EPSRC logo

Details of Grant 

EPSRC Reference: EP/V012134/1
Title: UniFaaS: A Unikernel-Based Serverless Operating System
Principal Investigator: Olivier, Dr P
Other Investigators:
Researcher Co-Investigators:
Project Partners:
Department: Computer Science
Organisation: University of Manchester, The
Scheme: New Investigator Award
Starts: 01 July 2021 Ends: 30 June 2024 Value (£): 267,264
EPSRC Research Topic Classifications:
Fundamentals of Computing Software Engineering
EPSRC Industrial Sector Classifications:
Information Technologies
Related Grants:
Panel History:
Panel DatePanel NameOutcome
01 Oct 2020 EPSRC ICT Prioritisation Panel October 2020 Announced
Summary on Grant Application Form
Serverless computing, also know as Function as a Service (FaaS), is an emerging

programming paradigm providing significant benefits for both the tenant (i.e.

the application developer) and the provider in terms of costs reduction,

data centre efficiency, scalability, etc. With its truly on-demand resource

consumption and pricing model, as well as the fact that the tenant is relieved

from any infrastructure management effort, serverless has the potential of

fully delivering on the core promises of cloud computing, and experts agree

that its usage will skyrocket in the years to come.

Serverless computing is made possible by two crucial concepts implemented by

the systems software assuring the execution of functions and running in the

provider's infrastructure: (1) the isolation of the data and performance of

mutually untrusting functions running on the same physical host and (2) the

lightweightness of the systems software supporting the execution of functions,

i.e. the potential for low memory and disk footprint as well as fast invocation

times for this software. The current serverless infrastructures are suboptimal

regarding both concepts as they use a combination of virtual machines (well

isolated but heavyweight) and containers (lightweight but presenting some

serious isolation concerns).

The unikernel is a new Operating System (OS) model in which an application is

executed with a very small custom operating system layer as minimal virtual

machine in the cloud. In effect, unikernels combine the strong isolation of

virtual machines with a container-like level of lightweightness. These

characteristics make that the unikernel is a uniquely fit candidate to run as

serverless infrastructure systems software.

We propose to explore the use of the unikernel OS model as the primary unit of

function execution in a serverless computing infrastructure. We note that

although it presents some fundamental benefits, the unikernel model needs to

evolve to perfectly fit the serverless domain. The principal issue is the lack

of support for important features, namely intra-unikernel isolation and

multi-processing. These shortcomings are not simply due to missing

implementations, but rather derive from fundamental design principles of the

unikernel OS model.

Hence, we propose to design and implement UniFaaS as an evolution of the

unikernel OS model tailored for serverless computing. UniFaaS aims to support

the aforementioned lacking features, while maintaining the isolation and

lightweightness benefits that unikernels naturally offer. UniFaaS will be built

on top of an existing unikernel, namely OSv. The design and development effort

will be made along 3 main avenues: (1) new functionalities development, in

particular multi-process support using threads as well as further

specialisation the towards serverless computing; (2) security enhancements, in

particular the introduction of low-overhead intra-unikernel isolation using

modern hardware technologies; and (3) lightweightness optimisations to further

reduce per-unikernels and per-function memory/disk footprints as well as

boot/invocation time through various methods, in order to increase per-host

function density.

Once UniFaaS is built, we will evaluate its security/isolation,

lightweightness, and performance, by comparing it to traditional serverless

deployments that use virtual machines and containers. Regarding security, we

note that the current metrics to assess isolation (such as counting the number

of lines of code of a software) are rather imprecise and we will develop a

novel method based on the amount of trusted code (guest kernel and/or

hypervisor/host) that can be reached from an untrusted component (application

code, network, etc.).

Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.man.ac.uk