[PAST EVENT] Lele Ma, Computer Science - Dissertation Proposal
In the era of the Internet of Things, traditional isolation techniques are facing challenges when they are deployed to these new platforms. Most IoT devices have limited resources and are deployed distributively at the edge of the Internet. Similarly, servers serving the IoT devices are no longer in a centralized data center for the sake of high bandwidth and low latency. Revisions to these mechanisms and exploring new isolation mechanisms are needed to meet the requirement of the low-end systems and small data centers on the edge of the Internet. This proposal presents three of our identified problems and proposed solutions, spawning three projects with one is still ongoing.
The first project explored container-based isolation for the emerging Edge computing platforms. We identified a performance issue of live migration on such platforms. Our work proposed a solution where the layered file system is used to synchronize the file system before the migration starts, avoiding the usage of impractical networking shared file systems as in the traditional solution. We reduced the migration time by 56% – 80%
In the second project, we explored a lightweight version of virtual machine-based isolation for security monitoring of critical code and data on edge computing platforms. We designed a framework of low-level system monitoring where the monitor lives in a lower layer underlying all the software stack being monitored, avoiding the cost of embedding different monitors into each layer individually. Furthermore, the monitor was running in a single process virtual machine which only requires 32MB of memory for execution, which reduced the scheduling overhead and saved a significant amount of physical memory.
In the third/current project, we are exploring approaches for fine-grained intra-address space isolation via hardware-software co-design approaches, wishing to bring fundamental improvements to the security of an IoT system. We propose to automatically partition a legacy program into multiple compartments based on our new hardware types for encapsulation and efficient static analysis and instrumentation. In this way, we will remove most human refactoring efforts while hardening the system by privilege separation.
In summary, this proposal explores a spectrum of isolation techniques that can be used in an IoT computing environment. We tailored two coarse-grained isolation techniques to improve their performance and security, respectively. We then explore new ways of fine-grained intra-address space isolation to secure low-end processors running legacy code, with our framework to automate most of the refactoring efforts.
Lele Ma is a Ph.D. Candidate in the Computer Science Department at William & Mary, supervised by Professor Qun Li. His research interests lie in the system support for edge computing and the internet of things, with emphasis on designing secure and efficient operating systems leveraging isolation techniques. He received a master’s degree from the University of Chinese Academy of Sciences, and a bachelor’s degree from Shandong University, China.