Implement actor resource control mechanisms

[richardartoul]

Things that should be constrainable:

1. CPU usage
2. Memory usage
3. Number of scheduled timers (and size of their payload)
4. Number of scheduled reminders (and size of their payload)
5. Payload sizes in general

[richardartoul]

Wazero has been updated to support context cancellation so this should be relatively easy now :)

[gedw99]

Awesome . This gives capabilities for resource usage ?

[richardartoul]

It allows webassembly functions to run with a “deadline” and once the deadline elapses, the webassembly runtime will stop running the function.

it’s not everything you need, but it’s a pretty good start!

[richardartoul]

I have not integrated that into NOLA yet though

[gedw99]

Just a brain storm... Ideation, etc .

what ya think ??

[richardartoul]

Sorry, I’m not sure what the question is

[gedw99]

my fault... here goes...

Resource management is a type of Capability Security.

File access, Network access are types of Capability Security.

There seems to be few sides to the coin here perhaps:

• Operators want to manage how much User's can do. Like Memory Resources. But also File and Network access limits too, because they care about Users not grinding their Servers into the dust Or escaping the sandbox.

• Users want to run their on the Operators Servers but they also want to limit File, Network access to their own / Or third party's Files and Networks.

• Data Owners want to limit other things. Made a few explanations below..

PII is also a type of Capability too, where the data flows through the WASM functions or Logging does not have names, addresses, etc. Use Case examples from history are:

• Tiktok and 6 years old: https://www.bbc.com/news/technology-56815480
• Medical data: https://milberg.com/news/healthpartners-meta/

WASM computing at the edge is disruptive and PII is part of the danger. Science and Medical need to do WASM compute on others data. Very often in Medical / Science / ML you take the WASM compute to others Data, but you as the data owner want to limit what data flows back to the WASM Compute provider. This is emerging in many other vertical domains.

• Operators want data logs to be stripped of PII.

• Users ( owners of data ) want data flowing to be stripped of PII.

Virus protection is also a Capability for Operators and Users.
This is a classic Hack opportunity that in a WASM Sandbox world is even worse. Once an Operator or Users allow File and Network access, It's easy to slip in a virus or C&C handler.

https://github.com/corazawaf/coraza is related to this area but i presume does not cover this.

• Operators want files uploaded to be clean of viruses.
• Users ( owners of data ) that allow the WASM Compute to be brought to their data, want to ensure no viruses get through.

[gedw99]

Maybe a new Discussion or Issue for this - as soon as i saw Resource Control i remember al the other side channels ...