recentpopularlog in

jabley : filetype:pdf   132

« earlier  
LSM-based Storage Techniques: A Survey
Recently, the Log-Structured Merge-tree (LSMtree) has been widely adopted for use in the storage layer of
modern NoSQL systems. Because of this, there have been
a large number of research efforts, from both the database
community and the operating systems community, that try
to improve various aspects of LSM-trees. In this paper, we
provide a survey of recent research efforts on LSM-trees so
that readers can learn the state-of-the-art in LSM-based storage techniques. We provide a general taxonomy to classify
the literature of LSM-trees, survey the efforts in detail, and
discuss their strengths and trade-offs. We further survey several representative LSM-based open-source NoSQL systems
and discuss some potential future research directions resulting from the survey
data-structures  lsm  nosql  storage  index  data  rocksdb  leveldb  cassandra  hbase  database  filetype:pdf  comp-sci  paper 
27 days ago by jabley
The Unwritten Contract of Solid State Drives
We perform a detailed vertical analysis of application performance atop a range of modern file systems and SSD FTLs.
We formalize the “unwritten contract” that clients of SSDs
should follow to obtain high performance, and conduct our
analysis to uncover application and file system designs that
violate the contract. Our analysis, which utilizes a highly
detailed SSD simulation underneath traces taken from real
workloads and file systems, provides insight into how to better construct applications, file systems, and FTLs to realize
robust and sustainable performance.
ssd  filetype:pdf  paper  comp-sci  disk  performance  research 
27 days ago by jabley
[no title]
how information operations have been carried out in the past to exploit divisions
filetype:pdf  cybersecurity  security  infosec 
6 weeks ago by jabley
A fork() in the road
The received wisdom suggests that Unix’s unusual combination of fork() and exec() for process creation was an
inspired design. In this paper, we argue that fork was a clever
hack for machines and programs of the 1970s that has long
outlived its usefulness and is now a liability. We catalog the
ways in which fork is a terrible abstraction for the modern programmer to use, describe how it compromises OS
implementations, and propose alternatives.
As the designers and implementers of operating systems,
we should acknowledge that fork’s continued existence as
a first-class OS primitive holds back systems research, and
deprecate it. As educators, we should teach fork as a historical artifact, and not the first process creation mechanism
students encounter.
filetype:pdf  unix  os  design  fork  memory  safety  performance 
april 2019 by jabley
Fast Serializable Multi-Version Concurrency Control for Main-Memory Database Systems
Multi-Version Concurrency Control (MVCC) is a widely employed concurrency control mechanism, as it allows for execution modes where readers never block writers. However,
most systems implement only snapshot isolation (SI) instead
of full serializability. Adding serializability guarantees to existing SI implementations tends to be prohibitively expensive.
We present a novel MVCC implementation for main-memory database systems that has very little overhead compared
to serial execution with single-version concurrency control,
even when maintaining serializability guarantees. Updating
data in-place and storing versions as before-image deltas in
undo buffers not only allows us to retain the high scan performance of single-version systems but also forms the basis of our cheap and fine-grained serializability validation
mechanism. The novel idea is based on an adaptation of
precision locking and verifies that the (extensional) writes
of recently committed transactions do not intersect with the
(intensional) read predicate space of a committing transaction. We experimentally show that our MVCC model allows
very fast processing of transactions with point accesses as
well as read-heavy transactions and that there is little need
to prefer SI over full serializability any longer.
comp-sci  database  mvcc  performance  design  architecture  filetype:pdf  paper  serialisability  linearisability 
march 2019 by jabley
EIO: Error Handling is Occasionally Correct
The reliability of file systems depends in part on how
well they propagate errors. We develop a static analysis technique, EDP, that analyzes how file systems and
storage device drivers propagate error codes. Running
our EDP analysis on all file systems and 3 major storage
device drivers in Linux 2.6, we find that errors are often
incorrectly propagated; 1153 calls (13%) drop an error
code without handling it.
We perform a set of analyses to rank the robustness
of each subsystem based on the completeness of its error propagation; we find that many popular file systems
are less robust than other available choices. We confirm that write errors are neglected more often than read
errors. We also find that many violations are not cornercase mistakes, but perhaps intentional choices. Finally,
we show that inter-module calls play a part in incorrect
error propagation, but that chained propagations do not.
In conclusion, error propagation appears complex and
hard to perform correctly in modern systems.
filetype:pdf  paper  comp-sci  filesystem  errors  correctness  error-handling 
march 2019 by jabley
The PlusCal Algorithm Language
Algorithms are different from programs and should not be described with
programming languages. The only simple alternative to programming languages has been pseudo-code. PlusCal is an algorithm language that can be
used right now to replace pseudo-code, for both sequential and concurrent
algorithms. It is based on the TLA+ specification language, and a PlusCal
algorithm is automatically translated to a TLA+ specification that can be
checked with the TLC model checker and reasoned about formally.
filetype:pdf  comp-sci  lamport  formal-methods  correctness 
march 2019 by jabley
mov is Turing-complete
It is well-known that the x86 instruction set is baroque, overcomplicated, and redundantly redundant. We show just how much fluff
it has by demonstrating that it remains Turing-complete when reduced to just one instruction.
