USENIX Multimedia
Audio and video of USENIX conference presentations are freely available to everyone, in MP3 format for audio and MP4 format for video.
Browse media by year:
2008: FAST | NSDI | USENIX | Security | LISA
2007: FAST | NSDI | USENIX | Security | LISA
2009
NSDI '09
Refereed Papers
TrInc: Small Trusted Hardware for Large Distributed Systems
Sybil-Resilient Online Content Voting
Bunker: A Privacy-Oriented Platform for Network Tracing
Flexible, Wide-Area Storage for Distributed Systems with WheelFS
PADS: A Policy Architecture for Distributed Storage Systems
Sora: High Performance Software Radio Using General Purpose Multi-core Processors
Enabling MAC Protocol Implementations on Software-Defined Radios
AntFarm: Efficient Content Distribution with Managed Swarms
HashCache: Cache Storage for the Next Billion
iPlane Nano: Path Prediction for Peer-to-Peer Applications
Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults
Zeno: Eventually Consistent Byzantine-Fault Tolerance
Modeling and Emulation of Internet Paths
MODIST: Transparent Model Checking of Unmodified Distributed Systems
CrystalBall: Predicting and Preventing Inconsistencies in Deployed Distributed Systems
Tolerating Latency in Replicated State Machines Through Client Speculation
Cimbiosys: A Platform for Content-based Partial Replication
RPC Chains: Efficient Client-Server Communication in Geodistributed Systems
Studying Spamming Botnets Using Botlab
Not-a-Bot: Improving Service Availability in the Face of Botnet Attacks
BotGraph: Large Scale Spamming Botnet Detection
Unraveling the Complexity of Network Management
NetPrints: Diagnosing Home Network Misconfigurations Using Shared Knowledge
Somniloquy: Augmenting Network Interfaces to Reduce PC Energy Usage
Skilled in the Art of Being Idle: Reducing Energy Waste in Networked Systems
Wishbone: Profile-based Partitioning for Sensornet Applications
Softspeak: Making VoIP Play Well in Existing 802.11 Deployments
Block-switched Networks: A New Paradigm for Wireless Transport
NetReview: Detecting When Interdomain Routing Goes Wrong
FAST '09 [Return to Top]
Invited Talk
Keynote Address:
Cloud Storage FUD (Failure, Uncertainty, and Durability)
Watch the MP4 video!Failure and uncertainty play a key role when engineering a general purpose online storage system to be durable, available, scalable, and cost effective. I'll share some of the uncertainty we've encountered and the impact of that uncertainty on the design of the system. I'll also cover some of the hardware and network failures we've encountered, others that we anticipate occurring, and how we've engineered Amazon S3 to be resilient to them.
Refereed Papers
The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance
Enabling Transactional File Access via Lightweight Kernel Extensions
Understanding Customer Problem Troubleshooting from Storage System Logs
DIADS: Addressing the "My-Problem-or-Yours" Syndrome with Integrated SAN and Database Diagnosis
Dynamic Resource Allocation for Database Servers Running on Virtual Storage
PARDA: Proportional Allocation of Resources for Distributed Storage Access
CA-NFS: A Congestion-Aware Network File System
Sparse Indexing: Large Scale, Inline Deduplication Using Sampling and Locality
Generating Realistic Impressions for File-System Benchmarking
Capture, Conversion, and Analysis of an Intense NFS Workload
Spyglass: Fast, Scalable Metadata Search for Large-Scale Storage Systems
Perspective: Semantic Data Management for the Home
BORG: Block-reORGanization for Self-optimizing Storage Systems
HYDRAstor: A Scalable Secondary Storage
Smoke and Mirrors: Reflecting Files at a Geographically Remote Location Without Loss of Performance
Cumulus: Filesystem Backup to the Cloud
WorkOut: I/O Workload Outsourcing for Boosting RAID Reconstruction Performance
A Performance Evaluation and Examination of Open-Source Erasure Coding Libraries for Storage
Tiered Fault Tolerance for Long-Term Integrity
A Systematic Approach to System State Restoration during Storage Controller Micro-Recovery
CLIC: CLient-Informed Caching for Storage Servers
Minuet: Rethinking Concurrency Control in Storage Area Networks
2008
LISA '08 [Return to Top]
Invited Talks
Keynote Address:
Implementing Intellipedia Within a "Need to Know" Culture
Sean will share the technical and cultural changes underway at the CIA involving the adoption of wikis, blogs, and social bookmarking tools. In 2005, Dr. Calvin Andrus published The Wiki and The Blog: Toward a Complex Adaptive Intelligence Community. Three years later, a vibrant and rapidly growing community has transformed how the CIA aggregates, communicates, and organizes intelligence information. These tools are being used to improve information sharing across the U.S. intelligence community by moving information out of traditional channels.
