CAREER: Enabling New Networking Applications and Distributed Systems with Mobile, Lightweight Protection Domains

职业：通过移动、轻量级保护域启用新的网络应用程序和分布式系统

• 批准号: 0132817
• 负责人: Steven Gribble
• 金额: $ 49.93万
• 依托单位: University of Washington
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2002
• 资助国家: 美国
• 起止时间: 2002-03-15 至 2008-02-29
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0132817&HistoricalAwards=false
• 关键词: CAREER; Enabling; New; Networking; Applications

Advances in network and computing technologies have accelerated the proliferation of infrastructuresuch as content distribution, caching, middleware services, and network measurement testbeds. Recently,however, a number of new application domains are beginning to emerge that are not well-supported byexisting technologies, such as the ability to distribute dynamically generated or active content, to rapidlydeploy new and untrusted Internet services into existing infrastructure, and the ability to dynamically injectnetwork measurement code into an existing network experimentation infrastructure. These new application domains all share several security and resource management requirements: safelyexecuting untrusted code, scaling to a large number (100s or 1000s) of protection domains per physical host, and supporting a large degree of multiplexing of physical host resources across many concurrently active protection domains. Although there have been many sandboxing technologies proposed in the past, none of them have the combination of water-tight isolation and the ability to scale to a large number of protectiondomains required by these new applications. The goal of this CAREER proposal is to enable this wide array of new networking and distributedmiddleware applications by designing and implementing lightweight protection domains, technically focusingon the notion of using virtual machine monitors (VMMs). A virtual machine monitor is a software layerthat runs immediately on top of the hardware/software boundary, virtualizing all names exposed by thatboundary to give higher-level virtual machines the illusion of their own dedicated physical machine. Virtualmachines are known to have strong isolation, and they are known to support code migration. However,existing virtual machines and guest operating systems are typically heavyweight, permitting only a smallnumber (3-10) to concurrently execute on a single physical machine. The first research challenge posed inthis proposal is designing and implementing mechanisms for building lightweight VMMs, virtual machines,and guest operating systems, so that 100s or 1000s can concurrently execute. An ancillary challenge impliedby this is resource management across virtual machines: to fully isolate one VM from another, each VM'sresource usage (e.g., CPU consumption, I/O rates, memory footprint) must be bounded by the VMM. Once the researchers have successfully implemented lightweight virtual machines, they intend to heavily leverage this new mechanism to explore several new research topics, as well as revisiting a few existing ones. For example,they will use virtual machines as a sandboxing mechanism enabling web servers to dynamically inject new content-generation code into content delivery networks or web caching systems. As another example, they will use VMs to enable untrusted code authors to upload new Internet services into a virtual hosting platform. As a third example, the researchers plan on exploring the role of virtual machines as a resource container in cluster-of-workstations, in particular exploring the ability to dynamically alter relative resource consumption rates of virtual machines to create the effect of isolated \virtual clusters" within a single physical cluster. For the educational component of the CAREER proposal, the researchs plan on exploring the use of their virtual machine monitor as a substrate for supporting novel projects in undergraduate and graduate advancedoperating systems courses, such as CSE451 and CSE551 at the University of Washington. A virtual machinemonitor is a natural place for supporting intricate debugging mechanisms, and hardware device emulation.Having students augment the virtual machine monitor and use it to develop simple components of anoperating system will radically improve the students' understanding of OS issues, as they will be forced tounderstand the interface between the OS and the hardware, as well as the structure of the OS itself. Finally,this will also provide us with an opportunity to revise the OS course curriculum to include modern topics assecurity, isolation, mobility, and OS support for embedded devices (which share characteristics of the virtual machines that we will emulate with our VMM).

网络和计算技术的进步加速了内容分发、缓存、中间件服务和网络测量测试床等基础设施的扩散。然而，最近，一些新的应用领域开始出现，现有技术不能很好地支持，如分发动态生成或活动内容的能力，快速部署新的和不可信的互联网服务到现有的基础设施，以及动态注入网络测量代码到现有的网络实验基础设施的能力。 这些新的应用程序域都有几个共同的安全和资源管理要求：安全执行不受信任的代码，每个物理主机可扩展到大量（100或1000个）保护域，以及支持跨许多并发活动的保护域的物理主机资源的大量多路复用。尽管过去提出了许多沙箱技术，但它们都没有将防水隔离和扩展到这些新应用程序所需的大量保护域的能力相结合。 本CAREER提案的目标是通过设计和实施轻量级保护域，在技术上侧重于使用虚拟机监视器（VMM）的概念，来启用这种广泛的新网络和分布式中间件应用程序。虚拟机监视器是一个软件层，它直接运行在硬件/软件边界之上，虚拟化该边界暴露的所有名称，以使更高级别的虚拟机产生自己专用物理机的错觉。众所周知，虚拟机具有很强的隔离性，并且支持代码迁移。然而，现有的虚拟机和客户操作系统通常是重量级的，只允许少量（3-10）在单个物理机器上并发执行。该提案提出的第一个研究挑战是设计和实现用于构建轻量级VMM、虚拟机和来宾操作系统的机制，以便100或1000个可以并发执行。这意味着一个附带的挑战是跨虚拟机的资源管理：为了将一个VM与另一个VM完全隔离，每个VM的资源使用（例如，CPU消耗、I/O速率、内存占用）必须受到VMM的限制。 一旦研究人员成功实现了轻量级虚拟机，他们打算大力利用这种新机制来探索几个新的研究课题，并重新审视一些现有的课题。例如，他们将使用虚拟机作为沙箱机制，使Web服务器能够动态地将新的内容生成代码注入内容交付网络或Web缓存系统。另一个例子是，他们将使用虚拟机使不受信任的代码作者能够将新的互联网服务上传到虚拟主机平台。 作为第三个例子，研究人员计划探索虚拟机作为工作站集群中资源容器的作用，特别是探索动态改变虚拟机相对资源消耗率的能力，以创建隔离的“虚拟集群”的效果单个物理集群内。 对于CAREER提案的教育部分，研究人员计划探索使用虚拟机监视器作为支持本科生和研究生高级操作系统课程中新项目的基础，例如华盛顿大学的CSE 451和CSE 551。虚拟机监视器是支持复杂调试机制和硬件设备仿真的天然场所。让学生增强虚拟机监视器并使用它来开发操作系统的简单组件将从根本上提高学生对操作系统问题的理解，因为他们将被迫了解操作系统和硬件之间的接口，以及操作系统本身的结构。最后，这也将为我们提供一个机会来修改操作系统课程，以包括现代主题，如安全性、隔离性、移动性和嵌入式设备的操作系统支持（这些设备与我们将使用VMM模拟的虚拟机具有相同的特性）。