recentpopularlog in

jabley : paper   219

« earlier  
Everything You Always Wanted to Know About Compiled and Vectorized Queries But Were Afraid to Ask
ract—Online programming discussion platforms such as
Stack Overflow serve as a rich source of information for software
developers. Available information include vibrant discussions
and oftentimes ready-to-use code snippets. Previous research
identified Stack Overflow as one of the most important information sources developers rely on. Anecdotes report that
software developers copy and paste code snippets from those
information sources for convenience reasons. Such behavior
results in a constant flow of community-provided code snippets
into production software. To date, the impact of this behaviour
on code security is unknown.
We answer this highly important question by quantifying
the proliferation of security-related code snippets from Stack
Overflow in Android applications available on Google Play.
Access to the rich source of information available on Stack
Overflow including ready-to-use code snippets provides huge
benefits for software developers. However, when it comes to
code security there are some caveats to bear in mind: Due
to the complex nature of code security, it is very difficult to
provide ready-to-use and secure solutions for every problem.
Hence, integrating a security-related code snippet from Stack
Overflow into production software requires caution and expertise.
Unsurprisingly, we observed insecure code snippets being copied
into Android applications millions of users install from Google
Play every day.
To quantitatively evaluate the extent of this observation, we
scanned Stack Overflow for code snippets and evaluated their
security score using a stochastic gradient descent classifier. In
order to identify code reuse in Android applications, we applied
state-of-the-art static analysis. Our results are alarming: 15.4%
of the 1.3 million Android applications we analyzed, contained
security-related code snippets from Stack Overflow. Out of these
97.9% contain at least one insecure code snippet.
paper  filetype:pdf  comp-sci  research  database  data-structures  compilers  optimisation 
6 weeks ago by jabley
Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security
Online programming discussion platforms such as
Stack Overflow serve as a rich source of information for software
developers. Available information include vibrant discussions
and oftentimes ready-to-use code snippets. Previous research
identified Stack Overflow as one of the most important information sources developers rely on. Anecdotes report that
software developers copy and paste code snippets from those
information sources for convenience reasons. Such behavior
results in a constant flow of community-provided code snippets
into production software. To date, the impact of this behaviour
on code security is unknown.
We answer this highly important question by quantifying
the proliferation of security-related code snippets from Stack
Overflow in Android applications available on Google Play.
Access to the rich source of information available on Stack
Overflow including ready-to-use code snippets provides huge
benefits for software developers. However, when it comes to
code security there are some caveats to bear in mind: Due
to the complex nature of code security, it is very difficult to
provide ready-to-use and secure solutions for every problem.
Hence, integrating a security-related code snippet from Stack
Overflow into production software requires caution and expertise.
Unsurprisingly, we observed insecure code snippets being copied
into Android applications millions of users install from Google
Play every day.
To quantitatively evaluate the extent of this observation, we
scanned Stack Overflow for code snippets and evaluated their
security score using a stochastic gradient descent classifier. In
order to identify code reuse in Android applications, we applied
state-of-the-art static analysis. Our results are alarming: 15.4%
of the 1.3 million Android applications we analyzed, contained
security-related code snippets from Stack Overflow. Out of these
97.9% contain at least one insecure code snippet.
filetype:pdf  paper  security  research  infosec  code  reuse 
6 weeks ago by jabley
Wrappers to the Rescue
Wrappers are mechanisms for introducing new behavior that is executed before and/or after, and perhaps even in lieu of, an existing method. This paper examines several ways to implement wrappers in Smalltalk, and compares their performance. Smalltalk programmers often use Smalltalk’s lookup failure mechanism to customize method lookup. Our focus is different. Rather than changing the method lookup process, we modify the method objects that the lookup process returns. We call these objects method wrappers. We have used method wrappers to construct several program analysis tools: a coverage tool, a class collaboration tool, and an interaction diagramming tool. We also show how we used method wrappers to construct several extensions to Smalltalk: synchronized methods, assertions, and multimethods. Wrappers are relatively easy to build in Smalltalk because it was designed with reflective facilities that allow programmers to intervene in the lookup process. Other languages differ in the degree to which they can accommodate change. Our experience testifies to the value, power, and utility of openness.
