ITI researchers develop masquerading operating system
The amount of applications and software available to users has increased astronomically in the last decade. This means that many operating systems, like Linux, have increasing workloads and exposure to bugs and security risks. A popular solution called unikernels, an operating system that only uses the minimum set of libraries required for an application to run, helps address some security risks, but poses disadvantages as well. The Information Trust Institute’s Sibin Mohan and his student Hsuan-Chi “Austin” Kuo have developed a solution to combine the benefits of traditional operating systems with unikernels.
Unikernels are operating systems that are tailored for one application. They are popular in cloud computing where operating power is at a premium, but they come at a heavy time cost. Because it is built to run one application at a high level, each unikernel is unique and takes an incredible amount of time and effort to be built and run. In their recently published paper, “A Linux in Unikernel Clothing,” Mohan and Kuo explain their method to combine the advantages of the unikernel technique and traditional operating systems, such as Linux, which has a large code base, is extremely versatile, and has a huge community of developer and users around the world.
“Unikernels were proposed to solve the problem of operating systems, but the work is heavy and inhibited and unikernels don’t support existing applications well,” said Kuo, a computer science (CS) graduate student. “In our research, we show that you can achieve the unikernel’s benefits without sacrificing compatibility with existing applications.”
The research began when Kuo had an internship with IBM last summer. His mentors, Dan Williams and Ricardo Koller, are unikernel experts and were working to solve the challenges associated with using them, while Kuo was focusing his thesis research on the Linux operating system. When they discussed combining their specialties to tackle this challenge, they discovered promising possibilities.
When Kuo returned to Illinois the project fit in well with research his adviser, Mohan, was already conducting in regard to debloating code to make it more efficient. (Read more about this project, supported by the Office of Naval Research here). Together they continued the research with the support of C3SR, a research collaboration between CSL and IBM. Their approach, known as “Lupine Linux” (since Linux represents the proverbial wolf in Unikernel clothing), can achieve the flexibility, stability and support of using Linux, while still achieving the performance benefits of unikernels.
C3SR researchers were not the only ones interested in the duo’s work, Kuo recently presented at EuroSys 2020, a large, well-known computer systems conference.
“It’s a well-known conference and some really phenomenal work has come out of it in cloud computing, operating systems, and security,” said Mohan, an assistant professor in CS and electrical and computer engineering. “It is a really good venue to present work and the papers are held in high regard. We got a lot of interest in his (Kuo’s) work.”
Mohan went on to say that even though Kuo’s presentation was the last of the conference, there were still quite a few attendees, plenty of questions, and people asking him for the code he used. While the presentation was virtual due to the Covid-19 situation, Kuo says it was still a valuable experience as his first conference presentation.
“People seemed really interested in the research because Linux usually has an image of being fat and heavy, but we show it can be used in a different way and that you don’t need to do all the extra steps to get things accomplished,” Kuo said.
While they may have already received recognition for their work, Kuo already has plans to improve on it. Currently, the techniques discussed in the paper have to be completed manually. He would like to develop a systematic approach for users to create their own kernels and allow them to run their own workloads, with the goal of making the method more accessible to the public.