Integrating Linux (and UNIX and Mac) Identity Management in Microsoft Active Directory
If you have a mixed environment, some of these might be on your must-do list: centralizing authentication, access control and policy management in Microsoft AD, using the Group Policy features of Active Directory for Linux management, delivering SSO to your users, and complying with government regulations. How can you pull it all off? We'll discuss the challenges, as well as explore the various options both in the public domain and from commercial providers and discuss their requirements and capabilities. The questions we'll answer include: Why would I want to integrate Linux with Active Directory? What are the issues (e.g., compatibility and maintenance, capabilities, integration, organizational impediments, cost)? What are the choices in terms of technology requirements and components?
Programming the Virtual Infrastructure
With the use of virtualization, changes in a computing infrastructure no longer require physical intervention: the capacity of the virtual machines, their attached disks, and their network connections can all be changed by software. The challenges of configuring this infrastructure have some interesting analogies with the task of programming the first computers—and the whole new discipline of software engineering was needed to fully exploit their power. What does this mean for today's system administrator?
Once users have figured out that their computers are slow, there is an uphill battle to improve the performance and at the same time lose that slowness image. In this talk I will report on the development of a Perl-based system for passive application monitoring for a large Swiss telecom company. The system keeps track of hundreds of different performance metrics. Running on over 1,000 client workstations, several gigabytes of performance data are gathered each week and stored in a central PostgreSQL database. An Ajax-enabled Web application allows users to explore, compare, and investigate performance data. Hear how investigating performance problems has turned from random guesswork into a clearly defined process, based on objective measurements rather than rumors.
How to Stop Hating MySQL: Fixing Common Mistakes and Myths
If you find yourself muttering "MySQL is awful," you cannot miss this session. Many common-sense approaches backfire when applied to schemas and queries in MySQL. Sheeri K. Cabral of The Pythian Group will explain why that happens and how to think about designing, tuning, and optimizing MySQL, so you can save your hate for more important things, such as vi vs. emacs discussions. There will be plenty of time, so feel free to ask any questions, particularly about query and schema optimization (actual or in the abstract).
Does Your House Have Lions? Controlling for the Risk from Trusted Insiders
How do you control for risk from trusted insiders? The nature of the job that system/network/database administrators, application developers, operations center staff, etc., do pretty much requires them to have privileged access to your infrastructure. That very privilege means rogues among such individuals can both do great damage and cover their tracks, so how do you protect your information? This talk proposes a practical, technology-neutral approach to trusted insider controls that adapts readily to your business practices and has proven itself over years of production usage.
Spine: Automating Systems Configuration and Management
Spine is Ticketmaster's in-house configuration management system, which was recently released to the community via GPL. Spine contributes significantly to our ability to manage 4,000+ globally distributed systems with a relatively small team of system administrators. This talk will focus on the tools and methods used to achieve this.
Many conventional systems provisioning tools involve the use of images and do not deal with sustained management. We, however, rely on OS-supplied provisioning tools to perform the initial bootstrap, after which Spine is deployed and used to apply system-specific configuration. We use Spine for the day-to-day management of our infrastructure, including the rollout of new applications and validating/enforcing the consistency of a given configuration across an essentially infinite number of instances.