paper  comp-sci  reflection  smalltalk 
12 weeks ago by jabley
LSM-based Storage Techniques: A Survey
Recently, the Log-Structured Merge-tree (LSMtree) has been widely adopted for use in the storage layer of
modern NoSQL systems. Because of this, there have been
a large number of research efforts, from both the database
community and the operating systems community, that try
to improve various aspects of LSM-trees. In this paper, we
provide a survey of recent research efforts on LSM-trees so
that readers can learn the state-of-the-art in LSM-based storage techniques. We provide a general taxonomy to classify
the literature of LSM-trees, survey the efforts in detail, and
discuss their strengths and trade-offs. We further survey several representative LSM-based open-source NoSQL systems
and discuss some potential future research directions resulting from the survey
data-structures  lsm  nosql  storage  index  data  rocksdb  leveldb  cassandra  hbase  database  filetype:pdf  comp-sci  paper 
august 2019 by jabley
The Unwritten Contract of Solid State Drives
We perform a detailed vertical analysis of application performance atop a range of modern file systems and SSD FTLs.
We formalize the “unwritten contract” that clients of SSDs
should follow to obtain high performance, and conduct our
analysis to uncover application and file system designs that
violate the contract. Our analysis, which utilizes a highly
detailed SSD simulation underneath traces taken from real
workloads and file systems, provides insight into how to better construct applications, file systems, and FTLs to realize
robust and sustainable performance.
ssd  filetype:pdf  paper  comp-sci  disk  performance  research 
august 2019 by jabley
Programming Satan’s Computer
Cryptographic protocols are used in distributed systems to
identify users and authenticate transactions. They may involve the exchange of about 2–5 messages, and one might think that a program of
this size would be fairly easy to get right. However, this is absolutely not
the case: bugs are routinely found in well known protocols, and years
after they were first published. The problem is the presence of a hostile
opponent, who can alter messages at will. In effect, our task is to program a computer which gives answers which are subtly and maliciously
wrong at the most inconvenient possible moment. This is a fascinating
problem; and we hope that the lessons learned from programming Satan’s computer may be helpful in tackling the more common problem of
programming Murphy’s.
paper  security  infosec  comp-sci  crypto  protocol  design 
june 2019 by jabley
Overcoming the challenges to feedback-directed optimization (Keynote Talk)
Feedback-directed optimization (FDO) is a general term used to describe any technique that alters a program's execution based on tendencies observed in its present or past runs. This paper reviews the current state of affairs in FDO and discusses the challenges inhibiting further acceptance of these techniques. It also argues that current trends in hardware and software technology have resulted in an execution environment where immutable executables and traditional static optimizations are no longer sufficient. It explains how we can improve the effectiveness of our optimizers by increasing our understanding of program behavior, and it provides examples of temporal behavior that we can (or could in the future) exploit during optimization.
paper  comp-sci  compilers  optimisation  performance 
may 2019 by jabley
Reasoning about the Node.js Event Loop using Async Graphs - IEEE Conference Publication
With the popularity of Node.js, asynchronous, event-driven programming has become widespread in server-side applications. While conceptually simple, event-based programming can be tedious and error-prone. The complex semantics of the Node.js event loop, coupled with the different flavors of asynchronous execution in JavaScript, easily leads to bugs. This paper introduces a new model called Async Graph to reason about the runtime behavior of applications and their interactions with the Node.js event loop. Based on the model, we have developed AsyncG, a tool to automatically build and analyze the Async Graph of a running application, and to identify bugs related to all sources of asynchronous execution in Node.js. AsyncG is compatible with the latest ECMAScript language features and can be (de)activated at runtime. In our evaluation, we show how AsyncG can be used to identify bugs in real-world Node.js applications.
paper  node  node.js  asynchronous  debugging  tools 
may 2019 by jabley
Fast Serializable Multi-Version Concurrency Control for Main-Memory Database Systems
Multi-Version Concurrency Control (MVCC) is a widely employed concurrency control mechanism, as it allows for execution modes where readers never block writers. However,
most systems implement only snapshot isolation (SI) instead
of full serializability. Adding serializability guarantees to existing SI implementations tends to be prohibitively expensive.
We present a novel MVCC implementation for main-memory database systems that has very little overhead compared
to serial execution with single-version concurrency control,
even when maintaining serializability guarantees. Updating
data in-place and storing versions as before-image deltas in
undo buffers not only allows us to retain the high scan performance of single-version systems but also forms the basis of our cheap and fine-grained serializability validation
mechanism. The novel idea is based on an adaptation of
precision locking and verifies that the (extensional) writes
of recently committed transactions do not intersect with the
(intensional) read predicate space of a committing transaction. We experimentally show that our MVCC model allows
very fast processing of transactions with point accesses as
well as read-heavy transactions and that there is little need
to prefer SI over full serializability any longer.
comp-sci  database  mvcc  performance  design  architecture  filetype:pdf  paper  serialisability  linearisability 
march 2019 by jabley
EIO: Error Handling is Occasionally Correct
The reliability of file systems depends in part on how
well they propagate errors. We develop a static analysis technique, EDP, that analyzes how file systems and
storage device drivers propagate error codes. Running
our EDP analysis on all file systems and 3 major storage
device drivers in Linux 2.6, we find that errors are often
incorrectly propagated; 1153 calls (13%) drop an error
code without handling it.
