Petros Maniatis, T. J. Giuli, M. Roussopoulos, D. Rosenthal, Mary Baker
P2P systems are exposed to an unusually broad range of attacks. These include a spectrum of denial-of-service, or attrition, attacks from low-level packet flooding to high-level abuse of the peer communication protocol. We identify a set of defenses that systems can deploy against such attacks and potential synergies among them. We illustrate the application of these defenses in the context of the LOCKSS digital preservation system.
{"title":"Impeding attrition attacks in P2P systems","authors":"Petros Maniatis, T. J. Giuli, M. Roussopoulos, D. Rosenthal, Mary Baker","doi":"10.1145/1133572.1133601","DOIUrl":"https://doi.org/10.1145/1133572.1133601","url":null,"abstract":"P2P systems are exposed to an unusually broad range of attacks. These include a spectrum of denial-of-service, or attrition, attacks from low-level packet flooding to high-level abuse of the peer communication protocol. We identify a set of defenses that systems can deploy against such attacks and potential synergies among them. We illustrate the application of these defenses in the context of the LOCKSS digital preservation system.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127967464","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Inconsistent system behavior causes unpredictable performance which is known to stress users; making the system perform consistently should remove this source of user stress. Operating systems currently provide the illusion that each application runs on a dedicated Virtual Machine. This paper proposes incorporating performance into this abstraction, resulting in a Virtual Private Machine. The VPM abstraction aims to improve user-perceived performance by increasing performance consistency, and it is applicable to any user-visible application, from word processors to web servers. To provide VPMs, per-resource performance models allow resources to be scheduled to meet target response times calculated for each user-visible action.
{"title":"Virtual private machines: user-centric performance","authors":"D. B. Stewart, R. Mortier","doi":"10.1145/1133572.1133595","DOIUrl":"https://doi.org/10.1145/1133572.1133595","url":null,"abstract":"Inconsistent system behavior causes unpredictable performance which is known to stress users; making the system perform consistently should remove this source of user stress. Operating systems currently provide the illusion that each application runs on a dedicated Virtual Machine. This paper proposes incorporating performance into this abstraction, resulting in a Virtual Private Machine. The VPM abstraction aims to improve user-perceived performance by increasing performance consistency, and it is applicable to any user-visible application, from word processors to web servers. To provide VPMs, per-resource performance models allow resources to be scheduled to meet target response times calculated for each user-visible action.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126633846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wireless ad hoc networks of sensor nodes are envisioned to be deployed in the physical environment to monitor a wide variety of real-world phenomena. Almost any sensor network application requires some form of self-configuration, where sensor nodes take on specific functions or roles in the network without manual intervention. These roles may be based on varying sensor node properties (e.g., available sensors, location, network neighbors) and may be used to support applications requiring heterogeneous node functionality (e.g., clustering, data aggregation). In this paper we argue that the assignment of user-defined roles is a fundamental part of a wide range of sensor network applications. Consequently, a framework for assignment of roles to sensor nodes in an application-specific manner could significantly ease sensor network programming. We outline the general structure of such a framework and present a first approach to its realization. We demonstrate its utility and feasibility using a number of concrete examples.
{"title":"Generic role assignment for wireless sensor networks","authors":"K. Römer, C. Frank, P. Marrón, C. Becker","doi":"10.1145/1133572.1133588","DOIUrl":"https://doi.org/10.1145/1133572.1133588","url":null,"abstract":"Wireless ad hoc networks of sensor nodes are envisioned to be deployed in the physical environment to monitor a wide variety of real-world phenomena. Almost any sensor network application requires some form of self-configuration, where sensor nodes take on specific functions or roles in the network without manual intervention. These roles may be based on varying sensor node properties (e.g., available sensors, location, network neighbors) and may be used to support applications requiring heterogeneous node functionality (e.g., clustering, data aggregation). In this paper we argue that the assignment of user-defined roles is a fundamental part of a wide range of sensor network applications. Consequently, a framework for assignment of roles to sensor nodes in an application-specific manner could significantly ease sensor network programming. We outline the general structure of such a framework and present a first approach to its realization. We demonstrate its utility and feasibility using a number of concrete examples.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125321065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
E. G. Sirer, Sharad Goel, Mark E Robson, Dogan Engin
Anonymity is increasingly important for networked applications amidst concerns over censorship and privacy. This paper outlines the design of HerbivoreFS, a scalable and efficient file sharing system that provides strong anonymity. HerbivoreFS provides computational guarantees that even adversaries able to monitor all network traffic cannot deduce the identity of a sender or receiver beyond an anonymizing clique of k peers. HerbivoreFS achieves scalability by partitioning the global network into smaller anonymizing cliques. Measurements on PlanetLab indicate that the system achieves high anonymous bandwidth when deployed on the Internet.
