EPSRC Reference: |
EP/V012134/1 |
Title: |
UniFaaS: A Unikernel-Based Serverless Operating System |
Principal Investigator: |
Olivier, Dr P |
Other Investigators: |
|
Researcher Co-Investigators: |
|
Project Partners: |
|
Department: |
Computer Science |
Organisation: |
University of Manchester, The |
Scheme: |
New Investigator Award |
Starts: |
01 January 2021 |
Ends: |
31 December 2022 |
Value (£): |
267,264
|
EPSRC Research Topic Classifications: |
Fundamentals of Computing |
Software Engineering |
|
EPSRC Industrial Sector Classifications: |
|
Related Grants: |
|
Panel History: |
Panel Date | Panel Name | Outcome |
01 Oct 2020
|
EPSRC ICT Prioritisation Panel October 2020
|
Announced
|
|
Summary on Grant Application Form |
Serverless computing, also know as Function as a Service (FaaS), is an emerging
programming paradigm providing significant benefits for both the tenant (i.e.
the application developer) and the provider in terms of costs reduction,
data centre efficiency, scalability, etc. With its truly on-demand resource
consumption and pricing model, as well as the fact that the tenant is relieved
from any infrastructure management effort, serverless has the potential of
fully delivering on the core promises of cloud computing, and experts agree
that its usage will skyrocket in the years to come.
Serverless computing is made possible by two crucial concepts implemented by
the systems software assuring the execution of functions and running in the
provider's infrastructure: (1) the isolation of the data and performance of
mutually untrusting functions running on the same physical host and (2) the
lightweightness of the systems software supporting the execution of functions,
i.e. the potential for low memory and disk footprint as well as fast invocation
times for this software. The current serverless infrastructures are suboptimal
regarding both concepts as they use a combination of virtual machines (well
isolated but heavyweight) and containers (lightweight but presenting some
serious isolation concerns).
The unikernel is a new Operating System (OS) model in which an application is
executed with a very small custom operating system layer as minimal virtual
machine in the cloud. In effect, unikernels combine the strong isolation of
virtual machines with a container-like level of lightweightness. These
characteristics make that the unikernel is a uniquely fit candidate to run as
serverless infrastructure systems software.
We propose to explore the use of the unikernel OS model as the primary unit of
function execution in a serverless computing infrastructure. We note that
although it presents some fundamental benefits, the unikernel model needs to
evolve to perfectly fit the serverless domain. The principal issue is the lack
of support for important features, namely intra-unikernel isolation and
multi-processing. These shortcomings are not simply due to missing
implementations, but rather derive from fundamental design principles of the
unikernel OS model.
Hence, we propose to design and implement UniFaaS as an evolution of the
unikernel OS model tailored for serverless computing. UniFaaS aims to support
the aforementioned lacking features, while maintaining the isolation and
lightweightness benefits that unikernels naturally offer. UniFaaS will be built
on top of an existing unikernel, namely OSv. The design and development effort
will be made along 3 main avenues: (1) new functionalities development, in
particular multi-process support using threads as well as further
specialisation the towards serverless computing; (2) security enhancements, in
particular the introduction of low-overhead intra-unikernel isolation using
modern hardware technologies; and (3) lightweightness optimisations to further
reduce per-unikernels and per-function memory/disk footprints as well as
boot/invocation time through various methods, in order to increase per-host
function density.
Once UniFaaS is built, we will evaluate its security/isolation,
lightweightness, and performance, by comparing it to traditional serverless
deployments that use virtual machines and containers. Regarding security, we
note that the current metrics to assess isolation (such as counting the number
of lines of code of a software) are rather imprecise and we will develop a
novel method based on the amount of trusted code (guest kernel and/or
hypervisor/host) that can be reached from an untrusted component (application
code, network, etc.).
|
Key Findings |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Potential use in non-academic contexts |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Impacts |
Description |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk |
Summary |
|
Date Materialised |
|
|
Sectors submitted by the Researcher |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Project URL: |
|
Further Information: |
|
Organisation Website: |
http://www.man.ac.uk |