The instruction we choose is mov, which can do both loads
and stores. We use no unusual addressing modes, self-modifying
code, or runtime code generation. Using just this instruction (and
a single unconditional branch at the end of the program to make
nontermination possible), we demonstrate how an arbitrary Turing
machine can be simulated.
computer  x86  comp-sci  filetype:pdf  paper 
march 2019 by jabley
Understanding Real-World Concurrency Bugs in Go
Go is a statically-typed programming language that aims
to provide a simple, efficient, and safe way to build multithreaded software. Since its creation in 2009, Go has matured and gained significant adoption in production and
open-source software. Go advocates for the usage of message passing as the means of inter-thread communication
and provides several new concurrency mechanisms and libraries to ease multi-threading programming. It is important
to understand the implication of these new proposals and the
comparison of message passing and shared memory synchronization in terms of program errors, or bugs. Unfortunately,
as far as we know, there has been no study on Go’s concurrency bugs.
In this paper, we perform the first systematic study on
concurrency bugs in real Go programs. We studied six popular Go software including Docker, Kubernetes, and gRPC.
We analyzed 171 concurrency bugs in total, with more than
half of them caused by non-traditional, Go-specific problems.
Apart from root causes of these bugs, we also studied their
fixes, performed experiments to reproduce them, and evaluated them with two publicly-available Go bug detectors.
Overall, our study provides a better understanding on Go’s
concurrency models and can guide future researchers and
practitioners in writing better, more reliable Go software
and in developing debugging and diagnosis tools for Go.
concurrency  go  bugs  golang  filetype:pdf  paper 
march 2019 by jabley
Cloud Programming Simplified: A Berkeley View on Serverless Computing
Serverless cloud computing handles virtually all the system administration operations needed to make it
easier for programmers to use the cloud. It provides an interface that greatly simplifies cloud programming,
and represents an evolution that parallels the transition from assembly language to high-level programming
languages. This paper gives a quick history of cloud computing, including an accounting of the predictions
of the 2009 Berkeley View of Cloud Computing paper, explains the motivation for serverless computing,
describes applications that stretch the current limits of serverless, and then lists obstacles and research
opportunities required for serverless computing to fulfill its full potential. Just as the 2009 paper identified
challenges for the cloud and predicted they would be addressed and that cloud use would accelerate, we
predict these issues are solvable and that serverless computing will grow to dominate the future of cloud
computing.
report  papers  cloud  serverless  filetype:pdf 
march 2019 by jabley
ExSpectre: Hiding Malware in Speculative Execution
Recently, the Spectre and Meltdown attacks revealed serious vulnerabilities in modern CPU designs, allowing
an attacker to exfiltrate data from sensitive programs. These
vulnerabilities take advantage of speculative execution to coerce
a processor to perform computation that would otherwise not
occur, leaking the resulting information via side channels to an
attacker.
In this paper, we extend these ideas in a different direction,
and leverage speculative execution in order to hide malware from
both static and dynamic analysis. Using this technique, critical
portions of a malicious program’s computation can be shielded
from view, such that even a debugger following an instructionlevel trace of the program cannot tell how its results were
computed.
We introduce ExSpectre, which compiles arbitrary malicious
code into a seemingly-benign payload binary. When a separate
trigger program runs on the same machine, it mistrains the CPU’s
branch predictor, causing the payload program to speculatively
execute its malicious payload, which communicates speculative
results back to the rest of the payload program to change its
real-world behavior.
We study the extent and types of execution that can be
performed speculatively, and demonstrate several computations
that can be performed covertly. In particular, within speculative execution we are able to decrypt memory using AES-NI
instructions at over 11 kbps. Building on this, we decrypt and
interpret a custom virtual machine language to perform arbitrary
computation and system calls in the real world. We demonstrate
this with a proof-of-concept dial back shell, which takes only
a few milliseconds to execute after the trigger is issued. We
also show how our corresponding trigger program can be a preexisting benign application already running on the system, and
demonstrate this concept with OpenSSL driven remotely by the
attacker as a trigger program.
ExSpectre demonstrates a new kind of malware that evades
existing reverse engineering and binary analysis techniques. Because its true functionality is contained in seemingly unreachable
dead code, and its control flow driven externally by potentially
any other program running at the same time, ExSpectre poses a
novel threat to state-of-the-art malware analysis techniques.
