Operating System, Unikernel, Library OS, Virtualization, Firmware Security
Google Summer of Code 2014, OSv project, May 2014 - Aug 2014
Porting CRuby to OSv
OSv is new open-sourced lightweight OS witch designed for IaaS platform,
to run single applicatoin on a VM instance with higher performance, smaller resources, and better manageability.
Characteristics of OSv is as follows:
- Single process OS
- Multithread / SMP support
- Provides partial binary compatibility with specific Linux applicatoins
- OS built-in REST API and Web dashboard to provide better manageability
- Focused on Java runtime support
At that point OSv provides minimal Linux APIs to get compatibility with OpenJDK for Linux,
but does not support any other programming languages runtime.
So I added various Linux APIs on OSv to make CRuby runnable.
At the end of the project work, I able to confirm "Publify" (Ruby on Rails based blog engine)
and some other test program works finely on OSv, and merged all codes to upstream.
Proposal | Implementation
Research Assistant, IIJ Innovation Institute, Nov 2014 - Present
Add REST API plugin to OSv
Implemented plugin function for REST API on OSv.
This allowed to export statistics information for OSv instance management system,
we are thinking to use this on next project described below.
Massive scale deployment of tiny OSv instances
Researching a way to deploy huge amount of tiny OSv instances on VM cluster,
and manage them by scalable cluster controller.
Now we are designing an architecture of the cluster controller.
Doctor course, Graduate school of Tokyo University of Agriculture and Technology, April 2018 - present
Major: Computer Science
Laboratry: Yamada Lab
MTM, Graduate school of Tokyo University of Agriculture and Technology, April 2016 - March 2018
Major: Computer Science
Laboratry: Yamada Lab
Research: A Study on Attaining Elasticity of Lightweight Virtual Machines for Cloud Platforms
In cloud platforms whose computational resources are typically virtualized, users or cloud service providers easily adjust resource allocations by changing the size and number of running virtual machines (VM), simply called instances, and balance the loads by migrating instances across physical machines. In such platforms, elasticity is an important ability to swiftly adjust the number of instances on demand. To attain elasticity, the fast instantiation of VMs is mandatory. In this thesis, we try to answer the following question: How is the boot time of the modern lightweight kernel, unikernel, on two major hypervisors, KVM and Xen? We quantitatively measure the boot time of the unikernel and real-world OS kernels on KVM and Xen. We found that the boot time of unikernel-based VMs, RumpRun, is much faster than the other OS kernels on two hypervisors. However, the unikernel inherently limits applicability of the applications; we cannot run multi-process applications on the unikernel-based VMs. The thesis also designs new unikernel functionality, unikernel fork, to achieve fast instantiation of unikernel-based VMs without any modification of applications.
BEng, Osaka University, April 2014 - March 2016
Major: Computer Science
Laboratry: Hagihara Lab
Research: Analysis of Interval Time for Reducing the Total Initialization Time of Burst Start-up of Virtual Lightweight Processes
Nowadays, IaaS is a popular platform of cloud computing that provides virtual computational resources such as CPU, memory and storage. An advantage of IaaS is immediately increase and decrease of resources on demand. PaaS is also a major cloud computing platform that allows developers to provide a service easily by just deploying an application. However, PaaS cannot increase resources immediately.
A cloud platform that utilizes container based virtualization is remarkable because it provides the convenience of both IaaS and PaaS. However, using container on IaaS, we face a redundancy of two resource managers: hypervisor and supervisor. Library OS is one of solutions for addressing the redundancy. Library OS changes a trend of virtualization of IaaS, from virtualizing large general OS to virtualizing and combining small applications. Nevertheless, no cloud platform supports library OS currently.
In this report, through measuring the initialization time of lightweight virtualized instances, I investigate a strategy for initialization of a lot of instances on the cloud computing platform using Library OS. I analyze the behavior of the initialization from the following three viewpoints in case of booting from hundreds to thousands virtualized instances in several seconds on a server which has a dozen of cores: (1)the limits of allocated memory for each instance, (2)the number of instances to boot, (3)an interval of the instances.
Experimental results shows that (1) did not affect the initialization time. In case of (2), the initialization time of booting all the instances at once was smaller than the total of the initialization time at twice. In case of (3), a large interval did not increase the total of initialization time of the same number of instances, while it reduces the initialization time of the first instance. Thus, I suggest a scheduling system for the cloud computing platform using Library OS such that it manages multiple requests together on demand and controls an interval of booting instances depending on program size.
National Institute of Technology, Matsue Collage, April 2009 - March 2014
Major: Information Engineering
Research: Secure pre-OS environment on modern PC firmware
Recently, most of personal computer migrated its firmware UEFI from BIOS.
UEFI Provides very powerful, easy to develop environment for bootloader developers.
Unfortunately which means bootkit also become easy to develop & deploy on the firmware.
In this reasearch I found a new vulnerability on UEFI, and propose a solution to prevent it.
Attended of "Kosen Procon 2010"
Kosen Procon is programming contest for National Institute Collage.
I entried as a assistant for free challange section team.
I developed an Android applicatoin.
Finally my team is prized Award for Excellence.
Attended of "Security Camp 2012"
"Security Camp 2012" is the programming summer camp for
special skilled students held by Ministry of Economy, Trade and Industry
Learned about rootkit behavior
I studied about how rootkit hide its process from user, and tried to implement same behavior
by modifying FreeBSD kernel.
I modified sysctl handler to hide specific process from ps command.
Languages/Frameworks: C, Rust, C++, Assembler(IA-32/AMD64/Intel 64), shell, Python, Java, Ruby, OpenGL
Platforms: Linux(ArchLinux, Gentoo/Linux, Fedora), FreeBSD, OSv, UEFI
Electronic kit, collect and hack vintage computers, 3DCG
Information Security Specialist Examination (情報セキュリティスペシャリスト試験)
Minoru KANATSU, Hajime TAZAKI, Yojiro UO, Hiroshi YAMADA ``Measurement Cloud-oriented Library OS Boot Time for Classification''
Internet Conference 2016, Oct. 2016.
Paper(ja) | Slide(ja)
Minoru KANATSU, and Hiroshi YAMADA ``Running Multi-Process Applications on Unikernel-based VMs''
26th ACM Symposium on Operating Systems Prinsples, (SOSP '17), Oct. 2017.
Extended abstract | Poster