Plenary Session: Reconceptualizing Security
Security is both a feeling and a reality. You can feel secure without actually being secure and you can be secure even though you don't feel secure. We tend to discount the feeling in favor of the reality, but they're both important. The divergence between the two explains why we have so much security theater and why so many smart security solutions go unimplemented. Several different fields—behavioral economics, the psychology of decision-making, evolutionary biology—shed light on how we perceive security, risk, and cost. It's only when the feeling and the reality of security converge that we have real security.
Mac OS X: From the Server Room to Your Pocket
This talk will cover the evolution of Mac OS X and its deployment on everything from large servers to embedded platforms. Hardware trends and some of the challenges they present for Apple and the industry as a whole, as well as some of the challenges facing UNIX, will be discussed.
An Open Audit of an Open Certification Authority
How does a lightweight community Certificate Authority ("CA") engage in the heavyweight world of PKI and secure browsing?With the introduction of Public Key Infrastructure , the Internet security framework rapidly became too complex for individuals and small groups to deal with, and the audit stepped into the gulf to provide a kinder face, in the form of a simple opinion or judgment call. This talk tracks the systems audit of CAcert, an open-membership CA, as a case study in auditing versus the open Internet, community versus professionalism, quality versus enthusiasm. It will look at how CAcert found itself at this point and then will walk through some big-ticket items, such as risks, assurance, disputes, privacy, and security. Can CAcert deliver on its goal of free certs?
OpenSolaris and the Direction of Future Operating Systems
This presentation will discuss the currently available OpenSolaris distribution, which is based on Solaris and provides a new installation, patch, and package system. It offers improved familiarity for developers coming from a Linux environment, with the goal of providing a capable platform for creating applications. Computing requirements are changing and future operating systems (not just OpenSolaris) will have to be capable of handling large memory, high hardware thread counts, and high-performance networking, while adding security, scalable storage management, and virtualization and making new classes of large-scale applications possible.
Lack of visibility into UNIX file share data use and poor access control have been a reality since the inception of UNIX almost 40 years ago. Today, data governance initiatives are providing companies with the framework and means to obtain a consistent, enterprise-wide view of their data, to improve data security, to create a continuous audit trail, and to take significant steps toward compliance and risk reduction. Join Raphael Reich for an insightful session that will provide information on how technologies that actualize the tenets of data governance can simplify the process of auditing UNIX file systems and prevent the misuse of an organization's confidential data. We will also discuss the importance of managing access controls and how to integrate a comprehensive data governance framework into the UNIX environment.
WTFM: Documentation and the System Administrator
Most system administrators fear and hate documentation, both writing and reading it. This presentation attempts to alleviate that frustration by explaining why system administration documentation is important, showing how to resolve common documentation problem areas using real-world examples, and describing how to improve product documentation from your company and from companies that make products you use.
Spam is a problem for any mail administrator. Dealing with spam consumes time, bandwidth, and disk space. This talk will introduce pf and show you how it can be used to greatly reduce the spam that gets to your mail server. pf will both reduce the load on your mail server and reduce the amount of spam received. This solution will work with any mail server and requires no changes to your existing mail server configuration.
Plenary Session: The State of Electronic Voting, 2008
As electronic voting has seen a surge in growth in the U.S. in recent years, controversy has swirled. Are these systems trustworthy? Can we rely upon them to count our votes? In this talk, I will discuss what is known and what isn't. I will survey some of the most important developments and analyses of voting systems, including the groundbreaking top-to-bottom review commissioned by California Secretary of State Debra Bowen last year. I will take stock of where we stand today, the outlook for the future, and the role that technologists can play in improving elections.
Work-in-Progress Reports (WiPs)
The Work-in-Progress reports (WiPs) session offers short presentations about research in progress, new results, or timely topics.
Deterministic System Administration
The vision is clear and seductive: take a modest-sized specification of a computing environment and automatically derive all the stuff you actually need, from DHCP configurations to ordering cables. Is it possible to account for every box, every cable, every RAID box, every volume mounted, every OS deployed? I describe an attempt to do so, fighting the forces of Chaos and Nature, armed only with logical positivism, Ruby, little languages, and sarcasm.