malware  cpu  papers  security  filetype:pdf  infosec  spectre  vulnerability 
march 2019 by jabley
[no title]
The FoundationDB Record Layer is an open source library
that provides a record-oriented datastore with semantics
similar to a relational database, implemented on top of FoundationDB, an ordered, transactional key-value store. The
Record Layer provides a lightweight, highly extensible way
to store structured data. It offers schema management and a
rich set of query and indexing facilities, some of which are
not usually found in traditional relational databases, such
as nested record types, indexes on commit versions, and indexes that span multiple record types. The Record Layer is
stateless and built for massive multi-tenancy, encapsulating
and isolating all of a tenant’s state, including indexes, into a
separate logical database. We demonstrate how the Record
Layer is used by CloudKit, Apple’s cloud backend service, to
provide powerful abstractions to applications serving hundreds of millions of users. CloudKit uses the Record Layer
to host billions of independent databases, many with a common schema. Features provided by the Record Layer enable
CloudKit to provide richer APIs and stronger semantics, with
reduced maintenance overhead and improved scalability.
filetype:pdf  foundationdb  apple  paper  comp-sci  database  scale  design  experience 
january 2019 by jabley
[no title]
The fastest plans in MPP databases are usually those with
the least amount of data movement across nodes, as data
is not processed while in transit. The network switches
that connect MPP nodes are hard-wired to perform packetforwarding logic only. However, in a recent paradigm shift,
network devices are becoming “programmable.” The quotes
here are cautionary. Switches are not becoming general purpose computers (just yet). But now the set of tasks they can
perform can be encoded in software.
In this paper we explore this programmability to accelerate OLAP queries. We determined that we can offload
onto the switch some very common and expensive query
patterns. Thus, for the first time, moving data through
networking equipment can contribute to query execution.
Our preliminary results show that we can improve response
times on even the best agreed upon plans by more than 2x
using 25 Gbps networks. We also see the promise of linear
performance improvement with faster speeds. The use of
programmable switches can open new possibilities of architecting rack- and datacenter-sized database systems, with
implications across the stack.
filetype:pdf  paper  comp-sci  database  networking  hardware  optimisation  datacenter  design 
january 2019 by jabley
ACLs don't
The ACL model is unable to make correct access decisions for interactions involving more than
two principals, since required information is not retained across message sends. Though this
deficiency has long been documented in the published literature, it is not widely understood. This
logic error in the ACL model is exploited by both the clickjacking and Cross-Site Request
Forgery attacks that affect many Web applications.
filetype:pdf  paper  web  infosec  vulnerability  security 
january 2019 by jabley
Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud
Controlled sharing is fundamental to distributed
systems; yet, on the Web, and in the Cloud, sharing is still
based on rudimentary mechanisms. More flexible, decentralized
cryptographic authorization credentials have not been adopted,
largely because their mechanisms have not been incrementally
deployable, simple enough, or efficient enough to implement
across the relevant systems and devices.
This paper introduces macaroons: flexible authorization credentials for Cloud services that support decentralized delegation
between principals. Macaroons are based on a construction that
uses nested, chained MACs (e.g., HMACs [43]) in a manner that
is highly efficient, easy to deploy, and widely applicable.
Although macaroons are bearer credentials, like Web cookies,
macaroons embed caveats that attenuate and contextually confine
when, where, by who, and for what purpose a target service
should authorize requests. This paper describes macaroons and
motivates their design, compares them to other credential systems,
such as cookies and SPKI/SDSI [14], evaluates and measures a
prototype implementation, and discusses practical security and
application considerations. In particular, it is considered how
macaroons can enable more fine-grained authorization in the
Cloud, e.g., by strengthening mechanisms like OAuth2 [17], and
a formalization of macaroons is given in authorization logic.
web  security  paper  filetype:pdf  authentication  authorisation 
january 2019 by jabley
FUNCTIONAL PEARL Parsing Permutation Phrases
A permutation phrase is a sequence of elements (possibly of different types) in which
each element occurs exactly once and the order is irrelevant. Some of the permutable
elements may be optional. We show a way to extend a parser combinator library
with support for parsing such free-order constructs. A user of the library can easily
write parsers for permutation phrases and does not need to care about checking and
reordering the recognised elements. Possible applications include the generation of
parsers for attributes of XML tags and Haskell’s record syntax.
parsing  filetype:pdf  paper  haskell  functional-programming  combinators 
november 2018 by jabley
Golang’s Garbage
Looking at the performance cost of Go's GC trade-offs
slides  presentation  golang  gc  performance  filetype:pdf 
october 2018 by jabley
The Battle of the Schedulers: FreeBSD ULE vs. Linux CFS
This paper analyzes the impact on application performance
of the design and implementation choices made
in two widely used open-source schedulers: ULE, the
default FreeBSD scheduler, and CFS, the default Linux
scheduler. We compare ULE and CFS in otherwise identical
circumstances. We have ported ULE to Linux, and
use it to schedule all threads that are normally scheduled
by CFS. We compare the performance of a large suite
of applications on the modified kernel running ULE and
on the standard Linux kernel running CFS. The observed
performance differences are solely the result of scheduling
decisions, and do not reflect differences in other subsystems
between FreeBSD and Linux.
There is no overall winner. On many workloads the
two schedulers perform similarly, but for some workloads
there are significant and even surprising differences.
