Thorsten von Eicken

Assistant Professor
tve@cs.cornell.edu
http://www.cs.cornell.edu/tve/
Ph.D. University of California, Berkeley, 1993

My research explores new opportunities at the intersection of computer architecture, programming languages, and operating systems. My approach has been to identify important trends in one area and leverage them to shift the boundaries between the components of

computer systems. This follows an established tradition of experimental computer systems research widely popularized in the RISC work, which focused on the tradeoffs surrounding the compiler/architecture boundary. In the past, I have focused on high-performance communication in clusters of workstations. My group developed the U-Net user-level networking architecture to close the dramatic gap between the bit-rate of high-speed networks and the communication performance seen by applications. The key idea in U-Net is to virtualize the network interface, which allows each application on a multitasking computer to access the network directly without invoking the operating system. This effectively moves the protocol stack to the user-level, where it can be coupled more tightly to the application, resulting in an order-of-magnitude reduction in communication overhead. In addition, the user-level protocols can be customized to the application, thereby enabling experimentation with new protocols that are, for example, tailored toward real-time multimedia stream transmission.

The main ideas of U-Net have been incorporated into the VIA (Virtual Interface Architecture) industry standard led by Compaq, Intel, and Microsoft. At this point, commercial network interfaces designed for VIA are available. My group’s recent research is premised on the conviction that advances in system security and safety could enable far more applications than further performance improvements. At the same time, Java has popularized the notion of safety at the language level and research projects such as Proof Carrying Code made it clear that language-based protection technology was maturing to the point where it would force a reevaluation of the boundaries between programming languages, operating systems, and architecture.

As we began to investigate how to build an entire system on language-based protection, we became convinced that a capability system is the best approach. Being able to revisit an operating system design approach essentially abandoned over a decade ago that still intrigues many an operating system researcher is proving to be a fascinating journey. Two of the most commonly voiced reasons for the failure of capability systems are that they were too expensive to implement and that they were too difficult to use. We developed an operating system on Java, called the J-Kernel, to show how language technology can be used to implement capabilities at very low cost. While trying to extract performance from Java has been a painful undertaking, the J-Kernel does demonstrate that capabilities can be implemented very efficiently. We are now developing applications on the J-Kernel to gain experience using capabilities so we can make progress on simplifying their use. Today, the J-Kernel represents the most sophisticated attempt at building a capability system using language-based security.

[On leave 1999-2000.]