CSR: Medium: Security and Isolation in the Era of Microservices

CSR：中：微服务时代的安全与隔离

• 批准号: 2203152
• 负责人: Aditya Akella
• 金额: $ 120万
• 依托单位: University of Texas at Austin
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2024-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2203152&HistoricalAwards=false
• 关键词: CSR; Medium; Security; Isolation; Era

Years ago, applications such as news, e-commerce, or banking websites ran on computers deployed at organizations owning them. Today, with the advent of "cloud computing", such applications instead run in a far-away server farm operated by third-parties. Because the computers are shared by many applications, it is crucial to ensure that one application in the cloud, such as a news website, does not compromise the confidentiality or integrity of another application (e.g., a banking website) running on the same set of computers. The goal of this project is to develop systems that ensure cloud applications are suitably protected without sacrificing their performance and ability to grow/shrink. This goal will be realized by developing two core building blocks to achieve optimal trade-offs between isolation and performance/agility. The first is variable isolation, where we automatically determine the least privilege and best isolation techniques needed for components of an application, and deploy the highest (weakest) isolation where needed most (least). The second is isolation-aware replication, where tenants selectively replicate their compute and storage within higher-isolation sandboxes. Finally, the project will develop new programming models for correct distributed execution of microservices-based applications.The research, if successful, will improve both the performance and the security posture of cloud-based applications. Research outcomes of the project, including the experimental harnesses and datasets, will be released open-source, enabling others in research and industry to directly build on them. The project will lead to the development of new courses and boot camps that focus on microservices, lambda-style computation, and isolation. The course/boot camp material will be made publicly available. The project aims to integrate the research into outreach efforts aimed at women, under-represented minorities, non-traditional students, and high school students.The project and its research artifacts will be hosted at https://bitbucket.org/uw-madison-networking-research/isolation. This site will include research publications, software, datasets, presentations, and tutorials. This site will be kept up to date for the entire duration of the project and for 2-3 years immediately following the project's culmination.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

几年前，新闻、电子商务或银行网站等应用程序在拥有它们的组织部署的计算机上运行。如今，随着“云计算”的出现，这些应用程序转而在由第三方运营的远程服务器群中运行。由于计算机由许多应用程序共享，因此确保云中的一个应用程序（例如新闻网站）不会损害另一个应用程序的机密性或完整性（例如，银行网站）在同一组计算机上运行。该项目的目标是开发系统，确保云应用程序得到适当的保护，而不会牺牲其性能和增长/收缩的能力。这一目标将通过开发两个核心构建块来实现，以实现隔离和性能/灵活性之间的最佳权衡。第一个是变量隔离，我们自动确定应用程序组件所需的最小特权和最佳隔离技术，并在最需要（最不需要）的地方部署最高（最弱）的隔离。第二种是隔离感知复制，其中租户选择性地在更高隔离度的沙箱中复制其计算和存储。最后，该项目将为基于微服务的应用程序的正确分布式执行开发新的编程模型。如果研究成功，将提高基于云的应用程序的性能和安全状况。该项目的研究成果，包括实验工具和数据集，将以开源方式发布，使研究和工业界的其他人能够直接在其基础上进行开发。该项目将导致新课程和靴子营地的开发，重点是微服务，分布式计算和隔离。课程/靴子营材料将公开提供。该项目旨在将研究纳入针对妇女、代表性不足的少数民族、非传统学生和高中生的外展工作中。该项目及其研究成果将在https://bitbucket.org/uw-madison-networking-research/isolation上托管。该网站将包括研究出版物，软件，数据集，演示文稿和教程。该网站将在整个项目期间和项目结束后的2-3年内保持更新。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Memory deduplication for serverless computing with Medes

使用 Medes 进行无服务器计算的内存重复数据删除

• DOI: 10.1145/3492321.3524272
• 发表时间: 2022
• 期刊: EuroSys
• 作者: Saxena, Divyanshu;Ji, Tao;Singhvi, Arjun;Khalid, Junaid;Akella, Aditya
• 通讯作者: Akella, Aditya

Jiffy: elastic far-memory for stateful serverless analytics

• DOI: 10.1145/3492321.3527539
• 发表时间: 2022-03
• 期刊: Proceedings of the Seventeenth European Conference on Computer Systems
• 作者: Anurag Khandelwal;Yupeng Tang;R. Agarwal;Aditya Akella;I. Stoica