Communications of the ACM

tential disadvantage of the containers that continue to run alongside those unikernels is the weakening of security compared to traditional VM environments. Most container platforms today use only software protection for isolation, and do not have recourse to the hardware enforcement available with a hypervisor-based VM environment.

Environments such as Docker use
kernel-provided namespaces to pro-
vide software in each container with
the illusion it is the sole inhabitant
of the Linux system it sees. In princi-
ple, and as long there are no security
vulnerabilities in the underlying con-
tainer software or operating system
to exploit, the containerized applica-
tion has no way to alter data in other
containers running alongside it on the
processor blade. However, researchers
have published proof-of-concept at-
tacks that use side-channel techniques
to eavesdrop on neighboring contain-
ers. An attack published by research-
ers at the University of North Carolina
in 2014 monitored contention in the
cache to listen in on applications run-
ning in other containers.

The Cloud Native Computing Foundation’s Aniszczyk points out that the rapid creation and deletion of services containers encourage makes it more feasible to run them exclusively on their target hardware. As a result, timeslicing moves from being performed on the order of tens of milliseconds to that of minutes. It supports a model where server-farm operators can dynamically allocate entire blades to an application for the seconds or minutes it needs to run.

“With availability comes flexibil-
ity and dynamism,” says Mortier. “You
can scale up and down quickly.”
In this way, the container revolu-
tion represents a large-scale shift
in thinking about multitasking sys-
tems—one that treats compute as a
resource made abundant by Moore’s
Law, rather than the traditional view
that processor capacity is scarce.

Further Reading

Morabito, R.

Power Consumption of Virtualization Technologies: An Empirical Investigation, Proceedings of the 8th IEEE/ACM International Conference on Utility and Cloud Computing (2015).

Madhavapeddy, A., et al

Jitsu: Just-in-Time Summoning of Unikernels, 12th USENIX Symposium of Networked System Design and Implementation (NSDI15), 559-573 Engler, D.R., Kaashoek, M. F., and O’Toole, Jr., J. Exokernel: An Operating System Architecture for Application-Level Resource Management, Proceedings of the fifteenth ACM Symposium on Operating Systems Principles: 251–66 (1995).

Zhang, Y., Juels, A., Reiter, M., and Ristenpart, T. Cross-Tenant Side-Channel Attacks in PaaS Clouds, Proceedings of CCS’ 14, 990

Chris Edwards is a Surrey, U.K.-based writer who reports on electronics, IT, and synthetic biology.

ACM, IEEE RECOGNIZE NISAN WITH KNUTH PRIZE

The 2016 Donald E. Knuth Prize recently was awarded to Noam Nisan of the Hebrew University of Jerusalem for fundamental and lasting contributions to theoretical computer science in areas including communication complexity, pseudorandom number generators, interactive proofs, and algorithmic game theory.

The work of Nisan, a
professor of computer science
in the School of Engineering
and Computer Science of the
Hebrew University of Jerusalem,
has had a fundamental impact
on complexity theory, which
examines which problems
could conceivably be solved
by a computer under limits on
its resources, whether it is on
its computation time, space
used, amount of randomness,
or parallelism. One way in
which computer scientists have
explored complexity limits is
through the use of randomized
algorithms; Nisan has made
major contributions exploring
the power of randomness
in computations. His work
designing pseudorandom
number generators has offered
many insights on whether,
and in what settings, the use
of randomization in efficient
algorithms can be reduced.

Nisan has been a major player in Algorithmic Game Theory and laid the foundation of Algorithmic Mechanism Design (a mechanism is an algorithm or protocol designed so rational participants, motivated purely by self-interest, will achieve the designer’s goals). He designed some of the most effective mechanisms by providing the right incentives to the players, and has shown that in a variety of environments, there is a trade-off between economic efficiency and algorithmic efficiency.

He is also a leading authority in communication complexity, an area of research that examines the amount of information that needs to be transferred between parties for computational problems.

The annual Donald E.

Knuth Prize recognizes
outstanding contributions to
the foundations of computer
science by individuals for
their overall impact in the
field over an extended period,
and includes a $5,000 award.
It is jointly bestowed by
the ACM Special Interest
Group on Algorithms and
Computation Theory (SIGACT)
and the IEEE Computer Society
Technical Committee on the
Mathematical Foundations of
Computing (TCMF).

2 COMPUTER SCIENTISTS AMONG NEWEST MACARTHUR ‘GENIUSES’

The MacArthur Foundation’s recent announcement of its 2016

MacArthur Fellows, commonly known as the “genius grants,” included computer scientists Subhash Khot and Bill Thies.

All of the Fellows receive a no-strings-attached $625,000 grant for their exceptional creativity and potential for future contributions to their fields.

Thies, a computer scientist
at Microsoft Research India
in Bangalore, India, works to
create innovative solutions
to a host of socioeconomic
challenges facing low-income
communities in the developing
world. Thies has used affordable
mobile phone technology to
connect people in rural India,
giving them a way to consume
and create digital content
through simple phone calls.
His work has had wide-
ranging impacts in areas of
citizen journalism, mobile
health applications, and
higher education.

Khot, Silver Professor of Computer Science at the Courant Institute of Mathematical Sciences of New York University, is a theoretical computer scientist and the architect of the Unique Games Conjecture, which Khot and other researchers have used to make enduring discoveries in seemingly unrelated areas, such as electoral stability and the structure of foams.

The MacArthur Fellows Program awards unrestricted fellowships to talented individuals who have shown extraordinary originality and dedication in their creative pursuits and a marked capacity for self-direction.