The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase I project will be to improve security of cloud computing without sacrificing performance and cost efficiency. Cloud computing has proven to be a disruptive technology in the Information Technology (IT) sector, and the application container market is a rapidly growing segment of this sector. Although containers provide a simpler and more efficient apparatus to host applications in the cloud, there are important problems to address, such as weak security isolation, low kernel compatibility, and poor kernel customization. Security is the most common concern because one infected kernel can affect a multitude of containers. So far, each organization that has adopted container applications has been required to independently ensure their own security. One study found that a majority (54% of participants) ran containers on top of virtual machines (VMs) for security isolation, which sacrifices performance and cost efficiency. Thus, there is a significant need to provide a container architecture that supports greater security without sacrificing performance and cost efficiency. This project addresses this urgent need, and the resulting technology can be applied broadly to domains such as cloud computing, Information Technology (IT) infrastructures, Network Function Virtualization (NFV), etc.This Small Business Innovation Research (SBIR) Phase I project will further improve usability, security, and efficiency of a novel software application container architecture, so that it can be easily deployed and evaluated by customers. While the current platform can run Docker containers without modifications, it is incompatible with the Docker and Kubernetes orchestration platforms, which is a probable obstacle to adoption for many container users and developers. The novel containers can run unmodified iterations of existing applications and automatically optimize performance of many applications by patching the binary during runtime. However, it is challenging to handle complicated scenarios in the application binary, and a more sophisticated technique is required to further improve the coverage of the automatic binary optimization module. Due to the licensing requirements of some of the software the novel container platform is based on, the research prototype is run open-source. The goal of this project is to address these limitations and challenges through five major objectives: support Docker and Kubernetes ecosystem compatibility; improve automatic binary optimization coverage; re-design the platform to avoid open-source license violations; further improve security; develop an automatic installation tool and a product demonstration.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
