Technical Sessions

Operating systems fail both to efficiently exploit, and to effectively manage, the considerable hardware resources of modern network interface controllers. We survey the kinds of hardware facilities available and their applicability, and then investigate (and critique) the reasons why OS designers eschew core support for such features. We then describe Dragonet, a new network stack design based on explicit descriptions of NIC capabilities, aimed at making the best use of today’s and tomorrow’s networking hardware. Dragonet represents both the physical capabilities of the network hardware and the current protocol state of the machine as dataflow graphs. We then embed the former into the latter, instantiating the remainder in software.

When one uses virtual machines for application compatibility, such as running Windows programs on Linux, the user only wants the API components, yet must emulate a disk drive and execute a second, counterproductive level of media heuristics and I/O scheduling. Systems should have a clean interface between API implementation and media optimization, which would lead to more efficient paravirtualization and facilitate rapid, independent evolution of media optimizations and API features. We describe a design that meets these goals, called Zoochory.

Much has been said recently on off-loading computations from the phone. In particular, workloads such as speech and visual recognition that involve models based on “big data” are thought to be prime candidates for cloud processing. We posit that the next few years will see the arrival of mobile usages that require continuous processing of audio and video data from wearable devices. We argue that these usages are unlikely to flourish unless substantial computation is moved back on to the phone. We outline possible solutions to the problems inherent in such a move. We advocate a close partnership between perception and systems researchers to realize these usages.

As sensors penetrate into deeply embedded settings such as implantables, wearables, and textiles, they present new challenges due to their tiny energy buffers and extremely low harvesting conditions under which they need to operate. However, existing low-power operating systems are not designed with the goal of scaling down to such severely constrained environments. We address these challenges with QuarkOS, an OS that scales down by carefully dividing every communication, sensing, and computation task into tiny fragments (e.g. half-bit, one pixel) and introduces sleeps between such fragments to re-charge. In addition QuarkOS is designed to have minimal run-time overhead, while still adapting performance to harvesting conditions. Our results are promising and show continuous communication from an RF-powered CRFID can occur at a third of the harvesting levels of prior approaches, and continuous image sensing to be performed with a tiny solar panel under natural indoor light.

Cloud services inevitably fail: machines lose power, networks become disconnected, pesky software bugs cause sporadic crashes, and so on. Unfortunately, failure recovery itself is often faulty; e.g. recovery can accidentally recursively replicate small failures to other machines until the entire cloud service fails in a catastrophic outage, amplifying a small cold into a contagious deadly plague! We propose that failure recovery should be engineered foremost according to the maxim of primum non nocere, that it “does no harm.” Accordingly, we must consider the system holistically when failure occurs and recover only when observed activity safely allows for it.

Software is modular, and so is run-time state. We argue that by allowing individual layers of the software stack to store isolated runtime state, we cripple the ability of systems to effectively scale or respond to failures. Given the strong desire to build elastic and highly available applications for the cloud, we propose Slice, an abstraction that allows applications to declare appropriate granularities of scale-oriented state, and allows layers to contribute the appropriate layer-specific data to those containers. Slices can be transparently migrated and replicated between application instances, thereby simplifying design of elastic and highly available systems, while retaining the modularity of modern software.

We present Celias, a new concurrent programming model for data-intensive scalable computing. Celias supports many virtues commonly found in existing distributed programming frameworks, such as elastic scaling and fault tolerance, without sacrificing expressiveness. The key design idea of Celias is the concept of a microtask, as a scalable, fault-tolerant, and completely data-driven unit of computation. By combining Tuplespace and microtasks, Celias provides an intuitive yet powerful programming abstraction for large and complex problems.

This paper presents a case for applying the principles of Software-Defined Networking (SDN) to middleboxes and end hosts. The challenges of configuring networking on network hosts resemble those addressed by SDN – numerous multi-vendor components, each with its own syntax and idiosyncratic corner cases, must be orchestrated smoothly. We have developed a prototype called NativeClick, a novel use of the Click Modular Router language, to orchestrate Linux networking tools. NativeClick demonstrates that, while existing SDN efforts have produced insufficient Abstractions to cover a wide range of networking behavior, SDN-like abstractions can make host configurations modular.

We argue for breaking data-parallel jobs in compute clusters into tiny tasks that each complete in hundreds of milliseconds. Tiny tasks avoid the need for complex skew mitigation techniques: by breaking a large job into millions of tiny tasks, work will be evenly spread over available resources by the scheduler. Furthermore, tiny tasks alleviate long wait times seen in today’s clusters for interactive jobs: even large batch jobs can be split into small tasks that finish quickly. We demonstrate a 5.2x improvement in response times due to the use of smaller tasks.

In current data-parallel computing frameworks, high task launch overheads and scalability limitations prevent users from running short tasks. Recent research has addressed many of these bottlenecks; we discuss remaining challenges and propose a task execution framework that can efficiently support tiny tasks.

Realizing elasticity in cloud applications today is often a cumbersome process, requiring applications to integrate with services like elastic load balancers and/or be rewritten to accommodate distributed frameworks like map/reduce or cluster-based operating systems. In this paper, we introduce the concept of ElasticOS, which enables a process (or even a single thread) to stretch its associated resource boundaries across multiple machines automatically, expanding and contracting on demand without requiring the application to be re-designed or configured with a complex combination of additional tools and frameworks. Our initial implementation within Linux 3.2 and a study of a MySQL execution trace provide hope that the ElasticOS vision is achievable.

To ensure the confidentiality and integrity of web content, modern web browsers enforce isolation between content and scripts from different domains with the same-origin policy (SOP). However, many web applications require cross-origin sharing of code and data. This conflict between isolation and sharing has led to an ad hoc implementation of the SOP that has proven vulnerable to such attacks as cross-site scripting, cross-site request forgery, and browser privacy leaks. In this paper, we argue that information flow control (IFC) not only subsumes the same-origin policy but is also more flexible and sound. IFC not only provides stronger confidentiality and integrity for today’s web sites, but also better supports complex sites such as mashups, which are notoriously difficult to implement securely under the SOP.

With the advent in the 1980’s of truly global hierarchical naming (via the Domain Name Service), security researchers realized that the trust relationships needed to authenticate principals would often not follow the naming hierarchy. The most successful non-hierarchical authentication schemes are based on X.509 and RFC 5280, as used for example in TLS and Authenticode. These are extremely widely deployed, and are trusted for most people’s everyday use of the Internet. Unfortunately several incidents in the last few years have proved that this trust is misplaced. We explore the weaknesses of this machinery, helped by a large database of X.509 certificates, and we offer an analysis technique and a suggestion for how the trust could be enhanced.

Augmented reality (AR) takes natural user input (NUI), such as gestures, voice, and eye gaze, and produces digital visual overlays on top of reality seen by a user. Today, multiple shipping AR applications exist, most notably titles for the Microsoft Kinect and smartphone applications such as Layar, Wikitude, and Junaio. Despite this activity, little attention has been paid to operating system support for AR applications. Instead, each AR application today does its own sensing and rendering, with the help of user-level libraries like OpenCV or the Microsoft Kinect SDK.

In this paper, we explore how operating systems should evolve to support AR applications. Because AR applications work with fundamentally new inputs and outputs, an OS that supports AR applications needs to re-think the input and display abstractions exposed to applications. Unlike mouse and keyboard, which form explicit, separate channels for user input, NUI requires continuous sensing of the real-world environment, which often has sensitive data mixed with user input. Hence, the OS input abstractions must ensure that user privacy is not violated, and the OS must provide a fine-grained permission system for access to recognized objects like a user's face and skeleton. In addition, because visual outputs of AR applications mix real-world and virtual objects, the synthetic window abstraction in traditional GUIs is no longer viable, and OSes must rethink the display abstractions and their management. We discuss research directions for solving these and other issues and building an OS that let multiple applications share one (augmented) reality.

We propose a new system-level abstraction, the lightweight immutable execution snapshot, which combines the immutable characteristics of checkpoints with the direct integration into the virtual memory subsystem of standard mutable address spaces. The abstraction can give arbitrary x86 programs and libraries system-level support for backtracking (akin to logic programming) and the ability to manipulate an entire address space as an immutable data structure (akin to functional programming). Our proposed implementation leverages modern x86 hardware-virtualization support.

The processor industry has reached the point where sequential improvements have plateaued and we are being flooded with parallel hardware we don’t know how to utilise. An efficient, general-purpose and easy-to-use parallel model is urgently needed to replace the von Neumann model. We introduce and discuss the self-modifying dataflow graph, an unusual model of computation which combines the naturally parallel dataflow model with local graph transformations to eliminate the need for a global memory. We justify why it is a promising candidate.

Hardware virtualization is a core operating system feature. Network devices, in particular, must be shared while providing high I/O performance. By redesigning the network stack on a novel memory system that supports snapshot isolation, the operating system can effectively share network resources through the familiar socket API, enable zero-copy, reduce memory allocations and simplify driver communication with network interface cards. Starting with network I/O, we hope to further the discussion on hardware-software co-design to improve operating system architecture.