We perform a set of analyses to rank the robustness
of each subsystem based on the completeness of its error propagation; we find that many popular file systems
are less robust than other available choices. We confirm that write errors are neglected more often than read
errors. We also find that many violations are not cornercase mistakes, but perhaps intentional choices. Finally,
we show that inter-module calls play a part in incorrect
error propagation, but that chained propagations do not.
In conclusion, error propagation appears complex and
hard to perform correctly in modern systems.
filetype:pdf  paper  comp-sci  filesystem  errors  correctness  error-handling 
march 2019 by jabley
mov is Turing-complete
It is well-known that the x86 instruction set is baroque, overcomplicated, and redundantly redundant. We show just how much fluff
it has by demonstrating that it remains Turing-complete when reduced to just one instruction.
The instruction we choose is mov, which can do both loads
and stores. We use no unusual addressing modes, self-modifying
code, or runtime code generation. Using just this instruction (and
a single unconditional branch at the end of the program to make
nontermination possible), we demonstrate how an arbitrary Turing
machine can be simulated.
computer  x86  comp-sci  filetype:pdf  paper 
march 2019 by jabley
Understanding Real-World Concurrency Bugs in Go
Go is a statically-typed programming language that aims
to provide a simple, efficient, and safe way to build multithreaded software. Since its creation in 2009, Go has matured and gained significant adoption in production and
open-source software. Go advocates for the usage of message passing as the means of inter-thread communication
and provides several new concurrency mechanisms and libraries to ease multi-threading programming. It is important
to understand the implication of these new proposals and the
comparison of message passing and shared memory synchronization in terms of program errors, or bugs. Unfortunately,
as far as we know, there has been no study on Go’s concurrency bugs.
In this paper, we perform the first systematic study on
concurrency bugs in real Go programs. We studied six popular Go software including Docker, Kubernetes, and gRPC.
We analyzed 171 concurrency bugs in total, with more than
half of them caused by non-traditional, Go-specific problems.
Apart from root causes of these bugs, we also studied their
fixes, performed experiments to reproduce them, and evaluated them with two publicly-available Go bug detectors.
Overall, our study provides a better understanding on Go’s
concurrency models and can guide future researchers and
practitioners in writing better, more reliable Go software
and in developing debugging and diagnosis tools for Go.
concurrency  go  bugs  golang  filetype:pdf  paper 
march 2019 by jabley
[1806.00680] Datacenter RPCs can be General and Fast
It is commonly believed that datacenter networking software must sacrifice generality to attain high performance. The popularity of specialized distributed systems designed specifically for niche technologies such as RDMA, lossless networks, FPGAs, and programmable switches testifies to this belief. In this paper, we show that such specialization is not necessary. eRPC is a new general-purpose remote procedure call (RPC) library that offers performance comparable to specialized systems, while running on commodity CPUs in traditional datacenter networks based on either lossy Ethernet or lossless fabrics. eRPC performs well in three key metrics: message rate for small messages; bandwidth for large messages; and scalability to a large number of nodes and CPU cores. It handles packet loss, congestion, and background request execution. In microbenchmarks, one CPU core can handle up to 10 million small RPCs per second, or send large messages at 75 Gbps. We port a production-grade implementation of Raft state machine replication to eRPC without modifying the core Raft source code. We achieve 5.5 microseconds of replication latency on lossy Ethernet, which is faster than or comparable to specialized replication systems that use programmable switches, FPGAs, or RDMA.