Designing, Building, and Populating a 10-Megawatt Datacenter
10MW isn't anywhere close to the giant datacenters of Yahoo!, Google, Amazon, or Microsoft, but they usually have large teams of people at multiple locations and often none of them are sysadmins. This talk will give you the system administrator's perspective, since I was heavily involved in many phases of the design, evaluation, and build process. We'll talk about compute density, things that inhibit it, cooling, power and power distribution, machine planning, and supporting large and dynamic HPC clusters. How many kW can you fit in a rack? Just because you can, should you? What sorts of redundancy should you build in? How do you talk to site electricians? We've looked at these questions and more, arriving at some conclusions that could help you.
Lunchtime Talk: "Standard Deviations" of the "Average" System Administrator
The nice thing about standards is that there are so many of them from which to choose. System administrators often function according to "personal standards" that are in fact not standards at all. By comparison, electricians and plumbers adhere to strict quality standards that are externally verifiable. Compliance with standards (and a way to certify compliance) goes beyond certifying the administrator to certifying each site for compliance. Should there be standards for system administration? What current standards are there? Are they relevant? What might future standards look like? What would be the costs and would they be worth the trouble? I will discuss potential answers to these questions and solicit alternative views from the audience. I will explain why I believe that if we are to be respected as a guild of craftspeople, we must learn—like electricians and plumbers—to utilize standards strategically and effectively to uplift the profession and encourage respect for its practitioners.
System Administration and the Economics of Plenty
Over the years IT resources (disk space, CPU, bandwidth) have gone from being scarce to being nearly infinitely plentiful. Why do our IT policies still reflect the days of scarcity? Seeing the world in terms of "the economics of plenty" brings about a paradigm shift that changes the way we treat our users, manage our systems, and take care of ourselves. Tom will discuss how this change in thinking can improve IT policies and practices and will present his thoughts on why the open source movement depends on this paradigm shift.
Inside DreamWorks Animation Studios: A Look at Past, Present, and Future Challenges
This talk will share some insights into the DreamWorks Animation Studios, starting with a short history. We'll explore the challenges of balancing custom work-flow expectations, HPC compute requirements, the "10 billion files" dilemma, and bending the rules of physics and latency, all without losing our artistic roots. We'll explain what we've done to make technology—advanced and traditional—invisible in a workplace filled with scientists whose right brains are bigger than their left, and what it's like to run over 2,000 Linux desktops being used by artists on a full-time basis. We will engage the audience in a debate on the merits of globalized computing, very high density computing, and storage clusters, suggesting new ideas about how to overcome these barriers.
Beyond VDI: Why Thin Client Computing and Virtual Desktop Infrastructures Aren't Cutting It
The advent of thin client computing and Virtual Desktop Infrastructure (VDI) revitalized computing by enabling applications, remote desktops, and even virtual machines to be run on centralized servers in a datacenter. Wracked by performance, cost, and delivery issues, however, neither approach is cut out to solve the problem of managing multiple desktops within an organization. Come hear about the rise of a streamed virtual desktop approach that allows IT departments to manage and deploy secure desktops that run across multiple hardware and operating systems while working online or offline.
The LISA Quiz Show is back! Closing this year's conference, the LISA Quiz Show will pit teams of attendees against each other in a test of technical knowledge and cultural trivia. This year Jeremy Allison will bring his acclaimed game show hosting skills to the table, assuring a LISA Quiz Show unlike any other.
Refereed Papers
Session: Virtualization
Storm: Weathering Network and Electrical Surges Using Virtualization
IZO: Applications of Large-Window Compression to Virtual Machine Management
Portable Desktop Applications Based on P2P Transportation and Virtualization
Session: On the Wire
Topnet: A Network-aware top(1)
Fast Packet Classification for Snort
USENIX Security '08 [Return to Top]
Keynote Address:
Dr. Strangevote or: How I Learned to Stop Worrying and Love the Paper Ballot
Political DDoS: Estonia and Beyond
In the spring of 2007, the country of Estonia suffered a deluge of distributed denial of service (DDoS) attacks, coordinated to coincide with street-level protests. These attacks caused nationwide problems for the heavily wired country of Estonia and did so again when they recurred in early 2008. These attacks were not the first such politically motivated attacks and they will certainly not be the last. This talk explores the world of DDoS attacks and their growing role as an online political weapon. It also covers how Arbor Networks measured the Estonia attacks, how other attacks are measured, and what these attacks mean for the Internet at large.
