Loading…

Loading grant details…

Completed RESEARCH GRANT UKRI Gateway to Research

UniFaaS: A Unikernel-Based Serverless Operating System

£2.67M GBP

Funder Engineering and Physical Sciences Research Council
Recipient Organization The University of Manchester
Country United Kingdom
Start Date Jun 30, 2021
End Date Jun 29, 2024
Duration 1,095 days
Number of Grantees 1
Roles Principal Investigator
Data Source UKRI Gateway to Research
Grant ID EP/V012134/1
Grant Description

Serverless computing, also know as Function as a Service (FaaS), is an emerging programming paradigm providing significant benefits for both the tenant (i.e. the application developer) and the provider in terms of costs reduction, data centre efficiency, scalability, etc. With its truly on-demand resource

consumption and pricing model, as well as the fact that the tenant is relieved from any infrastructure management effort, serverless has the potential of fully delivering on the core promises of cloud computing, and experts agree that its usage will skyrocket in the years to come. Serverless computing is made possible by two crucial concepts implemented by

the systems software assuring the execution of functions and running in the provider's infrastructure: (1) the isolation of the data and performance of mutually untrusting functions running on the same physical host and (2) the lightweightness of the systems software supporting the execution of functions,

i.e. the potential for low memory and disk footprint as well as fast invocation times for this software. The current serverless infrastructures are suboptimal regarding both concepts as they use a combination of virtual machines (well isolated but heavyweight) and containers (lightweight but presenting some

serious isolation concerns). The unikernel is a new Operating System (OS) model in which an application is executed with a very small custom operating system layer as minimal virtual machine in the cloud. In effect, unikernels combine the strong isolation of virtual machines with a container-like level of lightweightness. These

characteristics make that the unikernel is a uniquely fit candidate to run as serverless infrastructure systems software. We propose to explore the use of the unikernel OS model as the primary unit of function execution in a serverless computing infrastructure. We note that although it presents some fundamental benefits, the unikernel model needs to

evolve to perfectly fit the serverless domain. The principal issue is the lack of support for important features, namely intra-unikernel isolation and multi-processing. These shortcomings are not simply due to missing implementations, but rather derive from fundamental design principles of the unikernel OS model.

Hence, we propose to design and implement UniFaaS as an evolution of the unikernel OS model tailored for serverless computing. UniFaaS aims to support the aforementioned lacking features, while maintaining the isolation and lightweightness benefits that unikernels naturally offer. UniFaaS will be built

on top of an existing unikernel, namely OSv. The design and development effort will be made along 3 main avenues: (1) new functionalities development, in particular multi-process support using threads as well as further specialisation the towards serverless computing; (2) security enhancements, in particular the introduction of low-overhead intra-unikernel isolation using

modern hardware technologies; and (3) lightweightness optimisations to further reduce per-unikernels and per-function memory/disk footprints as well as boot/invocation time through various methods, in order to increase per-host function density. Once UniFaaS is built, we will evaluate its security/isolation,

lightweightness, and performance, by comparing it to traditional serverless deployments that use virtual machines and containers. Regarding security, we note that the current metrics to assess isolation (such as counting the number of lines of code of a software) are rather imprecise and we will develop a

novel method based on the amount of trusted code (guest kernel and/or hypervisor/host) that can be reached from an untrusted component (application code, network, etc.).

All Grantees

The University of Manchester

Advertisement
Discover thousands of grant opportunities
Advertisement
Browse Grants on GrantFunds
Interested in applying for this grant?

Complete our application form to express your interest and we'll guide you through the process.

Apply for This Grant