datacenter  networking  performance  benchmark  comp-sci  research  paper 
february 2019 by jabley
[no title]
The FoundationDB Record Layer is an open source library
that provides a record-oriented datastore with semantics
similar to a relational database, implemented on top of FoundationDB, an ordered, transactional key-value store. The
Record Layer provides a lightweight, highly extensible way
to store structured data. It offers schema management and a
rich set of query and indexing facilities, some of which are
not usually found in traditional relational databases, such
as nested record types, indexes on commit versions, and indexes that span multiple record types. The Record Layer is
stateless and built for massive multi-tenancy, encapsulating
and isolating all of a tenant’s state, including indexes, into a
separate logical database. We demonstrate how the Record
Layer is used by CloudKit, Apple’s cloud backend service, to
provide powerful abstractions to applications serving hundreds of millions of users. CloudKit uses the Record Layer
to host billions of independent databases, many with a common schema. Features provided by the Record Layer enable
CloudKit to provide richer APIs and stronger semantics, with
reduced maintenance overhead and improved scalability.
filetype:pdf  foundationdb  apple  paper  comp-sci  database  scale  design  experience 
january 2019 by jabley
[no title]
The fastest plans in MPP databases are usually those with
the least amount of data movement across nodes, as data
is not processed while in transit. The network switches
that connect MPP nodes are hard-wired to perform packetforwarding logic only. However, in a recent paradigm shift,
network devices are becoming “programmable.” The quotes
here are cautionary. Switches are not becoming general purpose computers (just yet). But now the set of tasks they can
perform can be encoded in software.
In this paper we explore this programmability to accelerate OLAP queries. We determined that we can offload
onto the switch some very common and expensive query
patterns. Thus, for the first time, moving data through
networking equipment can contribute to query execution.
Our preliminary results show that we can improve response
times on even the best agreed upon plans by more than 2x
using 25 Gbps networks. We also see the promise of linear
performance improvement with faster speeds. The use of
programmable switches can open new possibilities of architecting rack- and datacenter-sized database systems, with
implications across the stack.
filetype:pdf  paper  comp-sci  database  networking  hardware  optimisation  datacenter  design 
january 2019 by jabley
ACLs don't
The ACL model is unable to make correct access decisions for interactions involving more than
two principals, since required information is not retained across message sends. Though this
deficiency has long been documented in the published literature, it is not widely understood. This
logic error in the ACL model is exploited by both the clickjacking and Cross-Site Request
Forgery attacks that affect many Web applications.
filetype:pdf  paper  web  infosec  vulnerability  security 
january 2019 by jabley
Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud
Controlled sharing is fundamental to distributed
systems; yet, on the Web, and in the Cloud, sharing is still
based on rudimentary mechanisms. More flexible, decentralized
cryptographic authorization credentials have not been adopted,
largely because their mechanisms have not been incrementally
deployable, simple enough, or efficient enough to implement
across the relevant systems and devices.
This paper introduces macaroons: flexible authorization credentials for Cloud services that support decentralized delegation
between principals. Macaroons are based on a construction that
uses nested, chained MACs (e.g., HMACs [43]) in a manner that
is highly efficient, easy to deploy, and widely applicable.
Although macaroons are bearer credentials, like Web cookies,
macaroons embed caveats that attenuate and contextually confine
when, where, by who, and for what purpose a target service
should authorize requests. This paper describes macaroons and
motivates their design, compares them to other credential systems,
such as cookies and SPKI/SDSI [14], evaluates and measures a
prototype implementation, and discusses practical security and
application considerations. In particular, it is considered how
macaroons can enable more fine-grained authorization in the
Cloud, e.g., by strengthening mechanisms like OAuth2 [17], and
a formalization of macaroons is given in authorization logic.
web  security  paper  filetype:pdf  authentication  authorisation 
january 2019 by jabley
FUNCTIONAL PEARL Parsing Permutation Phrases
A permutation phrase is a sequence of elements (possibly of different types) in which
each element occurs exactly once and the order is irrelevant. Some of the permutable
elements may be optional. We show a way to extend a parser combinator library
with support for parsing such free-order constructs. A user of the library can easily
write parsers for permutation phrases and does not need to care about checking and
reordering the recognised elements. Possible applications include the generation of
parsers for attributes of XML tags and Haskell’s record syntax.
parsing  filetype:pdf  paper  haskell  functional-programming  combinators 
november 2018 by jabley
The Battle of the Schedulers: FreeBSD ULE vs. Linux CFS
This paper analyzes the impact on application performance
of the design and implementation choices made
in two widely used open-source schedulers: ULE, the
default FreeBSD scheduler, and CFS, the default Linux
scheduler. We compare ULE and CFS in otherwise identical
circumstances. We have ported ULE to Linux, and
use it to schedule all threads that are normally scheduled
by CFS. We compare the performance of a large suite
of applications on the modified kernel running ULE and
on the standard Linux kernel running CFS. The observed
performance differences are solely the result of scheduling
decisions, and do not reflect differences in other subsystems
between FreeBSD and Linux.
