Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement actor resource control mechanisms #19

Open
richardartoul opened this issue Jan 9, 2023 · 8 comments
Open

Implement actor resource control mechanisms #19

richardartoul opened this issue Jan 9, 2023 · 8 comments

Comments

@richardartoul
Copy link
Owner

Things that should be constrainable:

  1. CPU usage
  2. Memory usage
  3. Number of scheduled timers (and size of their payload)
  4. Number of scheduled reminders (and size of their payload)
  5. Payload sizes in general
@richardartoul
Copy link
Owner Author

Wazero has been updated to support context cancellation so this should be relatively easy now :)

@gedw99
Copy link

gedw99 commented Mar 16, 2023

Awesome . This gives capabilities for resource usage ?

@richardartoul
Copy link
Owner Author

It allows webassembly functions to run with a “deadline” and once the deadline elapses, the webassembly runtime will stop running the function.

it’s not everything you need, but it’s a pretty good start!

@richardartoul
Copy link
Owner Author

I have not integrated that into NOLA yet though

@gedw99
Copy link

gedw99 commented Mar 16, 2023

Just a brain storm... Ideation, etc .

what ya think ??

@richardartoul
Copy link
Owner Author

Sorry, I’m not sure what the question is

@gedw99
Copy link

gedw99 commented Mar 16, 2023

my fault... here goes...

Resource management is a type of Capability Security.

File access, Network access are types of Capability Security.

There seems to be few sides to the coin here perhaps:

  • Operators want to manage how much User's can do. Like Memory Resources. But also File and Network access limits too, because they care about Users not grinding their Servers into the dust Or escaping the sandbox.

  • Users want to run their on the Operators Servers but they also want to limit File, Network access to their own / Or third party's Files and Networks.

  • Data Owners want to limit other things. Made a few explanations below..

PII is also a type of Capability too, where the data flows through the WASM functions or Logging does not have names, addresses, etc. Use Case examples from history are:

WASM computing at the edge is disruptive and PII is part of the danger.
Science and Medical need to do WASM compute on others data. Very often in Medical / Science / ML you take the WASM compute to others Data, but you as the data owner want to limit what data flows back to the WASM Compute provider. This is emerging in many other vertical domains.

  • Operators want data logs to be stripped of PII.

  • Users ( owners of data ) want data flowing to be stripped of PII.

Virus protection is also a Capability for Operators and Users.
This is a classic Hack opportunity that in a WASM Sandbox world is even worse.
Once an Operator or Users allow File and Network access, It's easy to slip in a virus or C&C handler.

https://github.com/corazawaf/coraza is related to this area but i presume does not cover this.

  • Operators want files uploaded to be clean of viruses.
  • Users ( owners of data ) that allow the WASM Compute to be brought to their data, want to ensure no viruses get through.

@gedw99
Copy link

gedw99 commented Mar 16, 2023

Maybe a new Discussion or Issue for this - as soon as i saw Resource Control i remember al the other side channels ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants