northeastern-university umass-amherst
Kernel Techniques to Optimize Memory Bandwidth with Predictable LatencyRecent processors have started introducing the first mechanism to monitor and control memory bandwidth. Can we use these mechanisms to enable machines to be fully used while ensuring that primary workloads have deterministic performance? This project presents early results from using Intel’s Resource Director Technology and some insight into this new hardware support. The project also examines an algorithm using these tools to provide deterministic performance on different workloads.greater-bostonboston-university
Unikernel LinuxThis project aims to turn the Linux kernel into a unikernel with the following characteristics: 1) are easily compiled for any application, 2) use battle-tested, production Linux and glibc code, 3) allow the entire upstream Linux developer community to maintain and develop the code, and 4) provide applications normally running vanilla Linux to benefit from unikernel performance and security advantages.greater-bostonboston-university
Perun: Lightweight Performance Version SystemPerun is an open source light-weight Performance Version System, which works as a wrapper over existing Version Control Systems and in parallel manages performance profiles corresponding to different versions of projects. Moreover, it offers a tool suite suitable for automation of the performance regression test runs, postprocessing of existing profiles or effective interpretation of the results.brnobrno-university-of-technology
DiffKemp: Automatic analysis of semantic differencesThe project aims at creating a tool for automatic analysis of differences in the code between versions of the Linux kernel. The goal is to determine whether the semantics (the effect) of some kernel option, function, or parameter, changed between two kernel versionsbrnobrno-university-of-technology
Vega ProjectThe Vega Project team at Red Hat came up with an idea to harness the power of Kubernetes to provide the next-generation open-source tool for high-performance computing. The project is way past the design phase, and the team is already working on the proof-of-concept implementation using Red Hat OpenShift Container Platform.brnomasaryk-university
PatrIoT: Quality Assurance System for Internet of Things TechnologyThe main goal is to design, implement and verify a framework for quality assurance of products based on the Internet of Things concept. The aim of the framework is to help individual IoT projects to establish an efficient testing and verification strategy of the infrastructure. The proposed framework is based on a model of the IoT infrastructure, composed of methodological part, driven by university team, and a technical part, mainly worked on by Red Hat engineers.brnoczech-technical-university
AUFOVER: The Automation of Formal VerificationThe goal of the Automation of Formal Verification (AUFOVER) project is to develop automated formal verification tools and integrate them for industrial use. The tools to be developed or improved within the projects are Verification Server, Verification Server Client Application, csmock plug-ins, DIVINE, Symbiotic and Testos. The purpose of the grant is to finish the development of university tools based on formal mathematical methods and their transfer to a commercial environment, including integration with industrial partners’ tools and incorporation of these tools into the commercial processes for software verification., brnobrno-university-of-technology masaryk-university
Fuzzing Device Emulation in QEMUHypervisors—the software that allows a computer to simulate multiple virtual computers—form the backbone of cloud computing. Because they are both ubiquitous and essential, they are security-critical applications that make attractive targets for potential attackers.greater-bostonboston-university
Automatic Configuration of Complex HardwareIn this project, we pursue three goals towards this understanding: 1) identify, via a set of microbenchmarks, application characteristics that will illuminate mappings between hardware register values and their corresponding microbenchmark performance impact, 2) use these mappings to frame NIC configuration as a set of learning problems such that an automated system can recommend hardware settings corresponding to each network application, and 3) introduce either new dynamic or application instrumented policy into the device driver in order to better attune dynamic hardware configuration to application runtime behavior.greater-bostonboston-university
Quest-V, a Partitioning Hypervisor for Latency-Sensitive WorkloadsQuest-V is a separation kernel that partitions services of different criticality levels across separate virtual machines, or sandboxes. Each sandbox encapsulates a subset of machine physical resources that it manages without requiring intervention from a hypervisor. In Quest-V, a hypervisor is only needed to bootstrap the system, recover from certain faults, and establish communication channels between sandboxes.greater-bostonboston-university
Avocado ProjectThe goal of the Avocado project, as a generic test automation framework, is to provide a solid foundation for software projects to build their testing needs on. With Avocado, common testing problems are solved at the framework level, and developers can spend more of their time writing tests that, by default, will adhere to best practices., brnoczech-technical-university karlstad-university
Performance Management for Serverless ComputingServerless computing provides developers the freedom to build and deploy applications without worrying about infrastructure. Resources (memory, cpu, location) specified …greater-bostonboston-university