ULE may cause starvation, even when executing
a single application with identical threads, but this
starvation may actually lead to better application performance
for some workloads. The more complex load balancing
mechanism of CFS reacts more quickly to workload
changes, but ULE achieves better load balance in
the long run.
freebsd  linux  kernel  scheduling  comp-sci  comparison  paper  filetype:pdf 
september 2018 by jabley
Putting the “Micro” Back in Microservice
Modern cloud computing environments strive to provide
users with fine-grained scheduling and accounting, as well
as seamless scalability. The most recent face to this trend
is the “serverless” model, in which individual functions,
or microservices, are executed on demand. Popular implementations
of this model, however, operate at a relatively
coarse granularity, occupying resources for minutes at a
time and requiring hundreds of milliseconds for a cold
launch. In this paper, we describe a novel design for
providing “functions as a service” (FaaS) that attempts
to be truly micro: cold launch times in microseconds
that enable even finer-grained resource accounting and
support latency-critical applications. Our proposal is
to eschew much of the traditional serverless infrastructure
in favor of language-based isolation. The result is
microsecond-granularity launch latency, and microsecondscale
preemptive scheduling using high-precision timers.
filetype:pdf  paper  comp-sci  rust  serverless  faas  performance 
september 2018 by jabley
Understanding Architecture Decisions in Context
Many organizations struggle with efficient architecture decision-making
approaches. Often, the decision-making approaches are not articulated or understood.
This problem is particularly evident in large, globally distributed organizations
with multiple large products and systems. The significant architecture
decisions of a system are a critical organization knowledge asset, as well as
a determinant of success. However, the environment in which decisions get
made, recorded, and followed-up on often confounds rather than helps articulation
and execution of architecture decisions. This paper looks at aspects of architecture
decision-making, drawing from an industry-based case study. The data
represents findings from a qualitative case study involving a survey and three
focus groups across multiple organizations in a global technology company. Architects
in this organization are responsible for multiple products and systems,
where individual products can include up to 50+ teams. The impact is not just on
others in the system; architecture decisions also impact other decisions and other
architects. The findings suggest recommendations for organizations to improve
how they make and manage architecture decisions. In particular, this paper notes
the relevance of group decision-making, decision scope, and social factors such
as trust in effective architecture decision-making.
filetype:pdf  paper  architecture  software  decisions  context 
august 2018 by jabley
Erays: Reverse Engineering Ethereum’s Opaque Smart Contracts
Interacting with Ethereum smart contracts can have potentially
devastating financial consequences. In light of
this, several regulatory bodies have called for a need to
audit smart contracts for security and correctness guarantees.
Unfortunately, auditing smart contracts that do
not have readily available source code can be challenging,
and there are currently few tools available that aid in
this process. Such contracts remain opaque to auditors.
To address this, we present Erays, a reverse engineering
tool for smart contracts. Erays takes in smart contract
from the Ethereum blockchain, and produces high-level
pseudocode suitable for manual analysis. We show how
Erays can be used to provide insight into several contract
properties, such as code complexity and code reuse in
the ecosystem. We then leverage Erays to link contracts
with no previously available source code to public source
code, thus reducing the overall opacity in the ecosystem.
Finally, we demonstrate how Erays can be used for
reverse-engineering in four case studies: high-value multisignature
wallets, arbitrage bots, exchange accounts, and
finally, a popular smart-contract game, Cryptokitties. We
conclude with a discussion regarding the value of reverse
engineering in the smart contract ecosystem, and how
Erays can be leveraged to address the challenges that lie
ahead
infosec  security  filetype:pdf  paper  toread  contracts  ethereum  cryptocurrency  vm  reverse-engineering 
august 2018 by jabley
So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users
It is often suggested that users are hopelessly lazy and
unmotivated on security questions. They chose weak
passwords, ignore security warnings, and are oblivious
to certificates errors. We argue that users’ rejection
of the security advice they receive is entirely rational
from an economic perspective. The advice offers to
shield them from the direct costs of attacks, but burdens
them with far greater indirect costs in the form of effort.
Looking at various examples of security advice we find
that the advice is complex and growing, but the benefit
is largely speculative or moot. For example, much of the
advice concerning passwords is outdated and does little
to address actual treats, and fully 100% of certificate
error warnings appear to be false positives. Further, if
users spent even a minute a day reading URLs to avoid
phishing, the cost (in terms of user time) would be two
orders of magnitude greater than all phishing losses.
Thus we find that most security advice simply offers a
poor cost-benefit tradeoff to users and is rejected. Security
advice is a daily burden, applied to the whole
population, while an upper bound on the benefit is the
harm suffered by the fraction that become victims annually.
When that fraction is small, designing security
advice that is beneficial is very hard. For example, it
makes little sense to burden all users with a daily task
to spare 0.01% of them a modest annual pain.
security  infosec  usability  paper  filetype:pdf  economics  time  risk 
august 2018 by jabley
Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer
Operating systems provide various inter-process communication
(IPC) mechanisms. Software applications typically
use IPC for communication between frontend and
backend components, which run in different processes
on the same computer. This paper studies the security
of how the IPC mechanisms are used in PC, Mac and
Linux software. We describe attacks where a nonprivileged
process impersonates the IPC communication endpoints.
