OS and Virtualization Group

Our research group aims to design, implement, and make novel system software stacks available for new computation paradigms through operating system, hypervisor, and hardware-software co-design.

NOTE: We’re looking for students who want to write BSc/MSc theses or participate in Guided Research. If you are interested, please check the application instructions.

Current Active Projects

# Extensible Unikernels

Unikernels specialize operating systems by tailoring the kernel code for a specific application at compile time. While the specialized library OS approach improves the bootup process, performance, and migration costs, unikernels lack run-time extensibility, e.g., debugging, monitoring, re-configuration, and system management. Consequently, unikernels present a fundamental trade-off between the slimness of the image size at the compile time vs. the flexibility of supported auxiliary functionality at the run-time.

This project aims to balance this trade-off by keeping the unikernel file system image as minimal as possible to solely support the application functionality in the “common case”, while providing “on-demand” extensibility for auxiliary tasks at run-time.

Keywords: Virtualization, Unikernels, eBPF

Thesis / IDP

2023UniBPF: Safe and Verifiable Unikernels ExtensionsKai-Chun Hsieh (MSc)
2023Extending Unikernels with a Language RuntimeVanda Hendrychova (MSc)

# Hyper-scale Virtual Networking

Virtual Machines (VMs) are not only widely used in clouds to isolate tenant workloads, but increasingly also to deploy Virtual Network Functions (VNF). From these use cases emerges a need for flexible, scalable, and fast IO. The current industry standard is however either not flexible nor scalable (passthrough + SR-IOV), or has high overheads (software switch + vhost). To address these issues, we are striving to improve network virtualization stack architectures so that we can implement sophisticated multiplexing strategies for VMs in software without compromising performance, dependability, or security.

Keywords: Data center networking, VirtIO, SmartNIC, Performance

Thesis / IDP

2023Hyper-scalability of Network Interface Cards for Virtual MachinesFlorian Dominik Freudiger (BSc)
2022Automated Measuring of Ioregionfd and vMux PerformanceSandro-Alessio Gierens (GR)
2022Rethinking IO emulation architectures for VMsSandro-Alessio Gierens (BSc)

# Co-design of OS with High-Performance Applications

Kernel-bypass and userspace components have been the preferred way to fully harness the performance of modern computing systems. This paradigm moved OS services to userspace, including scheduling (ghOSt [SOSP’21]) and IO (DPDK/SPDK, RDMA). However, while being theoretically the most performant in terms of speed/latency/etc., kernel-bypass has several limitations including the lower sharing of resources and the increased complexity in the application.

Instead of moving OS services to userspace, we propose to redesign them to strive to achieve the same performance and customizability as a userspace component but with the security, fairness, and control of the kernel over the resources.

Our first focus is on the page cache for IO in the context of databases.

Keywords: OS design, Memory Management, Performance

# Secure and Efficient Confidential Virtual Machines

Confidential Virtual Machines (CVMs) are emerging trends that offer protection of data in use, allowing for trustworthy computation on remote, untrusted infrastructure in the cloud. While CVMs are gaining attention thanks to their deployability, the traditional system software stacks incur performance overhead due to the limitation of CVMs, especially for I/O. Therefore, we need to rethink software stacks to achieve efficient yet secure computation.

This project analyzes CVM software stacks to reveal the current bottleneck of the system software stack and propose a novel design to optimize them while keeping the security guarantee.

Keywords: Virtualization, TEE, AMD SEV-SNP, Intel TDX, Arm CCA

Thesis / IDP

2023cvm-io: Secure High-Performance Storage Stack for Confidential Virtual MachinesRobert Schambach (MSc)

Group Members

Dr. Masanori Misono

Research Group Leader

Peter Okelmann

PhD student

Ilya Meignan–Masson

PhD student

Patrick Sabanic

PhD Student

Related Teaching

SoSe 2024Practical CourseAdvanced System Programming
WiSe 2023/24SeminarOperating Systemd and Virtualization
WiSe 2023/24Practical CourseSystem Programming