This project addresses important challenges posed by the widespread deployment of modern virtualization technologies, including containers and function-as-a-service environments. Containers are very low-overhead virtual machines, and function-as-a-service environments are systems where users run many small jobs, and are billed as such. In these environments, two major challenges are insecurity due to the lack of isolation, and poor scalability due to the many jobs that are running. This project rethinks the computer architecture and the operating system of machines to support these environments securely and scalably.

This work develops a set of novel, transformative computer architecture and operating system technologies that will dramatically improve the security and the scalability of novel virtualization technologies. On the security side, this project will explore novel hardware and software designs to filter system calls efficiently. The idea is to examine every system call that programs issue at runtime and check and validate their arguments for security. On the scalability side, this project will enable the ability to run thousands of containers or functions on the same machine simultaneously, by redesigning TLBs (Translation Lookaside Buffers) and page tables. Overall, these technologies will enhance cloud computing.

This project will initiate an effort on multidisciplinary research and education on whole-system support for modern virtualization technologies in cloud at the University of Illinois. The efforts in this project include working with the Department of Computer Science to broaden the course offerings with multidisciplinary courses in the general area of cloud computing and datacenter technologies. This project will also offer research opportunities to undergraduate students, and broaden participation to under-represented minorities. The project will include an effort of coaching middle and high school robotics teams.

This project will maintain a repository with all the data, code, results, emulators and simulators used and developed during the duration of the project. The repository will be accessible password-free through, and will be kept up to date for at least three years after the project ends.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

National Science Foundation (NSF)
Division of Computer and Network Systems (CNS)
Application #
Program Officer
Matt Mutka
Project Start
Project End
Budget Start
Budget End
Support Year
Fiscal Year
Total Cost
Indirect Cost
University of Illinois Urbana-Champaign
United States
Zip Code