Building the Successful Security Software Company
Ted will discuss the security market, past and present. He will review what it takes to succeed in building a company and will look at current opportunities. Ted will also share with the audience a few of his successes.
In a field with few design principles ("defense in depth"? separate duties?), few rules of thumb, no laws named after people more influential than Murphy, no Plancks or Avogadros to hold Constant, and little quantification of any sort (we count only bad things), it appears the best we can do right now is to tell stories.
Over (enough) beer we conjure up lightly anonymized war stories about late-night phone calls, scary devices, hard-to-find bugs that exploiters somehow found, the backups that didn't, stupid criminals, craven prosecutors, cute hacks ("but don't try this at home"), and pointy-haired bosses. . . . There will be a few of these in this talk, but also some cautionary tales and parables—isomorphs of the Old Stories demonstrating human frailty and that the Law of Unexpected Consequences operates most strongly near the intersection of Bleeding Edge and Slippery Slope. Also, just a bit about the future.
Security Analysis of Network Protocols
Network security protocols, such as key-exchange and key-management protocols, are notoriously difficult to design and debug. Anomalies and shortcomings have been discovered in standards and proposed standards for a wide range of protocols, including public-key and Diffie-Hellman–based variants of Kerberos, SSL/TLS, and the 802.11i (Wi-Fi2) wireless authentication protocols. Although many of these protocols may seem relatively simple, security protocols must achieve their goals when an arbitrary number of sessions are executed concurrently, and an attacker may use information provided by one session to compromise the security of another.
Since security protocols form the cornerstone of modern secure networked systems, it is important to develop informative, accurate, and deployable methods for finding errors and proving that protocols meet their security requirements. This talk will summarize two methods and discuss some of the case studies carried out over the past several years. One method is a relatively simple automated finite-state approach that has been used by our research group, others, and several years of students in a project course at Stanford to find flaws and develop improvements in a wide range of protocols and security mechanisms. The second method, Protocol Composition Logic (PCL), is a way of thinking about protocols that is designed to make it possible to prove security properties of large practical protocols. The two methods are complemen- tary, since the first method can find errors, but only the second is suitable for proving their absence. The talk will focus on basic principles and examples from the IEEE and IETF standardization process.
Enterprise Security in the Brave New (Virtual) World
The move to virtual machine–based computing platforms is perhaps the most significant change in how enterprise computing systems have been built in the past decade. The benefits of moving to virtual infrastructure are substantial, from ease of management and better server utilization to transparently providing a wide range of services from high availability to backup. Despite this sweeping change, the way that we secure these systems is still largely unchanged from how we secure today's physical systems. We must rethink the way we design security in virtual infrastructure, both to cope with the new challenges it introduces and to take advantage of the opportunities it offers.
I will discuss the growing pains of moving from physical to virtual infrastructure in the network and the dissonance this can cause in operational settings: why simply dropping existing firewalls and NIDS into virtual infrastructure can limit flexibility, how new mechanisms can help overcome these limitations, and why these elements are better off being virtual instead of physical. Next, I will look at how virtual machines can affect host security as techniques such as virtual machine introspection become mainstream and the line between host and network security gets increasingly blurred. Finally, I will look at some of the odder and more interesting capabilities virtual platforms will be offering in the next few years which will offer fertile ground for new research.
Security processes inside most commercial development teams haven't caught up with the growing threat from organized crime groups that are becoming better financed, are relying more on automation to find vulnerabilities, and have figured out how to drive down the cost of launching a significant attack. This talk looks at why the incentive to attack and the ability to find flaws are outpacing practiced application security techniques. It examines how the economics of software attack and defense ("hackernomics") is changing and looks at some interesting outcomes, such as making vulnerability discovery a viable business. The talk will include several live vulnerability demonstrations to illustrate the exploitation vs. prevention dynamics.
