̽��ֱ�� of Cambridge - cloud computing

Aim policies at ‘hardware’ to ensure AI safety, say experts

fpjl2 — Wed, 14 Feb 2024 11:28:30 +0000

Chips and datacentres – the “compute” driving the AI revolution – may be the most effective targets for risk-reducing AI policies, according to a new report.

Making operating systems safer and faster with ‘unikernels’

sc604 — Thu, 28 Jan 2016 08:00:00 +0000

Specialised computer software components to improve the security, speed and scale of data processing in cloud computing are being developed by a ̽��ֱ�� of Cambridge spin-out company. ̽��ֱ��company, Unikernel Systems, which was formed by staff and postdoctoral researchers at the ̽��ֱ�� Computer Laboratory, has recently been acquired by San-Francisco based software company Docker Inc.

Unikernels are small, potentially transient computer modules specialised to undertake a single task at the point in time when it is needed. Because of their reduced size, they are far more secure than traditional operating systems, and can be started up and shut down quickly and cheaply, providing flexibility and further security.

They are likely to become increasingly used in applications where security and efficiency are vital, such as systems storing personal data and applications for the so-called Internet of Things (IoT) – internet-connected appliances and consumer products.

“Unikernels provide the means to run the same application code on radically different environments from the public cloud to IoT devices,” said Dr Richard Mortier of the Computer Laboratory, one of the company’s advisors. “This allows decisions about where to run things to be revisited in the light of experience - providing greater flexibility and resilience. It also means software on those IoT devices is going to be a lot more reliable."

Recent years have seen a huge increase in the amount of data that is collected, stored and processed, a trend that will only continue as increasing numbers of devices are connected to the internet. Most commercial data storage and processing now takes place within huge datacentres run by specialist providers, rather than on individual machines and company servers; the individual elements of this system are obscured to end users within the ‘cloud’. One of the technologies that has been instrumental in making this happen is virtual machines.

Normally, a virtual machine (VM) runs just like a real computer, with its own virtual operating system – just as your desktop computer might run Windows. However, a single real machine can run many VMs concurrently. VMs are general purpose, able to handle a wide range of jobs from different types of user, and capable of being moved across real machines within datacentres in response to overall user demand. ̽��ֱ�� ̽��ֱ��’s Computer Laboratory started research on virtualisation in 1999, and the Xen virtual machine monitor that resulted now provides the basis for much of the present-day cloud.

Although VMs have driven the development of the cloud (and greatly reduced energy consumption), their inherent flexibility can come at a cost if their virtual operating systems are the generic Linux or Windows systems. These operating systems are large and complex, they have significant memory footprints, and they take time to start up each time they are required. Security is also an issue, because of their relatively large ‘attack surface’.

Given that many VMs are actually used to undertake a single function, (e.g. acting as a company database), recent research has shifted to minimising complexity and improving security by taking advantage of the narrow functionality. And this is where unikernels come in.

Researchers at the Computer Laboratory started restructuring VMs into flexible modular components in 2009, as part of the RCUK-funded MirageOS project. These specialised modules – or unikernels - are in effect the opposite of generic VMs. Each one is designed to undertake a single task; they are small, simple and quick, using just enough code to enable the relevant application or process to run (about 4% of a traditional operating system according to one estimate).

̽��ֱ��small size of unikernels also lends considerable security advantages, as they present a much smaller ‘surface’ to malicious attack, and also enable companies to separate out different data processing tasks in order to limit the effects of any security breach that does occur. Given that resource use within the cloud is metered and charged, they also provide considerable cost savings to end users.

By the end of last year, the unikernel technology arising from MirageOS was sufficiently advanced that the team, led by Dr. Anil Madhavapeddy, decided to found a start-up company. ̽��ֱ��company, Unikernel Systems, was recently acquired by San Francisco-based Docker Inc. to accelerate the development and broad adoption of the technology, now envisaged as a critical element in the future of the Internet of Things.

“This brings together one of the most significant developments in operating systems technology of recent years, with one of the most dynamic startups that has already revolutionised the way we use cloud computing. This link-up will truly allow us all to “rethink cloud infrastructure”, said Balraj Singh, co-founder and CEO of Unikernel Systems.

“This acquisition shows that the Computer Laboratory continues to produce innovations that find their way into mainstream developments. It also shows the power of open source development to have impact and to be commercially successful”, said Professor Andy Hopper, Head of the ̽��ֱ�� of Cambridge Computer Laboratory.

