Research Statement
My Dissertation can be found HERE.
Dissertation abstract: As the demand for cloud computing services grows, developers are looking for ways to increase the security, squeeze out the highest performance, and achieve the lowest costs for their applications. Applications require a thought out security process - e.g. how to use secure hardware to isolate sensitive computations from an untrusted operating system. Network monitoring systems are needed to monitor network traffic flowing in and out of an application. Applications also require careful CPU and memory allocations for the business logic running in containers at the application layer. In order to manage these three components of an application, cloud providers provide an application control and management layer that serves as an entrypoint into any application. Developers can utilize the secure hardware features to enable secure, verifiable computing. Developers can also monitor the network traffic traversing their application’s network and manage CPU and memory allocations. Unfortunately, despite all of these tools to deploy, monitor, and secure an application, developers still lack the controls required to optimize their specific applications’ security, performance, and efficiency. In this thesis, we first explore and outline the root cause of this rigidity and lack of control prevalent in today’s cloud. We focus on rigidity in the three areas of secure hardware, network monitoring, and compute resource allocation. We then build new, programmable platforms and systems that allow users to design and implement application-specific secure hardware features, network monitoring applications, and compute resource allocation algorithms. We evaluate each of our systems and show how a developer can now optimize their applications with fine-grained control over the underlying compute infrastructure.
Core publication/work of my dissertation can be found HERE