A Couple Billion Lines of Code Later: Static Checking in the Real World
This talk describes lessons learned taking an academic tool that "worked fine" in the lab and using it to check billions of lines of code across several hundred companies. Some ubiquitous themes: reality is weird; what one thinks will matter often doesn't; what one doesn't even think to reject as a possibility is often a first-order effect.
Panel:
Setting DNS's Hair on Fire
The Ghost in the Browser and Other Frightening Stories About Web Malware
While the Web provides information and services that enrich our lives in many ways, it has also become the primary vehicle for delivering malware. Once infected with Web-based malware, an unsuspecting user's machine is converted into a productive member of the Internet underground. This talk explores Web-based malware and the infrastructure supporting it, covering an analysis period of almost two years. It describes trends observed in Web server compromises, as well as giving an overview of the life cycle of Web-based malware. The talk shows that Web malware enables a large number of questionable activities, ranging from the exfiltration of sensitive information such as email addresses and credit card information to forming spamming botnets, which are responsible for a significant fraction of the spam currently seen on the Internet.
Managing Insecurity: Practitioner Reflections on Social Costs of Security
Nonprofits and local government have experienced more than their share of breaches and notifications over the past several years. The reasons for this are evident: lots of sensitive information, insufficient IT resources, lack of institutional discipline, etc. Clearly more time and resources at these organizations should be dedicated to security.
I discuss whether even identifying the proper balance is a good deal more difficult for public service organizations than has been widely discussed. Will security concerns affect the adoption of electronic medical records, regional health organizations, and nonprofit work? At what point do needed changes in organizational cultures undermine the public mission? What types of security controls and practices are best suited for service agencies? What kinds of research would most help public services?
Work-in-Progress Reports (WiPs)
The Work-in-Progress reports (WiPs) session offers short presentations about research in progress, new results, or timely topics.
2008 USENIX Annual Technical Conference [Return to Top]
Matthew Melis served for nearly five years as technical lead of the NASA Glenn Ballistic Impact Team for both the Columbia Accident Investigation and NASA's Return to Flight program. In a presentation rich with imagery and high-speed motion pictures, Mr. Melis provides a look into the inner workings of the space shuttle and a behind-the-scenes perspective on the impact analysis and testing conducted to identify the cause of the Columbia accident and enhance safety for NASA's future shuttle missions. In addition, highlights from recent shuttle missions are presented.
Free and Open Source as Viewed by a Processor Developer
Intel designs, builds, and markets microprocessors. We are often viewed as being downstream of the work done by the closed source programming community. In fact, however, long before the term "free and open source" was coined, Intel was working to develop, release, and support software for many of the devices we and other firms design and manufacture. This talk highlights how Intel successfully utilized open source to support industry progress while fulfilling our own strategic corporate objectives.
Our experiences with being "good citizens" were not easy and did not "just happen." We hope that others can learn from both our successes and our failures and take these ideas back to their own firms. I will highlight areas where we at Intel learned from our missteps, ultimately improving our community standing.
The talk does not just look back: some of our open source projects initiated in the past twelve months will be examined, as we believe many in the audience will find them interesting and, we hope, will consider helping improve them.
From Flapping Birds to Space Telescopes: The Modern Science of Origami
The last decade of this past century has been witness to a revolution in the development and application of mathematical techniques to origami, the centuries-old Japanese art of paper-folding. The techniques used in mathematical origami design range from the abstruse to the highly approachable. In this talk I will describe how geometric concepts led to the solution of a broad class of origami folding problems—specifically, the problem of efficiently folding a shape with an arbitrary number and arrangement of flaps—and enabled origami designs of mind-blowing complexity and realism, some of which you'll see, too. As often happens in mathematics, theory developed for its own sake has led to some surprising practical applications. The algorithms and theorems of origami design have shed light on long-standing mathematical questions and have solved practical engineering problems. I will discuss how origami has enabled safer airbags, Brobdingnagian space telescopes, and more.