{"title":"Eluding carnivores: file sharing with strong anonymity","authors":"E. G. Sirer, Sharad Goel, Mark E Robson, Dogan Engin","doi":"10.1145/1133572.1133611","DOIUrl":"https://doi.org/10.1145/1133572.1133611","url":null,"abstract":"Anonymity is increasingly important for networked applications amidst concerns over censorship and privacy. This paper outlines the design of HerbivoreFS, a scalable and efficient file sharing system that provides strong anonymity. HerbivoreFS provides computational guarantees that even adversaries able to monitor all network traffic cannot deduce the identity of a sender or receiver beyond an anonymizing clique of k peers. HerbivoreFS achieves scalability by partitioning the global network into smaller anonymizing cliques. Measurements on PlanetLab indicate that the system achieves high anonymous bandwidth when deployed on the Internet.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125739337","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As sensitive data lifetime (i.e. propagation and duration in memory) increases, so does the risk of exposure. Unfortunately, this issue has been largely overlooked in the design of most of today's operating systems, libraries, languages, etc. As a result, applications are likely to leave the sensitive data they handle (passwords, financial and military information, etc.) scattered widely over memory, leaked to disk, etc. and left there for an indeterminate period of time. This greatly increases the impact of a system compromise.Dealing with data lifetime issues is currently left to application developers, who largely overlook them. Security-aware developers who attempt to address them (e.g. cryptographic library writers) are stymied by the limitations of the operating systems, languages, etc. they rely on. We argue that data lifetime is a systems issue which must be recognized and addressed at all layers of the software stack.
{"title":"Data lifetime is a systems problem","authors":"Tal Garfinkel, Ben Pfaff, Jim Chow, M. Rosenblum","doi":"10.1145/1133572.1133599","DOIUrl":"https://doi.org/10.1145/1133572.1133599","url":null,"abstract":"As sensitive data lifetime (i.e. propagation and duration in memory) increases, so does the risk of exposure. Unfortunately, this issue has been largely overlooked in the design of most of today's operating systems, libraries, languages, etc. As a result, applications are likely to leave the sensitive data they handle (passwords, financial and military information, etc.) scattered widely over memory, leaked to disk, etc. and left there for an indeterminate period of time. This greatly increases the impact of a system compromise.Dealing with data lifetime issues is currently left to application developers, who largely overlook them. Security-aware developers who attempt to address them (e.g. cryptographic library writers) are stymied by the limitations of the operating systems, languages, etc. they rely on. We argue that data lifetime is a systems issue which must be recognized and addressed at all layers of the software stack.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126238931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wireless local area networks (WLANs) based on a family of 802.11 technologies are becoming ubiquitous. These technologies support multiple data transmission rates. Transmitting at a lower data rate (by using a more resilient modulation scheme) increases the frame transmission time but reduces the bit error rate. In non-cooperative environments such as public hot-spots, individual nodes attempt to maximize their achieved throughput by adjusting the data rate or frame size used, irrespective of the impact of this on overall system performance.In a series of experiments, we demonstrate that the existing distributed MAC protocol encourages non-cooperative nodes to use globally inefficient transmission strategies that lead to degraded aggregate throughputs. We also show that by establishing independence between the allocation of the shared channel time and the strategies used by individual nodes, an improved MAC protocol can lead rational but non-cooperative nodes to make choices that increase aggregate throughputs by as much as 30% under some conditions.
{"title":"Long-term time-share guarantees are necessary for wireless LANs","authors":"Godfrey Tan, J. Guttag","doi":"10.1145/1133572.1133583","DOIUrl":"https://doi.org/10.1145/1133572.1133583","url":null,"abstract":"Wireless local area networks (WLANs) based on a family of 802.11 technologies are becoming ubiquitous. These technologies support multiple data transmission rates. Transmitting at a lower data rate (by using a more resilient modulation scheme) increases the frame transmission time but reduces the bit error rate. In non-cooperative environments such as public hot-spots, individual nodes attempt to maximize their achieved throughput by adjusting the data rate or frame size used, irrespective of the impact of this on overall system performance.In a series of experiments, we demonstrate that the existing distributed MAC protocol encourages non-cooperative nodes to use globally inefficient transmission strategies that lead to degraded aggregate throughputs. We also show that by establishing independence between the allocation of the shared channel time and the strategies used by individual nodes, an improved MAC protocol can lead rational but non-cooperative nodes to make choices that increase aggregate throughputs by as much as 30% under some conditions.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114648712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Michael Hohmuth, M. Peter, Hermann Härtig, J. Shapiro
Secure systems are best built on top of a small trusted operating system: The smaller the operating system, the easier it can be assured or verified for correctness.In this paper, we oppose the view that virtual-machine monitors (VMMs) are the smallest systems that provide secure isolation because they have been specifically designed to provide little more than this property. The problem with this assertion is that VMMs typically do not support interprocess communication, complicating the use of untrusted components inside a secure systems.We propose extending traditional VMMs with features for secure message passing and memory sharing to enable the use of untrusted components in secure systems. We argue that moving system components out of the TCB into the untrusted part of the system and communicating with them using IPC reduces the overall size of the TCB.We argue that many secure applications can make use of untrusted components through trusted wrappers without risking security properties such as confidentiality and integrity.
