Andrew Whitaker

Denali: a scalable isolation kernel

The Denali project provides system support for running several mutually distrusting Internet services on the same physical infrastructure. For example, this would enable a developer to push dynamic content into third party hosting infrastructure such as content distribution networks. To accomplish this, we propose a new kernel architecture called an isolation kernel to isolate untrusted applications. An isolation kernel is a simple, thin software layer that runs directly on hardware (and hence below operating systems), whose function is to subdivide a physical machine into a set of fully isolated protection domains. Isolation kernels resemble virtual machine monitors in that they expose a virtualized hardware interface to a set of virtual machines. Unlike VMMs, however, isolation kernels do not attempt to precisely emulate the underlying physical architecture. By selectively modifying the hardware architecture, we enable our system to scale up to 1000s of virtual machines on commodity hardware. In this paper, we describe a set of design principles that govern isolation kernels, briefly discuss a prototype isolation kernel, and present future work and applications of isolation kernels.

Forwarding without loops in Icarus

Packets trapped in a forwarding loop can rapidly saturate network links and disrupt communications until they are removed by the IP Time-To-Live (TTL) mechanism. This does not pose a significant problem when loops are rare, as is the case with mature routing protocols such as OSPF and BGP. However, in newer and more experimental settings, such as peer-to-peer overlays, active networks and multicast, routing faults are more likely. In these cases, a greater degree of protection against the effects of forwarding loops is desirable. This paper presents Icarus, a framework for detecting forwarding loops in experimental protocols. Our key insight is to add a small Bloom filter to the packet header to probabilistically detect looping behavior. We have implemented Icarus inside the ANTS active network toolkit. We find that the scheme is simple, efficient and widely applicable like a TFL, yet ensures significantly earlier loop detection.

Upgrading transport protocols using untrusted mobile code

In this paper, we present STP, a system in which communicating end hosts use untrusted mobile code to remotely upgrade each other with the transport protocols that they use to communicate. New transport protocols are written in a type-safe version of C, distributed out-of-band, and run in-kernel. Communicating peers select a transport protocol to use as part of a TCP-like connection setup handshake that is backwards-compatible with TCP and incurs minimum connection setup latency. New transports can be invoked by unmodified applications. By providing a late binding of protocols to hosts, STP removes many of the delays and constraints that are otherwise commonplace when upgrading the transport protocols deployed on the Internet. STP is simultaneously able to provide a high level of security and performance. It allows each host to protect itself from untrusted transport code and to ensure that this code does not harm other network users by sending significantly faster than a compliant TCP. It runs untrusted code with low enough overhead that new transport protocols can sustain near gigabit rates on commodity hardware. We believe that these properties, plus compatibility with existing applications and transports, complete the features that are needed to make STP useful in practice.

Demonstration of the Myria big data management service

In this demonstration, we will showcase Myria, our novel cloud service for big data management and analytics designed to improve productivity. Myrias goal is for users to simply upload their data and for the system to help them be self-sufficient data science experts on their data -- self-serve analytics. Using a web browser, Myria users can upload data, author efficient queries to process and explore the data, and debug correctness and performance issues. Myria queries are executed on a scalable, parallel cluster that uses both state-of-the-art and novel methods for distributed query processing. Our interactive demonstration will guide visitors through an exploration of several key Myria features by interfacing with the live system to analyze big datasets over the web.

Rethinking the design of virtual machine monitors

A virtual machine monitor is a software system that partitions a single physical machine into multiple virtual machines. Traditionally, VMMs have created a precise replica of the underlying physical machine. Through faithful emulation, VMMs support the execution of legacy guest operating systems such as Windows or Linux without modifications. However, traditional VMMs suffer from poor scalability and extensibility. To overcome the poor scalability and extensibility of traditional virtual machine monitors that partition a single physical machine into multiple virtual machines, the Denali VMM uses paravirtualization to promote scalability and hardware interposition to promote extensibility.

Using time travel to diagnose computer problems

The solution to a number of modern computer problems takes the form of a manual, expert-guided search through a large space of computer configurations. For example, if a desktop computer is crashing or malfunctioning, a troubleshooter will use her knowledge of system features such as configuration files, registries, and dynamic library versions to apply a series of configuration changes until the system once again begins functioning. As another example, to obtain good performance from a complex system like a database or a web application, a specialized and highly paid administrator will explore the set of application and operating system parameters to find the optimal values.