Operating and Runtime Systems Towards an Efficient and Secure Edge

Located near user data, the edge is a preferred place for executing latency and security-sensitive tasks such as sensor data harvesting and processing. For instance, a smart speaker interacts with user speeches impromptu; it does so by running Natural Language Processing (NLP) inferences purely on device without transmitting the captured personal audio to the cloud for crucially preserving user privacy.

However, existing operating and runtime systems are inadequate in executing such tasks efficiently or securely. First, they suffer from poor efficiency. Design inefficacies in kernel and machine learning inference runtime have incurred large CPU idle epochs and correspondingly led to significant energy and memory inefficiency, which are crucial for the resource-constrained edge. Second, they lack support for Trusted Execution Environment (TEE). Designed to isolate and protect platform resources at the lowest level, a TEE (e.g. Arm TrustZone) executes security-sensitive code, oblivious to the OS. Yet, without mature filesystems or device drivers, the TEE inevitably relies on the OS by exposing the data and control path to the OS for execution on its behalf, creating security and privacy loopholes.

This dissertation shows that, by co-designing systems software with hardware and incorporating the app knowledge, it is possible to foster greater efficiency and security at the edge.

To this end, I present five systems in two parts. The first part addresses the efficiency problem. Starting with Power Sandbox, I endow the knowledge of energy consumption to apps at OS level, allowing them to reason about their own power and adapt towards greater efficiency accordingly. Then I will present Transkernel and STI, two systems that address the execution inefficiencies in kernel and machine learning runtime respectively. Through the two systems, I show that the key to greater efficiency is to eliminate CPU idling by specializing systems with respect to edge workloads and hardware. The second part introduces two systems Driverlet and Enigma, which enable TEE access to mature filesystems and complex devices for the first time. I will show that by intercepting at proper hardware/software boundaries, it is possible not only enable the practical use of TEE but also do so in a secure and private way. Together, the five systems compose a holistic tapestry of system designs towards a more efficient and secure edge.