Talk: Timothy Roscoe – Putting out the hardware dumpster fire

Abstract. The immense hardware complexity of modern computers, both mobile phones and datacenter servers, is a seemingly endless source of bugs and vulnerabilities in system software. Classical operating systems cannot address this, since they only run on a small subset of the machine. The real issues are interactions within the entire ensemble of firmware blobs, co-processors, and CPUs that we term the "de facto OS". The current whac-a-mole approach to these bugs is not solving the problem, but nor will clean-slate OS redesign: it is simply not possible to replace some firmware components, and even if it were, the engineering effort would be prohibitive. Our response, instead, is to build a high-level model of exactly what a given real hardware and software platform consists of, and captures for the first time the necessary and assumed trust relationships between the software contexts executing on different components (CPUs, devices, etc.). This principled but pragmatic approach allows us to make rigorous statements about the hodgepodge of soft- and firmware at the heart of modern computers. We expect these statements to be, at first, depressingly weak, but it may be the only way to identify changes that provably increase the trustworthiness of a real system, and quantify the benefits of these changes. our view on how the cloud ecosystem, barely over fifteen years old, could evolve as it matures.

Bio. Timothy Roscoe started as a Professor in the Computer Science department at ETH Zurich in January 2007, where he performs research in computer systems. He was made an ACM Fellow in 2014 for his contributions to operating systems and networking research. Before joining ETH Zurich, he was a Principal Researcher at Intel Research's Berkeley Lab, Adjunct Professor of Computer Science at the University of California at Berkeley, and a visiting researcher in the ERTOS program at National ICT Australia. At Berkeley he helped to design and build (among other things) the PlanetLab platform for wide-area distributed systems, and the P2 Declarative Networking engine. He joined the Intel Berkeley Lab from Sprint Labs, where he worked for 3.5 years on cloud computing infrastructures and wide-area fine-grained network measurement, and was also a visiting Fellow in the Computer Science Department of the University of California at Berkeley with the Sahara and Oceanstore projects. He received a PhD from the University of Cambridge Computer Laboratory in 1995, where he was a designer and builder of the Nemesis multiservice operating system, as well as working on the Pandora multimedia system and the Wanda microkernel. He designed and built the memory management system and, with Simon Crosby, the object request broker used in the first coffee machine on the World Wide Web. After Cambridge he was hired for a three-year spell as head of research at a small, ill-fated software company in North Carolina called Persimmon IT, where he led and managed a team designing and building a web-based collaboration toolkit using CORBA, XML, Java, and C++.