The attacks are closely related to impersonation
and man-in-the-middle attacks on computer networks but
take place inside one computer. The vulnerable IPC
methods are ones where a server process binds to a name
or address and waits for client communication. Our results
show that application developers are often unaware
of the risks and secure practices in using IPC. We find attacks
against several security-critical applications including
password managers and hardware tokens, in which
another user’s process is able to steal and misuse sensitive
data such as the victim’s credentials. The vulnerabilities
can be exploited in enterprise environments with
centralized access control that gives multiple users remote
or local login access to the same host. Computers
with guest accounts and shared computers at home are
similarly vulnerable.
paper  filetype:pdf  infosec  password-manager  vulnerability  security 
august 2018 by jabley
Ironies of Automation
This paper discusses the ways in which automation of
industrial processes may expand rather than eliminate problems
with the human operator. Some comments will be made on
methods of alleviating these problems within the "classic'
approach of leaving the operator with responsibility for
abnormal conditions, and on the potential for continued use of
the human operator for on-line decision-making within
human-computer collaboration.
automation  filetype:pdf  paper  human-factors  study  people  control-engineering  allspaw 
may 2018 by jabley
Scalability! But at what COST?
We offer a new metric for big data platforms, COST,
or the Configuration that Outperforms a Single Thread.
The COST of a given platform for a given problem is the
hardware configuration required before the platform outperforms
a competent single-threaded implementation.
COST weighs a system’s scalability against the overheads
introduced by the system, and indicates the actual
performance gains of the system, without rewarding systems
that bring substantial but parallelizable overheads.
We survey measurements of data-parallel systems recently
reported in SOSP and OSDI, and find that many
systems have either a surprisingly large COST, often
hundreds of cores, or simply underperform one thread
for all of their reported configurations.
benchmark  coding  performance  big-data  scalability  paper  filetype:pdf  economics 
april 2018 by jabley
Deluge
How to generate 2TB/s reflection DDoS data flow via a family network
filetype:pdf  security  memcached  udp  network  attack  amplification  paper  infosec  vulnerability 
march 2018 by jabley
BzTree: A High-Performance Latch-free Range Index for Non-Volatile Memory
Storing a database (rows and indexes) entirely in non-volatile memory
(NVM) potentially enables both high performance and fast
recovery. To fully exploit parallelism on modern CPUs, modern
main-memory databases use latch-free (lock-free) index structures,
e.g. Bw-tree or skip lists. To achieve high performance NVMresident
indexes also need to be latch-free. This paper describes the
design of the BzTree, a latch-free B-tree index designed for NVM.
The BzTree uses a persistent multi-word compare-and-swap operation
(PMwCAS) as a core building block, enabling an index design
that has several important advantages compared with competing
index structures such as the Bw-tree. First, the BzTree is latch-free
yet simple to implement. Second, the BzTree is fast - showing
up to 2x higher throughput than the Bw-tree in our experiments.
Third, the BzTree does not require any special-purpose recovery
code. Recovery is near-instantaneous and only involves rolling back
(or forward) any PMwCAS operations that were in-flight during failure.
Our end-to-end recovery experiments of BzTree report an average
recovery time of 145 µs. Finally, the same BzTree implementation
runs seamlessly on both volatile RAM and NVM, which greatly
reduces the cost of code maintenance.
paper  filetype:pdf  storage  persistent  nvm  data-store  comp-sci 
february 2018 by jabley
CloudKit: Structured Storage for Mobile Applications
CloudKit is Apple’s cloud backend service and application development
framework that provides strongly-consistent storage for structured
data and makes it easy to synchronize data across user devices
or share it among multiple users. Launched more than 3 years ago,
CloudKit forms the foundation for more than 50 Apple apps, including
many of our most important and popular applications such
as Photos, iCloud Drive, Notes, Keynote, and News, as well as
many third-party apps. To deliver this at large scale, CloudKit explicitly
leverages multi-tenancy at the application level as well as at
the user level to guide efficient data placement and distribution. By
using CloudKit application developers are free to focus on delivering
the application front-end and logic while relying on CloudKit
for scale, consistency, durability and security. CloudKit manages
petabytes of data and handles hundreds of millions of users around
the world on a daily basis.
paper  mobile  db  ios  apple  filetype:pdf  cassandra  sharding  scalability 
february 2018 by jabley
Recovering Shared Objects Without Stable Storage
This paper considers the problem of building fault-tolerant shared objects when processes can crash
and recover but lose their persistent state on recovery. This Diskless Crash-Recovery (DCR) model
matches the way many long-lived systems are built. We show that it presents new challenges, as
operations that are recorded at a quorum may not persist after some of the processes in that quorum
crash and then recover.
To address this problem, we introduce the notion of crash-consistent quorums, where no recoveries
happen during the quorum responses. We show that relying on crash-consistent quorums enables
a recovery procedure that can recover all operations that successfully finished. Crash-consistent quorums
can be easily identified using a mechanism we term the crash vector, which tracks the causal
relationship between crashes, recoveries, and other operations.