There is no overall winner. On many workloads the
two schedulers perform similarly, but for some workloads
there are significant and even surprising differences.
ULE may cause starvation, even when executing
a single application with identical threads, but this
starvation may actually lead to better application performance
for some workloads. The more complex load balancing
mechanism of CFS reacts more quickly to workload
changes, but ULE achieves better load balance in
the long run.
freebsd  linux  kernel  scheduling  comp-sci  comparison  paper  filetype:pdf 
september 2018 by jabley
Putting the “Micro” Back in Microservice
Modern cloud computing environments strive to provide
users with fine-grained scheduling and accounting, as well
as seamless scalability. The most recent face to this trend
is the “serverless” model, in which individual functions,
or microservices, are executed on demand. Popular implementations
of this model, however, operate at a relatively
coarse granularity, occupying resources for minutes at a
time and requiring hundreds of milliseconds for a cold
launch. In this paper, we describe a novel design for
providing “functions as a service” (FaaS) that attempts
to be truly micro: cold launch times in microseconds
that enable even finer-grained resource accounting and
support latency-critical applications. Our proposal is
to eschew much of the traditional serverless infrastructure
in favor of language-based isolation. The result is
microsecond-granularity launch latency, and microsecondscale
preemptive scheduling using high-precision timers.
filetype:pdf  paper  comp-sci  rust  serverless  faas  performance 
september 2018 by jabley
Understanding Architecture Decisions in Context
Many organizations struggle with efficient architecture decision-making
approaches. Often, the decision-making approaches are not articulated or understood.
This problem is particularly evident in large, globally distributed organizations
with multiple large products and systems. The significant architecture
decisions of a system are a critical organization knowledge asset, as well as
a determinant of success. However, the environment in which decisions get
made, recorded, and followed-up on often confounds rather than helps articulation
and execution of architecture decisions. This paper looks at aspects of architecture
decision-making, drawing from an industry-based case study. The data
represents findings from a qualitative case study involving a survey and three
focus groups across multiple organizations in a global technology company. Architects
in this organization are responsible for multiple products and systems,
where individual products can include up to 50+ teams. The impact is not just on
others in the system; architecture decisions also impact other decisions and other
architects. The findings suggest recommendations for organizations to improve
how they make and manage architecture decisions. In particular, this paper notes
the relevance of group decision-making, decision scope, and social factors such
as trust in effective architecture decision-making.
filetype:pdf  paper  architecture  software  decisions  context 
august 2018 by jabley
Erays: Reverse Engineering Ethereum’s Opaque Smart Contracts
Interacting with Ethereum smart contracts can have potentially
devastating financial consequences. In light of
this, several regulatory bodies have called for a need to
audit smart contracts for security and correctness guarantees.
Unfortunately, auditing smart contracts that do
not have readily available source code can be challenging,
and there are currently few tools available that aid in
this process. Such contracts remain opaque to auditors.
To address this, we present Erays, a reverse engineering
tool for smart contracts. Erays takes in smart contract
from the Ethereum blockchain, and produces high-level
pseudocode suitable for manual analysis. We show how
Erays can be used to provide insight into several contract
properties, such as code complexity and code reuse in
the ecosystem. We then leverage Erays to link contracts
with no previously available source code to public source
code, thus reducing the overall opacity in the ecosystem.
Finally, we demonstrate how Erays can be used for
reverse-engineering in four case studies: high-value multisignature
wallets, arbitrage bots, exchange accounts, and
finally, a popular smart-contract game, Cryptokitties. We
conclude with a discussion regarding the value of reverse
engineering in the smart contract ecosystem, and how
Erays can be leveraged to address the challenges that lie
ahead
infosec  security  filetype:pdf  paper  toread  contracts  ethereum  cryptocurrency  vm  reverse-engineering 
august 2018 by jabley
So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users
It is often suggested that users are hopelessly lazy and
unmotivated on security questions. They chose weak
passwords, ignore security warnings, and are oblivious
to certificates errors. We argue that users’ rejection
of the security advice they receive is entirely rational
from an economic perspective. The advice offers to
shield them from the direct costs of attacks, but burdens
them with far greater indirect costs in the form of effort.
Looking at various examples of security advice we find
that the advice is complex and growing, but the benefit
is largely speculative or moot. For example, much of the
advice concerning passwords is outdated and does little
to address actual treats, and fully 100% of certificate
error warnings appear to be false positives. Further, if
users spent even a minute a day reading URLs to avoid
phishing, the cost (in terms of user time) would be two
orders of magnitude greater than all phishing losses.
