Years ago, applications such as news, e-commerce, or banking websites ran on computers deployed at organizations owning them. Today, with the advent of "cloud computing", such applications instead run in a far-away server farm operated by third-parties. Because the computers are shared by many applications, it is crucial to ensure that one application in the cloud, such as a news website, does not compromise the confidentiality or integrity of another application (e.g., a banking website) running on the same set of computers.
The goal of this project is to develop systems that ensure cloud applications are suitably protected without sacrificing their performance and ability to grow/shrink. This goal will be realized by developing two core building blocks to achieve optimal trade-offs between isolation and performance/agility. The first is variable isolation, where we automatically determine the least privilege and best isolation techniques needed for components of an application, and deploy the highest (weakest) isolation where needed most (least). The second is isolation-aware replication, where tenants selectively replicate their compute and storage within higher-isolation sandboxes. Finally, the project will develop new programming models for correct distributed execution of microservices-based applications.
The research, if successful, will improve both the performance and the security posture of cloud-based applications. Research outcomes of the project, including the experimental harnesses and datasets, will be released open-source, enabling others in research and industry to directly build on them. The project will lead to the development of new courses and boot camps that focus on microservices, lambda-style computation, and isolation. The course/boot camp material will be made publicly available. The project aims to integrate the research into outreach efforts aimed at women, under-represented minorities, non-traditional students, and high school students.
The project and its research artifacts will be hosted at https://bitbucket.org/uw-madison-networking-research/isolation. This site will include research publications, software, datasets, presentations, and tutorials. This site will be kept up to date for the entire duration of the project and for 2-3 years immediately following the project's culmination.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.