{"title":"Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors","authors":"Michael Hohmuth, M. Peter, Hermann Härtig, J. Shapiro","doi":"10.1145/1133572.1133615","DOIUrl":"https://doi.org/10.1145/1133572.1133615","url":null,"abstract":"Secure systems are best built on top of a small trusted operating system: The smaller the operating system, the easier it can be assured or verified for correctness.In this paper, we oppose the view that virtual-machine monitors (VMMs) are the smallest systems that provide secure isolation because they have been specifically designed to provide little more than this property. The problem with this assertion is that VMMs typically do not support interprocess communication, complicating the use of untrusted components inside a secure systems.We propose extending traditional VMMs with features for secure message passing and memory sharing to enable the use of untrusted components in secure systems. We argue that moving system components out of the TCB into the untrusted part of the system and communicating with them using IPC reduces the overall size of the TCB.We argue that many secure applications can make use of untrusted components through trusted wrappers without risking security properties such as confidentiality and integrity.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129684906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Computer systems are complex and unforgiving. Users need environments more tolerant of errors, allowing them to correct mistakes and explore alternatives. This is the aim of Joyce. Joyce records application usage across the system in such a way that the semantic relationships between individual operations are preserved. Using this information Joyce enables an exploratory model of undo/redo; the user can navigate, visualize, edit and experiment with the history of the system safe in the knowledge that any history change will not have unforeseen and irreversible effects.
{"title":"Undo for anyone, anywhere, anytime","authors":"James O'Brien, M. Shapiro","doi":"10.1145/1133572.1133579","DOIUrl":"https://doi.org/10.1145/1133572.1133579","url":null,"abstract":"Computer systems are complex and unforgiving. Users need environments more tolerant of errors, allowing them to correct mistakes and explore alternatives. This is the aim of Joyce. Joyce records application usage across the system in such a way that the semantic relationships between individual operations are preserved. Using this information Joyce enables an exploratory model of undo/redo; the user can navigate, visualize, edit and experiment with the history of the system safe in the knowledge that any history change will not have unforeseen and irreversible effects.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129247216","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Transactions ensure simple and correct handling of concurrency and failures but are often considered too expensive for use in file systems. This paper argues that performance is not a barrier to running transactions. It presents a simple mechanism that substantially lowers the cost of read-only transactions (which constitute the bulk of operations in a file system). The approach is inexpensive: it requires modest additional storage, but storage is cheap. It causes read-only transactions to run slightly in the past, but guarantees that they nevertheless see a consistent state.
{"title":"Transactional file systems can be fast","authors":"B. Liskov, R. Rodrigues","doi":"10.1145/1133572.1133592","DOIUrl":"https://doi.org/10.1145/1133572.1133592","url":null,"abstract":"Transactions ensure simple and correct handling of concurrency and failures but are often considered too expensive for use in file systems. This paper argues that performance is not a barrier to running transactions. It presents a simple mechanism that substantially lowers the cost of read-only transactions (which constitute the bulk of operations in a file system). The approach is inexpensive: it requires modest additional storage, but storage is cheap. It causes read-only transactions to run slightly in the past, but guarantees that they nevertheless see a consistent state.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"125 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116179101","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Isaacs, P. Barham, James R. Bulpin, R. Mortier, D. Narayanan
This paper addresses the problem of extracting individual request activity from interleaved event traces. We present a new technique for event correlation which applies a form of temporal join over timestamped, parameterized event streams in order to identify the events pertaining to an individual request. Event schemas ensure that the request extraction mechanism applies to any server application or service without modification, and is robust against future changes in application behavior. This work is part of the Magpie project [2], which is developing infrastructure to track requests end-to-end in a distributed system.
{"title":"Request extraction in Magpie: events, schemas and temporal joins","authors":"R. Isaacs, P. Barham, James R. Bulpin, R. Mortier, D. Narayanan","doi":"10.1145/1133572.1133608","DOIUrl":"https://doi.org/10.1145/1133572.1133608","url":null,"abstract":"This paper addresses the problem of extracting individual request activity from interleaved event traces. We present a new technique for event correlation which applies a form of temporal join over timestamped, parameterized event streams in order to identify the events pertaining to an individual request. Event schemas ensure that the request extraction mechanism applies to any server application or service without modification, and is robust against future changes in application behavior. This work is part of the Magpie project [2], which is developing infrastructure to track requests end-to-end in a distributed system.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122381314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: