Final Report Abstract

The overarching goal of the project was to determine whether large-scale systems can be built directly on top of a capability system. A fast delegation and scalable revocation of capabilities are of utmost importance in such a system. Furthermore, the interfaces of the capability system should be well usable with a reasonable overhead for the application. During the project we designed and implemented multiple variants of distributed capabilities. We examined distributed capability systems for datacenters as well as highly-parallel capability systems for shared-memory systems. For distributed capability systems in datacenters a low-latency delegation and a fast invalidation-based revocation are the best fit. The revocation mechanism we designed for this scenario, is split into two phases with the invalidation as the first phase and a clean-up of invalid capabilities in the second phase. The invalidation is a fast operation involving only a single node – the resource owner. The clean-up is comparable to distributed garbage collection but is not on the critical path, thus, it is not latency sensitive. Apart from the performance analysis we propose a scheme which strikes a balance between programmability and a scalable implementation of the distributed capability operations – the revocation trees. They enable the programmer to define revocable subsets of capabilities, giving the application enough flexibility to model detailed access rights while still allowing for an efficient distributed revocation. The resulting system, called FractOS, and the capability system’s interface was published at a top-tier conference. We began the analysis capability systems for highly-parallel shared-memory systems, but could not finish it within the project’s time span. During the investigation of the capability subsystem it turned out that other parts of a microkernel-based system are equally important for scalability, like an optimized inter process communication pattern and scalable userland servers. Due to these additional efforts the measurements are still work-in-progress and will be published once finished. With the capability system of FractOS we demonstrated that capabilities are applicable to datacenter workloads including disaggregated architectures. Furthermore, we identified serverless computing to be a real-world use case which could benefit from the fine-grained access control capabilities provide.

Publications

• Slashing the disaggregation tax in heterogeneous data centers with FractOS. Proceedings of the Seventeenth European Conference on Computer Systems, 352-367. ACM.
  Vilanova, Lluís; Maudlej, Lina; Bergman, Shai; Miemietz, Till; Hille, Matthias; Asmussen, Nils; Roitzsch, Michael; Härtig, Hermann & Silberstein, Mark