We apply crash-consistent quorums and crash vectors to build two storage primitives. We give
a new algorithm for multi-writer, multi-reader atomic registers in the DCR model that guarantees
safety under all conditions and termination under a natural condition. It improves on the best prior
protocol for this problem by requiring fewer rounds, fewer nodes to participate in the quorum, and
a less restrictive liveness condition. We also present a more efficient single-writer, single-reader
atomic set—a virtual stable storage abstraction. It can be used to lift any existing algorithm from
the traditional Crash-Recovery model to the DCR model. We examine a specific application, state
machine replication, and show that existing diskless protocols can violate their correctness guarantees,
while ours offers a general and correct solution.
paper  filetype:pdf  comp-sci  distributedsystems  consensus  resilience  crash 
october 2017 by jabley
Producing Wrong Data Without Doing Anything Obviously Wrong!
This paper presents a surprising result: changing a seemingly
innocuous aspect of an experimental setup can cause a systems
researcher to draw wrong conclusions from an experiment.
What appears to be an innocuous aspect in the experimental
setup may in fact introduce a significant bias in an
evaluation. This phenomenon is called measurement bias in
the natural and social sciences.
Our results demonstrate that measurement bias is significant
and commonplace in computer system evaluation. By
significant we mean that measurement bias can lead to a performance
analysis that either over-states an effect or even
yields an incorrect conclusion. By commonplace we mean
that measurement bias occurs in all architectures that we
tried (Pentium 4, Core 2, and m5 O3CPU), both compilers
that we tried (gcc and Intel’s C compiler), and most of the
SPEC CPU2006 C programs. Thus, we cannot ignore measurement
bias. Nevertheless, in a literature survey of 133 recent
papers from ASPLOS, PACT, PLDI, and CGO, we determined
that none of the papers with experimental results
adequately consider measurement bias.
Inspired by similar problems and their solutions in other
sciences, we describe and demonstrate two methods, one
for detecting (causal analysis) and one for avoiding (setup
randomization) measurement bias.
paper  filetype:pdf  experiment  bias  measurement 
september 2017 by jabley
Browser Security White Paper
This white paper provides a technical comparison of the security features and attack surface of Google
Chrome, Microsoft Edge, and Internet Explorer. We aim to identify which browser provides the highest level
of security in common enterprise usage scenarios, and show how differences in design and implementation
of various security technologies in modern web browsers might affect their security.
Comparisons are done using a qualitative approach since many issues regarding browser security cannot
easily be quantified. We focus on the weaknesses of different mitigations and hardening features and take
an attacker’s point of view. This should give the reader an impression about how easy or hard it is to attack
a certain browser.
The analysis has been sponsored by Google. X41 D-Sec GmbH accepted this sponsorship on the condition
that Google would not interfere with our testing methodology or control the content of our paper. We
are aware that we could unconsciously be biased to produce results favorable to our sponsor, and have
attempted to eliminate this by being as transparent as possible about our decision-making processes and
testing methodologies.
browser  edge  chrome  ie  web  security  paper  infosec  filetype:pdf 
september 2017 by jabley
Energy Efficiency across Programming Languages
This paper presents a study of the runtime, memory usage
and energy consumption of twenty seven well-known software
languages. We monitor the performance of such languages
using ten different programming problems, expressed
in each of the languages. Our results show interesting findings,
such as, slower/faster languages consuming less/more
energy, and how memory usage influences energy consumption.
We show how to use our results to provide software
engineers support to decide which language to use when
energy efficiency is a concern.
efficiency  language  energy  green  paper  filetype:pdf 
september 2017 by jabley
Keys Under Doormats: mandating insecurity by requiring government access to all data and communications
Twenty years ago, law enforcement organizations lobbied to require data and
communication services to engineer their products to guarantee law enforcement
access to all data. After lengthy debate and vigorous predictions of enforcement
channels “going dark,” these attempts to regulate the emerging Internet were abandoned.
In the intervening years, innovation on the Internet flourished, and law
enforcement agencies found new and more effective means of accessing vastly larger
quantities of data. Today we are again hearing calls for regulation to mandate the
provision of exceptional access mechanisms. In this report, a group of computer
scientists and security experts, many of whom participated in a 1997 study of these
same topics, has convened to explore the likely effects of imposing extraordinary
access mandates.
