Cornell Systems Lunch
CS 754 Fall 2005
Sponsored by the
Information Assurance Institute (IAI),
The Systems Lunch is a seminar for discussing recent, interesting papers in the systems area, broadly defined to span operating systems, distributed systems, networking, architecture, databases, and programming languages. The goal is to foster technical discussions among the Cornell systems research community. We meet once a week on Fridays at noon in Rhodes 655.
The systems lunch is open to all Cornell students interested in systems. First-year graduate students are especially welcome. Student participants are expected to sign up for CS 754, Systems Research Seminar, for one credit.
Meridian: A Lightweight Network Location Service without Virtual Coordinates
Bernard Wong, Aleksandrs Slivkins, Emin Gun Sirer
Towards a Global IP Anycast Service
Hitesh Ballani, Paul Francis
FS2: Dynamic Data Replication in Free Disk Space for Improving Disk Performance and Energy-Consumption
Hai Huang, Wanda Hung, Kang Shin (University of Michigan)
Hibernator: Helping Disks Sleep Through The Winter
Qingbo Zhu, Zhifeng Chen, Lin Tan, Yuanyuan Zhou (University of Illinois at Urbana-Champaign), Kimberly Keeton, John Wilkes (Hewlett-Packard Laboratory)
Pioneer: Verifying Integrity and Guaranteeing Execution of Code on Legacy Platforms
Arvind Seshadri, Mark Luk, Elaine Shi, Adrian Perrig (CMU), Leendert van Doorn (IBM), Pradeep Khosla (CMU)
Labeling Virtual Memory in the Asbestos Operating System
Petros Efstathopoulos (UCLA), Maxwell Krohn (MIT), Steve VanDeBogart (UCLA), Cliff Frey (MIT), David Ziegler (MIT), Eddie Kohler (UCLA), David Mazieres (NYU), M. Frans Kaashoek (MIT CSAIL), Robert T. Morris (MIT CSAIL)
|Alan Shieh & Dan Williams|
Vigilante: End-to-End Containment of Internet Worms
Manuel Costa (Microsoft Research), Jon Crowcroft (Cambridge University), Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang and Paul Barham (Microsoft Research)
Capturing, Indexing, Clustering, and Retrieving System History
Ira Cohen (HP Labs), Moises Goldszmidt (HP Labs), Steve Zhang (Stanford University), Terence Kelly (HP Labs), Armando Fox (Stanford), Julie Symons (HP Labs)
Rx: Treating Bugs As Allergies -- A Safe Method for Surviving Software Failures
Feng Qin, Joseph Tucek, Jagadeesan Sundaresan, Yuanyuan Zhou (University of Illinois at Urbana-Champaign)
Lunch will be held in the Systems Lab
A Novel Approach to E-mail Worm/Virus Containment
In this talk, I will present our research into adaptive techniques for identifying and containing the spread of novel e-mail-borne worms and viruses. Traditional techniques have suffered from either a window of vulnerability in detecting novel e-mail worms/viruses or they have high false positive rates, reducing their usefulness.
Our approach combines an Statistical Learning Technique-based approach
using greedy e-mail feature selection with semi-supervised learning to
yield a system that can detect previously unseen types of e-mail worms
and viruses while offering both low false positive and low false
negative rates. I will show preliminary results using both a locally
collected dataset and a publicly available dataset. I will also discuss
the potential benefits that would result from even a partial wide-scale
deployment by the top US service providers. Finally, I will present the
DETER testbed, a unique national-scale testbed that we have designed and
built for open cybersecurity research.
|Anthony Joseph (UC Berkeley)|
Checkpointed Early Load Retirement
Nevin Kırman, Meyrem Kırman, Mainak Chaudhuri, José Martínez
Future Execution: A Hardware Prefetching Technique for Chip Multiprocessors
Ilya Ganusov, Martin Burtscher
Responsive Yet Stable Traffic Engineering
Current intra-domain Traffic Engineering (TE) relies on offline methods, which use long term average traffic demands. It cannot react to realtime traffic changes caused by BGP reroutes, diurnal traffic variations, attacks, or flash crowds. Further, current TE deals with network failures by pre-computing alternative routings for a limited set of failures. It may fail to prevent congestion when unanticipated or combination failures occur, even though the network has enough capacity to handle the failure.