Thus we find that most security advice simply offers a
poor cost-benefit tradeoff to users and is rejected. Security
advice is a daily burden, applied to the whole
population, while an upper bound on the benefit is the
harm suffered by the fraction that become victims annually.
When that fraction is small, designing security
advice that is beneficial is very hard. For example, it
makes little sense to burden all users with a daily task
to spare 0.01% of them a modest annual pain.
security  infosec  usability  paper  filetype:pdf  economics  time  risk 
august 2018 by jabley
Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer
Operating systems provide various inter-process communication
(IPC) mechanisms. Software applications typically
use IPC for communication between frontend and
backend components, which run in different processes
on the same computer. This paper studies the security
of how the IPC mechanisms are used in PC, Mac and
Linux software. We describe attacks where a nonprivileged
process impersonates the IPC communication endpoints.
The attacks are closely related to impersonation
and man-in-the-middle attacks on computer networks but
take place inside one computer. The vulnerable IPC
methods are ones where a server process binds to a name
or address and waits for client communication. Our results
show that application developers are often unaware
of the risks and secure practices in using IPC. We find attacks
against several security-critical applications including
password managers and hardware tokens, in which
another user’s process is able to steal and misuse sensitive
data such as the victim’s credentials. The vulnerabilities
can be exploited in enterprise environments with
centralized access control that gives multiple users remote
or local login access to the same host. Computers
with guest accounts and shared computers at home are
similarly vulnerable.
paper  filetype:pdf  infosec  password-manager  vulnerability  security 
august 2018 by jabley
Ironies of Automation
This paper discusses the ways in which automation of
industrial processes may expand rather than eliminate problems
with the human operator. Some comments will be made on
methods of alleviating these problems within the "classic'
approach of leaving the operator with responsibility for
abnormal conditions, and on the potential for continued use of
the human operator for on-line decision-making within
human-computer collaboration.
automation  filetype:pdf  paper  human-factors  study  people  control-engineering  allspaw 
may 2018 by jabley
Scalability! But at what COST?
We offer a new metric for big data platforms, COST,
or the Configuration that Outperforms a Single Thread.
The COST of a given platform for a given problem is the
hardware configuration required before the platform outperforms
a competent single-threaded implementation.
COST weighs a system’s scalability against the overheads
introduced by the system, and indicates the actual
performance gains of the system, without rewarding systems
that bring substantial but parallelizable overheads.
We survey measurements of data-parallel systems recently
reported in SOSP and OSDI, and find that many
systems have either a surprisingly large COST, often
hundreds of cores, or simply underperform one thread
for all of their reported configurations.
benchmark  coding  performance  big-data  scalability  paper  filetype:pdf  economics 
april 2018 by jabley
Deluge
How to generate 2TB/s reflection DDoS data flow via a family network
filetype:pdf  security  memcached  udp  network  attack  amplification  paper  infosec  vulnerability 
march 2018 by jabley
BzTree: A High-Performance Latch-free Range Index for Non-Volatile Memory
Storing a database (rows and indexes) entirely in non-volatile memory
(NVM) potentially enables both high performance and fast
recovery. To fully exploit parallelism on modern CPUs, modern
main-memory databases use latch-free (lock-free) index structures,
e.g. Bw-tree or skip lists. To achieve high performance NVMresident
indexes also need to be latch-free. This paper describes the
design of the BzTree, a latch-free B-tree index designed for NVM.
The BzTree uses a persistent multi-word compare-and-swap operation
(PMwCAS) as a core building block, enabling an index design
that has several important advantages compared with competing
index structures such as the Bw-tree. First, the BzTree is latch-free
yet simple to implement. Second, the BzTree is fast - showing
up to 2x higher throughput than the Bw-tree in our experiments.
Third, the BzTree does not require any special-purpose recovery
code. Recovery is near-instantaneous and only involves rolling back
(or forward) any PMwCAS operations that were in-flight during failure.
