Our research group aims to design, implement, and make novel system software stacks available for new computation paradigms through operating system, hypervisor, and hardware-software co-design.
NOTE: We’re looking for students who want to write BSc/MSc theses or participate in Guided Research. If you are interested, please check the application instructions.
Current Active Projects
# Extensible Unikernels
Unikernels specialize operating systems by tailoring the kernel code for a specific application at compile time. While the specialized library OS approach improves the bootup process, performance, and migration costs, unikernels lack run-time extensibility, e.g., debugging, monitoring, re-configuration, and system management. Consequently, unikernels present a fundamental trade-off between the slimness of the image size at the compile time vs. the flexibility of supported auxiliary functionality at the run-time.
This project aims to balance this trade-off by keeping the unikernel file system image as minimal as possible to solely support the application functionality in the “common case”, while providing “on-demand” extensibility for auxiliary tasks at run-time.
Keywords: Virtualization, Unikernels, eBPF
Thesis / IDP
| 2023 | UniBPF: Safe and Verifiable Unikernels Extensions | Kai-Chun Hsieh (MSc) |
| 2023 | Extending Unikernels with a Language Runtime | Vanda Hendrychova (MSc) |
# Hyper-scale Virtual Networking
Virtual Machines (VMs) are not only widely used in clouds to isolate tenant workloads, but increasingly also to deploy Virtual Network Functions (VNF). From these use cases emerges a need for flexible, scalable, and fast IO. The current industry standard is however either not flexible nor scalable (passthrough + SR-IOV), or has high overheads (software switch + vhost). To address these issues, we are striving to improve network virtualization stack architectures so that we can implement sophisticated multiplexing strategies for VMs in software without compromising performance, dependability, or security.
Keywords: Data center networking, VirtIO, SmartNIC, Performance
Thesis / IDP
| 2023 | Hyper-scalability of Network Interface Cards for Virtual Machines | Florian Dominik Freudiger (BSc) |
| 2022 | Automated Measuring of Ioregionfd and vMux Performance | Sandro-Alessio Gierens (GR) |
| 2022 | Rethinking IO emulation architectures for VMs | Sandro-Alessio Gierens (BSc) |
# Co-design of OS with High-Performance Applications
Kernel-bypass and userspace components have been the preferred way to fully harness the performance of modern computing systems. This paradigm moved OS services to userspace, including scheduling (ghOSt [SOSP’21]) and IO (DPDK/SPDK, RDMA). However, while being theoretically the most performant in terms of speed/latency/etc., kernel-bypass has several limitations including the lower sharing of resources and the increased complexity in the application.
Instead of moving OS services to userspace, we propose to redesign them to strive to achieve the same performance and customizability as a userspace component but with the security, fairness, and control of the kernel over the resources.
Our first focus is on the page cache for IO in the context of databases.
Keywords: OS design, Memory Management, Performance
# Secure and Efficient Confidential Virtual Machines
Confidential Virtual Machines (CVMs) are emerging trends that offer protection of data in use, allowing for trustworthy computation on remote, untrusted infrastructure in the cloud. While CVMs are gaining attention thanks to their deployability, the traditional system software stacks incur performance overhead due to the limitation of CVMs, especially for I/O. Therefore, we need to rethink software stacks to achieve efficient yet secure computation.
This project analyzes CVM software stacks to reveal the current bottleneck of the system software stack and propose a novel design to optimize them while keeping the security guarantee.
Keywords: Virtualization, TEE, AMD SEV-SNP, Intel TDX, Arm CCA
Thesis / IDP
| 2023 | cvm-io: Secure High-Performance Storage Stack for Confidential Virtual Machines | Robert Schambach (MSc) |
Group Members
Related Teaching
| SoSe 2024 | Practical Course | Advanced System Programming |
| WiSe 2023/24 | Seminar | Operating Systems and Virtualization |
| WiSe 2023/24 | Practical Course | System Programming |