The eBPF Foundation, which focuses on advancing the state of the art for eBPF by directing upstream development, promoting the use of the technology and its benefits, and improving the security and robustness of eBPF as a whole, has awarded five universities each a $50,000 unrestricted grant to perform research to benefit the eBPF community. Twenty-five proposals were submitted by 20 universities for technical projects to develop new features and improvements for eBPF. The eBPF Foundation originally planned one grant, but was able to increase the awards to five due to the significance of the work being proposed. The five winners were selected after a detailed review of all proposals by the eBPF Steering Committee, which consists of lead maintainers in the eBPF ecosystem.
eBPF is a technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It has been used in production for over half a decade at scales from small deployments up to hyperscale cloud operations across billions of devices. eBPF can safely and efficiently extend the kernel’s capabilities without requiring developers to change kernel source code or load kernel modules, while significantly speeding time to market.
The purpose of these grants is two-fold. First, to continue to improve the functionality and reliability of eBPF, we need many new features, which this work will help create and develop. Second, by providing funds to educational institutions rather than contracting developers, this grant program will provide important experience to students and researchers, while also supporting their institutions financially. Additionally, these grants foster collaboration with industry and academia for the benefit of strengthening eBPF itself and driving the state of the art forward.
Summaries of the selected proposals and recipients (in alphabetical order by university) are:
- Learned Virtual Memory with eBPF, Dimitrios Skarlatos, Carnegie Mellon University – The increased memory capacity in data centers, coupled with the proliferation of memory-intensive applications has made virtual memory translation a major performance bottleneck. This issue is about to get much worse due to several factors: i) the inherent hardware limits of TLB scaling, which has already surpassed L2 cache latencies, ii) the advent of terabyte-scale memory capacity through technologies like CXL, and iii) the increasing prevalence of memory-intensive applications. The goal of this project is to introduce an extensible eBPF interface for memory management, enabling lightweight, machine-learning techniques within the Linux kernel that can automatically adapt to the memory needs of individual processes.
- Improving eBPF Complexity with a Hardware-backed Isolation Environment, Zhe Wang, Chinese Academy of Sciences Beijing – The current design of the eBPF verifier poses both security and complexity challenges, which restricts the wider use of eBPF programs. The researchers believe that eBPF is a new type of kernel-mode application, and should adopt the method of isolation rather than verification to ensure the kernel security. Therefore, this project will design a hardware-assisted isolation execution environment for eBPF programs, which not only can achieve the same level of security as the verifier, but also incurs a very low performance overhead.
- Lazy Abstraction Refinement with Proof for an Enhanced Verifier, Zhendong Su, and Hao Sun, ETH Zürich – This project introduces a novel approach—lazy abstraction refinement with proof—to enhance the precision of the eBPF verifier. By selectively and lazily refining abstractions with higher precision verification techniques and encoding refinements in machine-checkable proofs, the approach significantly improves the precision while maintaining a manageable complexity. Proofs generated in user space and validated in kernel space ensure minimal overhead. The implementation and thorough evaluation will demonstrate its effectiveness, with the goal of integration into the upstream and extending the adoption of eBPF.
- Verified Path Exploration for eBPF Static Analysis, Srinivas Narayana and Santosh Nagarakatte, Rutgers University – This project continues an existing effort in the Agni project to formally verify algorithms in the eBPF verifier. Specifically, the researchers will explore formal verification and proofs of soundness for a key algorithm in the verifier, namely path pruning, which enables fast safety checking for eBPF programs with a large number of static code paths. The soundness of path pruning is security-critical since incorrect pruning may result in the execution of malicious programs in the kernel. This project takes the first steps towards formal verification of path pruning, by specifying conditions for soundness, and developing systematic techniques to prove soundness and uncover bugs.
- Efficient IO-Intensive μs-scale Applications using eBPF, Yueyang Pan, Kumar Kartikeya Dwivedi, Rishabh Iyer, and Sanidhya Kashyap, Swiss Federal Institute of Technology Lausanne (EPFL) – This project will extend the eBPF subsystem and the Linux kernel to serve as the substrate for building a dedicated runtime for hosting μs-scale applications on Linux while ensuring efficient resource utilization. As part of this proposal, EPFL aims to flexibly customize existing IO data paths in the kernel (networking, storage) to build a fast path fitting the functional requirements of applications. Further, they will design a fiber abstraction that enables efficient application logic offloading to the kernel.
“The foundation was very pleased to see such strong interest from research universities around the world in this grant program, and in developing new features and improvements for eBPF in general,” said Thomas Graf, chair of the eBPF Foundation governing board and co-founder of eBPF Foundation member Isovalent. “We look forward to collaborating with our new research partners on these projects, and to the entire eBPF community benefiting from this work.”
More information on the grant program and criteria can be found at https://ebpf.foundation/
The post eBPF Foundation Announces $250,000 in Grant Awards for Five eBPF Academic Research Projects appeared first on SD Times.
from SD Times https://ift.tt/29HS0yo
Comments
Post a Comment