Implementing distributed protocols under a standard Linux kernel networking stack enjoys
the benefits of load-aware CPU scaling, high compatibility, and robust security and isolation …

The extended Berkeley Packet Filter (eBPF) provides powerful and flexible kernel interfaces
to extend the kernel functions for user space programs via running bytecode directly in the …

The emerging computational storage device offers an opportunity for in-storage computing. It
alleviates the overhead of data movement between the host and the device, and thus …

Computing is an indispensable tool in addressing climate change, but it also contributes to a
significant and steadily increasing carbon footprint, partly due to the exponential growth in …

The emergence of verified eBPF bytecode is ushering in a new era of safe kernel
extensions. In this paper, we argue that eBPF's verifier---the source of its safety guarantees …

Memory disaggregation has replaced the landscape of dat-acenters by physically
separating compute and memory nodes, achieving improved utilization. As early efforts …

The Berkeley Packet Filter (BPF) has emerged as the de-facto standard for carrying out safe
and performant, user-specified computation (s) in kernel space. However, BPF also …

System call filtering is a widely used security mechanism for protecting a shared OS kernel
against untrusted user applications. However, existing system call filtering techniques either …

Serializable distributed in-memory transactions are important building blocks for data center
applications. To achieve high throughput and low latency, existing distributed transaction …

This paper introduces state embedding, a novel and highly effective technique for validating
the correctness of the eBPF verifier, a critical component for Linux kernel security. To check …