Many of the ideas that drive modern cloud computing, such as server virtualization, network slicing, and robust distributed storage, arose from the research community. Despite this success, today’s clouds have become environments that are unsuitable for moving this research agenda forward—they have particular, unmalleable implementations of these ideas “baked in.” CloudLab will not be a cloud; it will be large-scale, distributed scientific infrastructure on top of which many different clouds can be built.

The A3 project applies virtualization, record-and-replay, introspection, repair, and other techniques to develop a customizable container for “advanced adaptive applications.” The A3 container provides its protected application with both innate and adaptive defenses against security threats.

In the TCloud project we are developing a self-defending, self-evolving, and self-accounting trustworthy cloud platform. Our approach in realizing TCloud holds to the following five tenets: defense in depth, least authority, explicit orchestration of security function, moving-target defense, and verifiable accountability.

We are creating XCap, a secure environment for least-authority execution of applications and system services. Unmodified, untrusted, off-the-shelf applications, running on untrusted operating systems, are isolated by a virtual machine manager. XCap brings the power of a capability-based security system to Xen, building on two principles: strong isolation and secure collaboration.

Emulab is a network testbed, giving researchers a wide range of environments in which to develop, debug, and evaluate their systems. The Emulab facility at the University of Utah has over 600 PCs, a hundred wireless devices, and dozens of switches. It is used by thousands of researchers at hundreds of institutions worldwide. The software that we built to run Emulab is open source, and is used as part of dozens of network testbeds across the globe.