Technology to improve the security, speed and scale of data processing in age of the Internet of Things is being developed by a Cambridge spin-out company.

This acquisition shows the power of open source development to have impact and to be commercially successful.

Andy Hopper

̽��ֱ��text in this work is licensed under a Creative Commons Attribution 4.0 International License. For image use please see separate credits above.

Yes

How can we protect our information in the era of cloud computing?

sc604 — Mon, 26 Jan 2015 06:07:03 +0000

In an article published in the Proceedings of the Royal Society A, Professor Jon Crowcroft argues that by parcelling and spreading data across multiple sites, and weaving it together like a tapestry, not only would our information be safer, it would be quicker to access, and could potentially be stored at lower overall cost.

̽��ֱ��internet is a vast, decentralised communications system, with minimal administrative or governmental oversight. However, we increasingly access our information through cloud-based services, such as Google Drive, iCloud and Dropbox, which are very large centralised storage and processing systems. Cloud-based services offer convenience to the user, as their data can be accessed from anywhere with an internet connection, but their centralised nature can make them vulnerable to attack, such as when personal photos of mostly young and female celebrities were leaked last summer after their iCloud accounts were hacked.

Storing information in the cloud makes it easily accessible to users, while removing the burden of managing it; and the cloud’s highly centralised nature keeps costs low for the companies providing the storage. However, centralised systems can lack resilience, meaning that service can be lost when any one part of the network access path fails.

Centralised systems also give a specific point to attack for those who may want to access them illegally. Even if data is copied many times, if all the copies have the same flaw, they are all vulnerable. Just as a small gene pool places a population at risk from a change in the environment, such as a disease, the lack of variety in centralised storage systems places information at greater risk of theft.

̽��ֱ��alternative is a decentralised system, also known as a peer-to-peer system, where resources from many potential locations in the network are mixed, rather than putting all one’s eggs in one basket.

̽��ֱ��strength of a peer-to-peer system is that its value grows as the number of users increases: all producers are also potential consumers, so each added node gives the new producer as many customers as are already on the network.

“Since all the members of a peer-to-peer network are giving as well as consuming resources, it quickly overtakes a centralised network in terms of its strength,” said Crowcroft, of the ̽��ֱ��’s Computer Laboratory.

̽��ֱ��higher reliability and performance of fibre to the home, the availability of 4G networks, and IPv6 (Internet Protocol version 6) are all helping to make decentralised networks viable. In practice, a user would carry most of the data they need to access immediately with them on their mobile device, with their home computer acting as the ‘master’ point of contact.

“Essentially, data is encoded redundantly, but rather than making many copies, we weave a tapestry using the bits that represent data, so that threads making up particular pieces of information are repeated but meshed together with threads making up different pieces of information,” said Crowcroft. “Then to dis-entangle a particular piece of information, we need to unpick several threads.”

Varying the ways that our information is stored or distributed is normally done to protect against faults in the network, but it can also improve the privacy of our data. In a decentralised system where data is partitioned across several sites, any attacker attempting to access that data has a much more complex target – the attacker has to know where all bits of the information are, as opposed to using brute force at one point to access everything. “ ̽��ֱ��more diversity we use in a peer-to-peer system, the closer we get to an ideal in terms of resilience and privacy,” said Crowcroft.

A peer-to-peer system could also be built at a lower overall cost than a centralised system, argues Crowcroft, since no ‘cache’ is needed in order to store data near the user. To the end user, costs could be as low as a pound per month, or even free, much lower than monthly internet access costs or mobile tariffs.

“We haven’t seen massive take-up of decentralised networks yet, but perhaps that’s just premature,” said Crowcroft. “We’ve only had these massive centralised systems for about a decade, and like many other utilities, the internet will most likely move away from centralisation and towards decentralisation over time, especially as developments in technology make these systems attractive for customers.”

Private information would be much more secure if individuals moved away from cloud-based storage towards peer-to-peer systems, where data is stored in a variety of ways and across a variety of sites, argues a ̽��ֱ�� of Cambridge researcher.

̽��ֱ��more diversity we use in a peer-to-peer system, the closer we get to an ideal in terms of resilience and privacy

Jon Crowcroft

g4ll4is

Privacy

̽��ֱ��text in this work is licensed under a Creative Commons Licence. If you use this content on your site please link back to this page. For image rights, please see the credits associated with each individual image.

Yes

Licence type:

Attribution-ShareAlike