Our end-to-end recovery experiments of BzTree report an average
recovery time of 145 µs. Finally, the same BzTree implementation
runs seamlessly on both volatile RAM and NVM, which greatly
reduces the cost of code maintenance.
paper  filetype:pdf  storage  persistent  nvm  data-store  comp-sci 
february 2018 by jabley
CloudKit: Structured Storage for Mobile Applications
CloudKit is Apple’s cloud backend service and application development
framework that provides strongly-consistent storage for structured
data and makes it easy to synchronize data across user devices
or share it among multiple users. Launched more than 3 years ago,
CloudKit forms the foundation for more than 50 Apple apps, including
many of our most important and popular applications such
as Photos, iCloud Drive, Notes, Keynote, and News, as well as
many third-party apps. To deliver this at large scale, CloudKit explicitly
leverages multi-tenancy at the application level as well as at
the user level to guide efficient data placement and distribution. By
using CloudKit application developers are free to focus on delivering
the application front-end and logic while relying on CloudKit
for scale, consistency, durability and security. CloudKit manages
petabytes of data and handles hundreds of millions of users around
the world on a daily basis.
paper  mobile  db  ios  apple  filetype:pdf  cassandra  sharding  scalability 
february 2018 by jabley
Recovering Shared Objects Without Stable Storage
This paper considers the problem of building fault-tolerant shared objects when processes can crash
and recover but lose their persistent state on recovery. This Diskless Crash-Recovery (DCR) model
matches the way many long-lived systems are built. We show that it presents new challenges, as
operations that are recorded at a quorum may not persist after some of the processes in that quorum
crash and then recover.
To address this problem, we introduce the notion of crash-consistent quorums, where no recoveries
happen during the quorum responses. We show that relying on crash-consistent quorums enables
a recovery procedure that can recover all operations that successfully finished. Crash-consistent quorums
can be easily identified using a mechanism we term the crash vector, which tracks the causal
relationship between crashes, recoveries, and other operations.
We apply crash-consistent quorums and crash vectors to build two storage primitives. We give
a new algorithm for multi-writer, multi-reader atomic registers in the DCR model that guarantees
safety under all conditions and termination under a natural condition. It improves on the best prior
protocol for this problem by requiring fewer rounds, fewer nodes to participate in the quorum, and
a less restrictive liveness condition. We also present a more efficient single-writer, single-reader
atomic set—a virtual stable storage abstraction. It can be used to lift any existing algorithm from
the traditional Crash-Recovery model to the DCR model. We examine a specific application, state
machine replication, and show that existing diskless protocols can violate their correctness guarantees,
while ours offers a general and correct solution.
paper  filetype:pdf  comp-sci  distributedsystems  consensus  resilience  crash 
october 2017 by jabley
Producing Wrong Data Without Doing Anything Obviously Wrong!
This paper presents a surprising result: changing a seemingly
innocuous aspect of an experimental setup can cause a systems
researcher to draw wrong conclusions from an experiment.
What appears to be an innocuous aspect in the experimental
setup may in fact introduce a significant bias in an
evaluation. This phenomenon is called measurement bias in
the natural and social sciences.
Our results demonstrate that measurement bias is significant
and commonplace in computer system evaluation. By
significant we mean that measurement bias can lead to a performance
analysis that either over-states an effect or even
yields an incorrect conclusion. By commonplace we mean
that measurement bias occurs in all architectures that we
tried (Pentium 4, Core 2, and m5 O3CPU), both compilers
that we tried (gcc and Intel’s C compiler), and most of the
SPEC CPU2006 C programs. Thus, we cannot ignore measurement
bias. Nevertheless, in a literature survey of 133 recent
papers from ASPLOS, PACT, PLDI, and CGO, we determined
that none of the papers with experimental results
adequately consider measurement bias.
Inspired by similar problems and their solutions in other
sciences, we describe and demonstrate two methods, one
for detecting (causal analysis) and one for avoiding (setup
randomization) measurement bias.
paper  filetype:pdf  experiment  bias  measurement 
september 2017 by jabley
Browser Security White Paper
This white paper provides a technical comparison of the security features and attack surface of Google
Chrome, Microsoft Edge, and Internet Explorer. We aim to identify which browser provides the highest level
of security in common enterprise usage scenarios, and show how differences in design and implementation
of various security technologies in modern web browsers might affect their security.
Comparisons are done using a qualitative approach since many issues regarding browser security cannot
easily be quantified. We focus on the weaknesses of different mitigations and hardening features and take
an attacker’s point of view. This should give the reader an impression about how easy or hard it is to attack
a certain browser.
The analysis has been sponsored by Google. X41 D-Sec GmbH accepted this sponsorship on the condition
that Google would not interfere with our testing methodology or control the content of our paper. We
are aware that we could unconsciously be biased to produce results favorable to our sponsor, and have
attempted to eliminate this by being as transparent as possible about our decision-making processes and
testing methodologies.
browser  edge  chrome  ie  web  security  paper  infosec  filetype:pdf 
september 2017 by jabley
Energy Efficiency across Programming Languages
This paper presents a study of the runtime, memory usage
and energy consumption of twenty seven well-known software
languages. We monitor the performance of such languages
using ten different programming problems, expressed
in each of the languages. Our results show interesting findings,
such as, slower/faster languages consuming less/more
energy, and how memory usage influences energy consumption.