This paper presents TeXCP, an online distributed TE protocol that
balances load in realtime, responding to actual traffic demands and
failures. TeXCP uses multiple paths to deliver demands from an ingress to
an egress router, adaptively moving traffic from over-utilized to
under-utilized paths. These adaptations are carefully designed such that,
though done independently by each edge router based on local information,
they balance load in the whole network without oscillations. We model
TeXCP, prove the stability of the model, and show that it is easy to
implement. Our extensive simulations show that, for the same traffic
demands, a network using TeXCP supports the same utilization and failure
resilience as a network that uses traditional offline TE, but with half or
third the capacity.
|Srikanth Kandula (MIT)|
Building and using Hardware-based Trusted Third Parties
Many security protocols hypothesize the existence of a trusted third party (TTP) to ease handling of computation and data too sensitive for the other parties involved. However, using a TTP to solve real-world security problems generates the same reaction as using fairies or magic: TTPs do not really exist.
This talk will present my research and development work building TTPs based on hardware techniques that (to various degrees of assurance) can help ensure that devices can carry out computation unmolested, and using such hardware-based TTPs to solve real-world problems.
Bio: Sean's current research at Dartmouth College focuses on how to build trustworthy systems in the real world. He previously worked as a scientist at IBM T.J. Watson Research Center, doing secure coprocessor design, implementation and validation, and at Los Alamos National Laboratory, doing security designs and analyses for a wide range of primarily public-sector clients. His book _Trusted Computing Platforms: Design and Applications_ (Springer, 2005) provides a deeper presentation of this research journey.
Sean was educated at Princeton (B.A., Math) and CMU (M.S., Ph.D.,
|Sean Smith (Dartmouth)|
Characterization and Measurement of TCP Traversal through NATs and Firewalls
Saikat Guha and Paul Francis
|November 25||Happy Thanksgiving, no meeting.|
Perils of Transitive Trust in the Domain Name System
Venugopalan Ramasubramanian and Emin Gun Sirer
Lunch will be held in the Systems Lab
Program-Counter-Based Prediction Techniques in Operating Systems
Program instructions uniquely identified by their program counters (PCs) provide a convenient and accurate means of recording the context of program execution and PC-based prediction techniques have been widely used for performance optimizations at the architectural level. Operating systems, on the other hand, have not fully explored the benefits of PC-based prediction for resource management. This work explores the potential benefits provided by PC-based prediction in operating systems (PCOS). In particular, we investigate the potential of using PC-based prediction techniques for managing I/O devices in operating systems.
As a first demonstration of PCOS, we developed a PC-based access pattern classification technique (PCC) for buffer cache management. PCC allows the operating system to correlate the I/O operations with the program context in which they are issued via the PCs of the call instructions that trigger the I/O requests. This correlation allows the operating system to classify I/O access pattern on a per-call-site basis which achieves significantly better accuracy than previous per-file or per-application classification techniques.
We have also developed a PC-based technique (PCAP) for power management that dynamically learns the application I/O access patterns and associated disk idle times to predict when an I/O device can be shut down to save energy. PCAP uses path-based correlation to observe a particular sequence of I/O triggering instructions leading to each idle period, and accurately predicts future occurrences of that idle period.
|Charlie Hu (Purdue)|
Antiquity: Efficiently Binding Data to Owners in Distributed
Content-Addressable Storage Systems
In content-addressable storage (CAS) systems, data is addressed not by its physical location but by a name that is derived from the content of that data. In recent years, the CAS interface, similar to the hashtable's put/get interface, has proven to be a solid foundation upon which to build wide-area distributed storage systems (e.g. CFS, PAST, Pond, Venti).
Distributed storage systems derive several favorable properties from the CAS interface. First, a CAS interface helps ensure data integrity. By carefully selecting the method used to derive names from data, clients can validate the integrity of data retrieved from the system against the name by which it was accessed. With self-verifying data, clients can detect data altered by faulty or compromised components and re-fetch from alternate sources. Second, a CAS interface promotes system scalability. Because the interface does not expose physical addresses to applications, the system can replicate and transfer data freely to add hardware resources or upgrade internal protocols.
One feature commonly missing from distributed content-addressable storage systems, however, is the ability to determine the owner of data stored in the system. Identifying the owner of a piece of data is critical for any system that wishes to monitor per-user storage consumption or compute usage-based fees. In this presentation, we consider how to efficiently implement this feature---the ability to identify the owner of each piece of data---in distributed CAS systems.
While a solution that associates a certificate with each block of data is
conceptually simple, it has been traditionally claimed that the cost of
creating and maintaining certificates is too great. In this presentation,
we demonstrate that systems can, in fact, efficiently map data to its
owner in a secure and non-repudiable fashion. To reduce the cost of
creating and maintaining certificates, we extend the traditional
content-addressable interface to allow the aggregation of many small data
blocks into larger containers. The aggregation is performed in a way that
also supports self-verifying data at the granularity of the block and
container, fine-granularity access, and incremental updates. We describe
a prototype implementation called Antiquity and present performance
results from deployments on PlanetLab and a local cluster.
|Hakim Weatherspoon (UC Berkeley)|