Operating Systems are a Service

Abstract

OS containers have set the standard for the deployment of applications in modern systems. OS containers are combined sandboxes/manifests of applications that isolate the running applications and its dependencies from other applications running on top of the same kernel. Containers make it easy to provide multi-tenancy and control over the application, making it ideal for use within cloud architectures such as serverless. This thesis explores and develops novel systems to address three problems faced by containers and the services that use them. First, OS containers currently lack a fast checkpoint-restore mechanism. Second, container security is still inadequate due to its underlying security mechanisms, which provide coarse-grained policies that are abused. Third, the lack of a benchmark for serverless clouds, one of the largest consumers of containers, and specifically checkpoint-restore. This thesis outlines solutions to these problems. First, ObjSnap, a storage system designed and built for two modern single-level store systems, Aurora and MemSnap, which enable checkpoint restore for container systems. ObjSnap is a transactional copy-on-write object store that can outperform other storage systems by up to 4×. Second, we introduce SlimSys, a framework that tackles security issues found within containers by binding a policy to kernel resources. Lastly, we introduce Orcbench, the first benchmark used to evaluate serverless orchestrators.