We show how to use our results to provide software
engineers support to decide which language to use when
energy efficiency is a concern.
efficiency  language  energy  green  paper  filetype:pdf 
september 2017 by jabley
Keys Under Doormats: mandating insecurity by requiring government access to all data and communications
Twenty years ago, law enforcement organizations lobbied to require data and
communication services to engineer their products to guarantee law enforcement
access to all data. After lengthy debate and vigorous predictions of enforcement
channels “going dark,” these attempts to regulate the emerging Internet were abandoned.
In the intervening years, innovation on the Internet flourished, and law
enforcement agencies found new and more effective means of accessing vastly larger
quantities of data. Today we are again hearing calls for regulation to mandate the
provision of exceptional access mechanisms. In this report, a group of computer
scientists and security experts, many of whom participated in a 1997 study of these
same topics, has convened to explore the likely effects of imposing extraordinary
access mandates.
We have found that the damage that could be caused by law enforcement exceptional
access requirements would be even greater today than it would have been 20
years ago. In the wake of the growing economic and social cost of the fundamental
insecurity of today’s Internet environment, any proposals that alter the security dynamics
online should be approached with caution. Exceptional access would force
Internet system developers to reverse “forward secrecy” design practices that seek to
minimize the impact on user privacy when systems are breached. The complexity of
today’s Internet environment, with millions of apps and globally connected services,
means that new law enforcement requirements are likely to introduce unanticipated,
hard to detect security flaws. Beyond these and other technical vulnerabilities, the
prospect of globally deployed exceptional access systems raises difficult problems
about how such an environment would be governed and how to ensure that such
systems would respect human rights and the rule of law.
internet  paper  filetype:pdf  pki  security  privacy  escrow  communication  government  industry 
june 2017 by jabley
Identifying HTTPS-Protected Netflix Videos in Real-Time
After more than a year of research and development, Netflix
recently upgraded their infrastructure to provide HTTPS
encryption of video streams in order to protect the privacy of their
viewers. Despite this upgrade, we demonstrate that it is possible to
accurately identify Netflix videos from passive traffic capture in
real-time with very limited hardware requirements. Specifically,
we developed a system that can report the Netflix video being
delivered by a TCP connection using only the information
provided by TCP/IP headers.
To support our analysis, we created a fingerprint database
comprised of 42,027 Netflix videos. Given this collection of
fingerprints, we show that our system can differentiate between
videos with greater than 99.99% accuracy. Moreover, when tested
against 200 random 20-minute video streams, our system
identified 99.5% of the videos with the majority of the
identifications occurring less than two and a half minutes into the
video stream.
filetype:pdf  paper  https  data  leak  tls  security 
april 2017 by jabley
Fast Lossless Compression of Scientific Floating-Point Data
In scientific computing environments, large amounts of floating-point data often need to
be transferred between computers as well as to and from storage devices. Compression
can reduce the number of bits that need to be transferred and stored. However, the runtime
overhead due to compression may be undesirable in high-performance settings
where short communication latencies and high bandwidths are essential. This paper describes
and evaluates a new compression algorithm that is tailored to such environments.
It typically compresses numeric floating-point values better and faster than other algorithms
do. On our data sets, it achieves compression ratios between 1.2 and 4.2 as well
as compression and decompression throughputs between 2.8 and 5.9 million 64-bit double-precision
numbers per second on a 3GHz Pentium 4 machine
paper  comp-sci  compression  algorithms  data  filetype:pdf 
april 2017 by jabley
High Throughput Compression of Double-Precision Floating-Point Data
This paper describes FPC, a lossless compression algorithm for linear streams of 64-bit
floating-point data. FPC is designed to compress well while at the same time meeting the
high throughput demands of scientific computing environments. On our thirteen datasets,
it achieves a substantially higher average compression ratio than BZIP2, DFCM, FSD,
GZIP, and PLMI. At comparable compression ratios, it compresses and decompresses 8
to 300 times faster than the other five algorithms.
paper  comp-sci  compression  algorithms  data  filetype:pdf 
april 2017 by jabley
« earlier      
per page:    204080120160

Copy this bookmark:





to read