We have found that the damage that could be caused by law enforcement exceptional
access requirements would be even greater today than it would have been 20
years ago. In the wake of the growing economic and social cost of the fundamental
insecurity of today’s Internet environment, any proposals that alter the security dynamics
online should be approached with caution. Exceptional access would force
Internet system developers to reverse “forward secrecy” design practices that seek to
minimize the impact on user privacy when systems are breached. The complexity of
today’s Internet environment, with millions of apps and globally connected services,
means that new law enforcement requirements are likely to introduce unanticipated,
hard to detect security flaws. Beyond these and other technical vulnerabilities, the
prospect of globally deployed exceptional access systems raises difficult problems
about how such an environment would be governed and how to ensure that such
systems would respect human rights and the rule of law.
internet  paper  filetype:pdf  pki  security  privacy  escrow  communication  government  industry 
june 2017 by jabley
Identifying HTTPS-Protected Netflix Videos in Real-Time
After more than a year of research and development, Netflix
recently upgraded their infrastructure to provide HTTPS
encryption of video streams in order to protect the privacy of their
viewers. Despite this upgrade, we demonstrate that it is possible to
accurately identify Netflix videos from passive traffic capture in
real-time with very limited hardware requirements. Specifically,
we developed a system that can report the Netflix video being
delivered by a TCP connection using only the information
provided by TCP/IP headers.
To support our analysis, we created a fingerprint database
comprised of 42,027 Netflix videos. Given this collection of
fingerprints, we show that our system can differentiate between
videos with greater than 99.99% accuracy. Moreover, when tested
against 200 random 20-minute video streams, our system
identified 99.5% of the videos with the majority of the
identifications occurring less than two and a half minutes into the
video stream.
filetype:pdf  paper  https  data  leak  tls  security 
april 2017 by jabley
Fast Lossless Compression of Scientific Floating-Point Data
In scientific computing environments, large amounts of floating-point data often need to
be transferred between computers as well as to and from storage devices. Compression
can reduce the number of bits that need to be transferred and stored. However, the runtime
overhead due to compression may be undesirable in high-performance settings
where short communication latencies and high bandwidths are essential. This paper describes
and evaluates a new compression algorithm that is tailored to such environments.
It typically compresses numeric floating-point values better and faster than other algorithms
do. On our data sets, it achieves compression ratios between 1.2 and 4.2 as well
as compression and decompression throughputs between 2.8 and 5.9 million 64-bit double-precision
numbers per second on a 3GHz Pentium 4 machine
paper  comp-sci  compression  algorithms  data  filetype:pdf 
april 2017 by jabley
High Throughput Compression of Double-Precision Floating-Point Data
This paper describes FPC, a lossless compression algorithm for linear streams of 64-bit
floating-point data. FPC is designed to compress well while at the same time meeting the
high throughput demands of scientific computing environments. On our thirteen datasets,
it achieves a substantially higher average compression ratio than BZIP2, DFCM, FSD,
GZIP, and PLMI. At comparable compression ratios, it compresses and decompresses 8
to 300 times faster than the other five algorithms.
paper  comp-sci  compression  algorithms  data  filetype:pdf 
april 2017 by jabley
Gone in Six Characters: Short URLs Considered Harmful for Cloud Services
Modern cloud services are designed to encourage and
support collaboration. To help users share links to online
documents, maps, etc., several services, including cloud
storage providers such as Microsoft OneDrive1
and mapping
services such as Google Maps, directly integrate
URL shorteners that convert long, unwieldy URLs into
short URLs, consisting of a domain such as 1drv.ms or
goo.gl and a short token.
In this paper, we demonstrate that the space of 5- and
6-character tokens included in short URLs is so small
that it can be scanned using brute-force search. Therefore,
all online resources that were intended to be shared
with a few trusted friends or collaborators are effectively
public and can be accessed by anyone. This leads to serious
security and privacy vulnerabilities.
In the case of cloud storage, we focus on Microsoft
OneDrive. We show how to use short-URL enumeration
to discover and read shared content stored in the
OneDrive cloud, including even files for which the user
did not generate a short URL. 7% of the OneDrive accounts
exposed in this fashion allow anyone to write into
them. Since cloud-stored files are automatically copied
into users’ personal computers and devices, this is a vector
for large-scale, automated malware injection.
In the case of online maps, we show how short-URL
enumeration reveals the directions that users shared with
each other. For many individual users, this enables inference
of their residential addresses, true identities, and
extremely sensitive locations they visited that, if publicly
revealed, would violate medical and financial privacy.
url  security  attack  paper  filetype:pdf  shortening 
november 2016 by jabley
HyParView: a membership protocol for reliable gossip-based broadcast
Gossip, or epidemic, protocols have emerged as a powerful strategy to implement highly
scalable and resilient reliable broadcast primitives. Due to scalability reasons, each participant
in a gossip protocol maintains a partial view of the system. The reliability of the gossip
protocol depends upon some critical properties of these views, such as degree distribution and
clustering coefficient.
