Isolating Actors using Linux-KVM
Lately, many projects use higher-layer and more lightweight isolation mechanisms to isolate untrusted units of code. Examples of this are operating system containers (e.g. Docker) and serverless platforms using language virtual machines as the isolation boundary. Examples of the latter are Cloudflare Workers [1] (which also uses additional boundaries, [3]) and the serverless platform uActor [2], which uses actors (actor model of computation [4]) as its primary unit of code.
Lower-layer isolation boundaries are often perceived to be more secure and there are projects allowing to further isolate higher-layer units using lower-layer isolation, e.g. Kata-Containers [5], which allows isolating containers using virtual machines. However, more secure isolation methods often come with an increase in resource use due to the replication of many features, e.g., the full filesystem commonly shipped with containers or the network stack commonly used with Unikernel-based VMs.
Serverless actors require a very limited interface (sending and receiving messages) and depend on a limited set of library functionality. The goal of this project is to explore the use of LINUX-KVM to directly run minimal serverless actors (ideally, as an additional runtime for Edgeless [6]). Once a basic system has been designed and implemented, it is possible to measure the overheads of using this additional layer of isolation and therefore determine the feasibility of the approach.
This thesis requires strong capabilities in systems programming and lower-layer languages.
Contact: Raphael Hetzel
[1] https://workers.cloudflare.com/
[2] https://dl.acm.org/doi/10.1145/3469263.3470828
[3] https://developers.cloudflare.com/workers/learning/security-model/
[4] https://arxiv.org/abs/1008.1459