769 research outputs found
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed
Running off-site software middleboxes at third-party service providers has
been a popular practice. However, routing large volumes of raw traffic, which
may carry sensitive information, to a remote site for processing raises severe
security concerns. Prior solutions often abstract away important factors
pertinent to real-world deployment. In particular, they overlook the
significance of metadata protection and stateful processing. Unprotected
traffic metadata like low-level headers, size and count, can be exploited to
learn supposedly encrypted application contents. Meanwhile, tracking the states
of 100,000s of flows concurrently is often indispensable in production-level
middleboxes deployed at real networks.
We present LightBox, the first system that can drive off-site middleboxes at
near-native speed with stateful processing and the most comprehensive
protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox
is the product of our systematic investigation of how to overcome the inherent
limitations of secure enclaves using domain knowledge and customization. First,
we introduce an elegant virtual network interface that allows convenient access
to fully protected packets at line rate without leaving the enclave, as if from
the trusted source network. Second, we provide complete flow state management
for efficient stateful processing, by tailoring a set of data structures and
algorithms optimized for the highly constrained enclave space. Extensive
evaluations demonstrate that LightBox, with all security benefits, can achieve
10Gbps packet I/O, and that with case studies on three stateful middleboxes, it
can operate at near-native speed.Comment: Accepted at ACM CCS 201
Model-driven Scheduling for Distributed Stream Processing Systems
Distributed Stream Processing frameworks are being commonly used with the
evolution of Internet of Things(IoT). These frameworks are designed to adapt to
the dynamic input message rate by scaling in/out.Apache Storm, originally
developed by Twitter is a widely used stream processing engine while others
includes Flink, Spark streaming. For running the streaming applications
successfully there is need to know the optimal resource requirement, as
over-estimation of resources adds extra cost.So we need some strategy to come
up with the optimal resource requirement for a given streaming application. In
this article, we propose a model-driven approach for scheduling streaming
applications that effectively utilizes a priori knowledge of the applications
to provide predictable scheduling behavior. Specifically, we use application
performance models to offer reliable estimates of the resource allocation
required. Further, this intuition also drives resource mapping, and helps
narrow the estimated and actual dataflow performance and resource utilization.
Together, this model-driven scheduling approach gives a predictable application
performance and resource utilization behavior for executing a given DSPS
application at a target input stream rate on distributed resources.Comment: 54 page
The Intersection of Function-as-a-Service and Stream Computing
With recent advancements in the field of computing including the emergence of cloud computing, the consumption and accessibility of computational resources have increased drastically. Although there have been significant movements towards more sustainable computing, there are many more steps to be taken to decrease the amount of energy consumed and greenhouse gases released from the computing sector. Historically, the switch from on-premises computing to cloud computing has led to less energy consumption through the design of efficient data centers. By releasing direct control of the hardware that their software is run on, an organization can also increase efficiency and reduce costs. A new development in cloud computing has been serverless computing. Even though the term "serverless" is a misnomer because all applications are still executed on servers, serverless lets an organization resign another level of control, managing instances of virtual machines, to their cloud provider in order to reduce their cost. The cloud provider then provisions resources on-demand enabling less idle time. This reduction of idle time is a direct reduction of computing resources used, therefore resulting in a decrease in energy consumption. One form of serverless computing, Function-as-a-Service (FaaS), may have a promising future replacing some stream computing applications in order to increase efficiency and reduce waste. To explore these possibilities, the development of a stream processing application using traditional methods through Kafka Streams and FaaS through AWS Lambda was completed in order to demonstrate that FaaS can be used for stateless stream processing
Kubernetes as an Availability Manager for Microservice Based Applications
The architectural style of microservices has been gaining popularity in recent years. In this architectural style, small and loosely coupled modules are deployed and scaled inde-pendently to compose cloud-native applications. Microservices are maintained and tested easily and are faster at startup time. However, to fully leverage from the benefits of the archi-tectural style of microservices, it is necessary to use technologies such as containerization. Therefore, in practice, microservices are containerized in order to remain isolated and light-weight and are orchestrated by orchestration platforms such as Kubernetes. Kubernetes is an open-source platform that defines a set of building blocks which collectively provide mecha-nisms for orchestrating containerized microservices. The move towards the architectural style of microservices is well underway and carrier-grade service providers are migrating their lega-cy applications to a microservice based architecture running on Kubernetes. However, service availability remains a concern. Service availability is measured as the percentage of time the service is provisioned. High Availability (HA) is a non-functional requirement for service availability of at least 99.999%. Although the characteristics of microservice based architec-tures naturally contribute to improving the availability, Kubernetes as an orchestration plat-form for microservices needs to be evaluated in terms of availability. Therefore, in this thesis, we identify possible architectures for deploying stateless and stateful microservice based ap-plications with Kubernetes and evaluate Kubernetes from the perspective of availability it provides for its managed applications. Our experiment’s results show that the healing capabili-ties of Kubernetes are not sufficient for providing high availability, especially for stateful ap-plications. Therefore, we propose a State Controller which integrates with Kubernetes and allows for state replication and automatic service redirection to the healthy microservice instance. We conduct experiments to evaluate our solution and compare the different archi-tectures from an availability perspective and scaling overhead. The results of our investiga-tions show that our solution improves the recovery time of stateful microservice based appli-cations by 55% and even up to 99% in certain cases
Optimization towards Efficiency and Stateful of dispel4py
Scientific workflows bridge scientific challenges with computational
resources. While dispel4py, a stream-based workflow system, offers mappings to
parallel enactment engines like MPI or Multiprocessing, its optimization
primarily focuses on dynamic process-to-task allocation for improved
performance. An efficiency gap persists, particularly with the growing emphasis
on conserving computing resources. Moreover, the existing dynamic optimization
lacks support for stateful applications and grouping operations. To address
these issues, our work introduces a novel hybrid approach for handling stateful
operations and groupings within workflows, leveraging a new Redis mapping. We
also propose an auto-scaling mechanism integrated into dispel4py's dynamic
optimization. Our experiments showcase the effectiveness of auto-scaling
optimization, achieving efficiency while upholding performance. In the best
case, auto-scaling reduces dispel4py's runtime to 87% compared to the baseline,
using only 76% of process resources. Importantly, our optimized stateful
dispel4py demonstrates a remarkable speedup, utilizing just 32% of the runtime
compared to the contender.Comment: 13 pages, 13 figure
- …