Security

Heterogeneous Consensus

The first [consensus](https://en.wikipedia.org/wiki/Consensus_(computer_science)) algorithm with [heterogeneous failures](http://plan9.bell-labs.co/who/garay/continuum.ps), heterogeneous participants, and heterogeneous observers.

Safe Serializable Secure Scheduling

When not all data has the same [security properties](https://en.wikipedia.org/wiki/Information_flow_(information_theory)), distributed [ACID](https://en.wikipedia.org/wiki/ACID_(computer_science)) transaction scheduling has surprising security consequences.

Safe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency

When not all data has the same [security properties](https://en.wikipedia.org/wiki/Information_flow_(information_theory)), distributed [ACID](https://en.wikipedia.org/wiki/ACID_(computer_science)) transaction scheduling has surprising security consequences.

Abort Channels

We present a successfully implemented attack on traditional atomic commit methods across trust domains.

Secure Distributed Transactions

An earlier, work-in-progress version of our [CCS Talk](https://IsaacSheff.com/talk/safe-serializable-secure-scheduling).

Distributed Protocols and Heterogeneous Trust

We use the [Decentralized Label Model](http://www.cs.cornell.edu/andru/papers/iflow-tosem.pdf) to show how distributed algorithms, like [Bosco](https://www.cs.cornell.edu/projects/Quicksilver/public_pdfs/52180438.pdf) and [Nysiad](https://www.usenix.org/legacy/events/nsdi08/tech/full_papers/ho/ho.pdf), can be generalized from more complex trust environments.