Jitsu: Just-In-Time Summoning of Unikernels - A. Madhavapeddy, T. Leonard, M. Skjegstad, T. Gazagnaire, D. Sheets, D.Scott, R. Mortier, A. Chaudhry, B. Singh, J. Ludlam, J. Crowcroft, I. Leslie

won the Cambridge Computer Lab Ring Publication of the Year 2016 and was presented at 12th USENIX symposium on Networked Systems Design and Implementation (NSDI 2015)

We presented Jitsu: a system optimised for spinning up tiny Unikernels in response to network traffic. For example when the first TCP/IP SYN packet arrives for a webserver, we would buffer the packet while simultaneously starting the Unikernel which completes the handshake when it finishes booting in a few hundred milliseconds on an ARM A20.

Unikernels: Library Operating Systems for the Cloud - A. Madhavapeddy, R. Mortier, C. Rotsos, D. Scott, B. Singh, T. Gazagnaire, S. Smith, S. Hand, J Crowcroft

won a HIPEAC 2013 award presented at Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2013)

We present unikernels, a new approach to deploying cloud services via applications written in high-level source code. Unikernels are single-purpose appliances that are compile-time specialised into standalone kernels, and sealed against modification when deployed to a cloud platform. In return they offer significant reduction in image sizes, improved efficiency and security, and should reduce operational costs. Our Mirage prototype compiles OCaml code into unikernels that run on commodity clouds and offer an order of magnitude reduction in code size without significant performance penalty. The architecture combines static type-safety with a single address-space layout that can be made immutable via a hypervisor extension. Mirage contributes a suite of type-safe protocol libraries, and our results demonstrate that the hypervisor is a platform that overcomes the hardware compatibility issues that have made past library operating systems impractical to deploy in the real-world.

This describes the awesomeness of the MirageOS open-source library OS

Melange: creating a functional internet - A. Madhavapeddy, A. Ho, T. Deegan, D. Scott, R. Sohan

Best student paper at EuroSys 2007

We present a framework based in OCaml called ``Melange'' which uses strong static typing and generative meta-programming to eliminate a serious class of bugs from Internet servers without paying a performance penalty. We report on fully-featured SSH and DNS servers and measure greater throughput, lower latency and increased flexibility all with source code which is more succinct than the C equivalents: OpenSSH and BIND.

Quite a fun piece of work which shows how well you can do by throwing away the old designs and starting again, with benefit of hindsight. Seems to evoke a love/hate response in readers.

Spatial Security Policies for Mobile Agents in a Sentient Computing Environment - D. Scott, A. Beresford, A. Mycroft

Won the European Association of Software Science and Technology (EASST) Best Software Science Paper award at FASE 2003 (part of ETAPS 2003) in Warsaw, Poland.

A Sentient Computing environment is one in which the system is able to perceive the state of the physical world and use this information to customise its behaviour. Mobile agents are a promising new programming methodology for building distributed applications. We presented: (i) a simple location-based mechanism for the creation of security policies to control mobile agents; (ii) a method of writing applications for a pervasive computing environment through the use of mobile agents and (iii) a demonstration of the applicability of recent theoretical work using ambients to model mobility.

A fun project which combined ceiling-mounted ultrasonic location sensors and a very small amount of theory

Abstracting Application-Level Web Security - D. Scott, R. Sharp

Best Paper at the 11th International World-Wide Web conference (WWW2002)

Application-level web security refers to vulnerabilities inherent in the code of a web-application (irrespective of the technologies in which it is implemented or the security of the systems on which it is build). Many application-level vulnerabilities have been exploited with serious consequences: hackers have tricked e-commerce sites into shipping goods for no charge, accounts have been hijacked and confidential information leaked. We present new tools and techniques which allow the abstraction of security policy from large web-applications in heterogeneous multi-platform environments and analyse their usefulness.

I think people liked this paper because of its practical focus and good timing. It's worth reading if only for the jokes!