A Decentralized Operating System

Building a More Secure and Reliable Digital Future with a "Decentralized Operating System"
Imagine a world where your online activities, from banking to streaming, are not only faster but also far more secure and private, even when spread across many different computers. That's the vision behind the Decentralized Operating System (DOS) project, funded by the European Research Council.

Our project is creating a new kind of operating system that acts like a smart, secure manager for all sorts of computing resources, no matter where they are or what kind of hardware they use. We're tackling the challenge of making diverse computer parts communicate and work together securely, like building a universal, trusted translator for your computer's components. This includes innovative solutions like putting security directly into network connections and securely using advanced memory.

We're also developing a lightweight, secure foundation for computing that's less vulnerable to attacks, ensuring your information stays safe. Furthermore, our work makes systems incredibly resilient against malicious attempts, ensuring essential services remain available.

In an increasingly connected world, the DOS project is laying the groundwork for a future where your data is safer, online services are more reliable, and innovation can flourish on a truly dependable digital infrastructure.

Our project aims to build a more secure and efficient cloud, moving from old-fashioned, all-in-one servers to specialized hardware. We focused on three key areas to achieve this:

Securing the Cloud: We addressed the challenge of securing cloud systems by building a framework to create "virtual trusted environments" out of specialized components, rather than relying on a single, monolithic server. We also developed a tiny operating system kernel that's 50 times smaller than a standard one, drastically shrinking its attack surface. This work has led to the development of a hardware-based solution that secures memory and networks, a critical step since these are often vulnerable points in the cloud.

Optimizing Performance: We created a new, high-performance storage system specifically for serverless applications that is 10 times faster than current options. We also built a system that uses hardware accelerators like FPGAs to speed up these same applications, making them run with greater efficiency and less latency.

Achieving Tangible Results: Our research has produced significant, measurable improvements.

- Our data consistency protocols are up to 24 times faster than traditional methods.

- Our new trusted network architecture, TNIC, provides a 6 times performance boost over older security systems.

- The Wallet system we developed for confidential serverless computing has a 4.3 times smaller trusted computing base, making it more secure and efficient.

- This work shows that security and performance can go hand-in-hand. We're not just building a more secure cloud; we're building a faster one, too.

Our project's work has significantly pushed the boundaries of what is possible in cloud computing, extending the current scientific knowledge in several key areas. We have not simply applied existing techniques but have developed entirely new approaches to address the next generation of cloud challenges.

Results Beyond the State of the Art
Extending Trust to Disaggregated Systems: The current state of the art for trusted computing relies on monolithic servers. We have gone beyond this by developing the first approach to build trusted execution environments (TEEs) for a disaggregated architecture. This work allows users to create secure and isolated environments by combining different hardware components, a capability that was not possible before. We also solved a fundamental incompatibility between TEEs and high-performance persistent memory, a previously unsolved challenge.

Hardware-Accelerated Security and Performance: Historically, security and performance have been seen as a trade-off. Our work shatters this paradigm by showing that leveraging modern hardware can make systems both more secure and dramatically faster. Our new approach for securing distributed systems, Recipe, offers a 24x higher throughput than traditional Byzantine protocols. We've also created a trusted network card (TNIC) that delivers a 6x performance improvement for secure communication, proving that security can be accelerated directly in hardware.

New Paradigms for Cloud-Native Applications: We have tackled core limitations in modern application development.

For the first time, we've created a framework, F3, that allows serverless functions to efficiently use powerful hardware like FPGAs, an area previously hindered by complex programming and integration issues.

We solved a fundamental trade-off in unikernels (minimalistic operating systems) by enabling them to have flexible, on-demand extensibility without sacrificing their core benefits.

Our Toast system simplifies heterogeneous memory management for programmers, replacing complex, custom libraries with a simple, unified interface that improves portability and security.

Creating a More Secure Foundation: We developed new methods to build secure systems with a much smaller "trusted computing base." Our IronBus system for accelerators and Wallet system for serverless computing reduce the amount of code that needs to be trusted to a bare minimum, significantly decreasing the attack surface and providing verifiable security guarantees that were previously unavailable.