Several algorithms have been proposed to maintain partial views for gossip protocols. In
this paper, we show that under a high number of faults, these algorithms take a long time to
restore the desirable view properties. To address this problem, we present HyParView, a new
membership protocol to support gossip-based broadcast that ensures high levels of reliability
even in the presence of high rates of node failure. The HyParView protocol is based on a
novel approach that relies in the use of two distinct partial views, which are maintained with
different goals by different strategies.
distributed-systems  algorithms  engineering  gossip  paper  filetype:pdf 
november 2016 by jabley
Understanding Manycore Scalability of File Systems
We analyze the manycore scalability of five widelydeployed
file systems, namely, ext4, XFS, btrfs, F2FS,
and tmpfs, by using our open source benchmark suite,
FXMARK. FXMARK implements 19 microbenchmarks
to stress specific components of each file system and
includes three application benchmarks to measure the
macroscopic scalability behavior. We observe that file
systems are hidden scalability bottlenecks in many I/Ointensive
applications even when there is no apparent
contention at the application level. We found 25 scalability
bottlenecks in file systems, many of which are
unexpected or counterintuitive. We draw a set of observations
on file system scalability behavior and unveil several
core aspects of file system design that systems researchers
must address.
filetype:pdf  paper  filesystem  unix  performance  multi-core  modern  2016  btrfs  ext4  xfs 
november 2016 by jabley
Optimizing TLS for High–Bandwidth Applications in FreeBSD
Transport Layer Security (TLS) is becoming increasingly
desirable and necessary in the modern Internet.
Unfortunately it also induces heavy penalties on application
CPU performance for both the client and server. In this paper
we examine the server-side performance implications on CPU
computational and data-movement overhead when enabling TLS
on Netflix’s OpenConnect Appliance (OCA [1]) network. We then
explore enhancements to FreeBSD to reduce the costs that TLS
adds when serving high volumes of video traffic. Finally we
describe recent changes and future improvements to FreeBSD’s
OpenCrypto Framework that can be used to further improve
performance
netflix  https  paper  freebsd  performance  filetype:pdf 
august 2016 by jabley
Monads for functional programming
The use of monads to structure functional programs is described.
Monads provide a convenient framework for simulating effects
found in other languages, such as global state, exception handling, output,
or non-determinism. Three case studies are looked at in detail: how
monads ease the modification of a simple evaluator; how monads act as
the basis of a datatype of arrays subject to in-place update; and how
monads can be used to build parsers.
functional  monads  monad  programming  paper  comp-sci  cs  filetype:pdf  functional-programming  haskell 
july 2016 by jabley
MacroBase: Prioritizing Attention in Fast Data
As data volumes continue to rise, manual inspection is becoming
increasingly untenable. In response, we present MacroBase, a data
analytics engine that prioritizes end-user attention in high-volume
fast data streams. MacroBase enables efficient, accurate, and modular
analyses that highlight and aggregate important and unusual
behavior, acting as a search engine for fast data. MacroBase is
able to deliver order-of-magnitude speedups over alternatives by
optimizing the combination of explanation and classification tasks
and by leveraging a new reservoir sampler and heavy-hitters sketch
specialized for fast data streams. As a result, MacroBase delivers
accurate results at speeds of up to 2M events per second per query
on a single core. The system has delivered meaningful results in
production, including at a telematics company monitoring hundreds
of thousands of vehicles.
filetype:pdf  paper  monitoring  iot  bailis  telemetry 
may 2016 by jabley
Lineage-driven Fault Injection
Failure is always an option; in large-scale data management systems,
it is practically a certainty. Fault-tolerant protocols and components
are notoriously difficult to implement and debug. Worse
still, choosing existing fault-tolerance mechanisms and integrating
them correctly into complex systems remains an art form, and programmers
have few tools to assist them.
We propose a novel approach for discovering bugs in fault-tolerant
data management systems: lineage-driven fault injection. A lineagedriven
fault injector reasons backwards from correct system outcomes
to determine whether failures in the execution could have
prevented the outcome. We present MOLLY, a prototype of lineagedriven
fault injection that exploits a novel combination of data lineage
techniques from the database literature and state-of-the-art
satisfiability testing. If fault-tolerance bugs exist for a particular
configuration, MOLLY finds them rapidly, in many cases using an
order of magnitude fewer executions than random fault injection.
Otherwise, MOLLY certifies that the code is bug-free for that configuration.
testing  paper  netflix  distributedsystems  filetype:pdf 
may 2016 by jabley
TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems
TensorFlow [1] is an interface for expressing machine learning
algorithms, and an implementation for executing such algorithms.
A computation expressed using TensorFlow can be
executed with little or no change on a wide variety of heterogeneous
systems, ranging from mobile devices such as phones
and tablets up to large-scale distributed systems of hundreds
of machines and thousands of computational devices such as
GPU cards. The system is flexible and can be used to express
a wide variety of algorithms, including training and inference
algorithms for deep neural network models, and it has been
used for conducting research and for deploying machine learning
systems into production across more than a dozen areas of
computer science and other fields, including speech recognition,
computer vision, robotics, information retrieval, natural
language processing, geographic information extraction, and
computational drug discovery. This paper describes the TensorFlow
interface and an implementation of that interface that
we have built at Google. The TensorFlow API and a reference
implementation were released as an open-source package under
the Apache 2.0 license in November, 2015 and are available at
www.tensorflow.org.
machine-learning  google  paper  filetype:pdf 
may 2016 by jabley
« earlier      
per page:    204080120160

Copy this bookmark:





to read