Millicomputing: The Future in Your Pocket and Your Datacenter
The fastest-moving part of the computer industry is now the compute power and storage capacity of the computers we carry in our pockets. The software we carry in our pockets is also migrating to a full-featured, flexible, and openly programmable operating system. This talk discusses the multicore graphical supercomputer for 2010, which won't burn your leg if you put it in your pocket, and the implications of these changes for both the personal computing space and the enterprise computing/green datacenter space. A millicomputer doesn't need heat-sinks or fans.
The kind of power and storage provided by iPhone-class systems will increase by a factor of four to eight times over the next two years. The component maker roadmaps also show the addition of high-performance 3D graphics, video stream processors, and several GFLOPS of floating-point number crunching within the same 250 milliwatt power budget as today's millicomputer CPUs.
The power envelope of Intel's 64-bit PC-class CPUs is on a collision course with mobile devices over the next few years. Intel is working down into this space to compete with the ARM-based CPUs which currently dominate battery-powered pocket devices.
Each new wave of computing has liberated its users and become more pervasive. In recent history the desktop PC and phone tied to a wired network have been replaced by the wireless laptop and mobile phone. In the next wave, the boundaries between laptop and phone will blur. They will be capable of running the same operating systems and applications and will talk to the same networks. Everyone will be online all the time. How will our lifestyle change? What are the new applications? What is ambient presence?
Datacenter power consumption is a hot topic. By leveraging CPU designs from the world of battery-powered devices and flash-memory-based storage, we can make very cool systems. A single millicomputer draws less than one watt, and enterprise millicomputer arrays provide large numbers of small computing units at a total cost, performance, and power consumption that redefine the limits of what is possible. These systems are being specified as open source hardware by their end users. This talk covers the roadmap of architecture and performance characteristics of millicomputers over the next two years.
Programming DNA: A 2-bit Language for Engineering Biology
Biological engineering does not have to be confined to high-end industry laboratories. A more open culture of biological technology should be fostered. This talk is an effort in that direction: it aims to equip you with basic practical knowledge of biological engineering.
Genetic engineering is now a thirty-year-old technology. For reference, it was over a similar period of time that modern computing machines went from exclusive objects used to design weapons of mass destruction to the now ubiquitous panoply of personal computing devices that support mass communication and construction. Inspired by this and many other examples of overwhelmingly constructive uses of technology by individuals, we have been working over the past five years to develop new tools that will help to make biology easy to engineer. We have also been working to foster a constructive culture of future biological technologists who can reliably and responsibly conceive, develop, and deliver biological technologies that solve local problems.
This talk will introduce current best practice in biological engineering, including an overview of how to order synthetic DNA and how to use and contribute standard biological parts to an open source collection of genetic functions. The talk will also discuss issues of human practice, including biological safety; biological security; ownership, sharing, and innovation in biotechnology; community organization; and perception across many different publics. My hope is that the conference attendees will help me to understand how best to enable an overwhelmingly constructive hacker culture for programming DNA.
Xen and the Art of Virtualization Revisited
This is a talk in three parts. I'll give a summary of the Xen story so far, looking at how Xen made the transition from research project to enterprise software and the many challenges along the way. Next, I'll look at why virtualization is such a hot topic in IT and the failings of common operating systems that have led to this. I'll then look at how Xen has evolved since the 2004 SOSP paper, seeing how paravirtualization and software/hardware co-design have helped reduce the overhead of virtualization.
While the culture of enterprise computing, transaction processing, and Web services has developed, an entirely different culture centering on computing has been evolving in a different ecosystem. Although those in our culture tend to play with the artifacts produced by their culture and those in their culture tend to use the programming languages produced in our culture, in fact the two groups lost contact somewhere in the Colossal Cave and have had little real interaction since.
These cultures are about to be brought together again. The architectural move to multicore, multithreaded chips will require changes in the way games are programmed, while the requirements of scaling in games such as World of Warcraft require the use of distributed systems. As virtual worlds emerge, the distinction between business or scientific systems and games will start to disappear.
During the past two years, I have led a project at Sun Microsystems Laboratories to build a highly scalable, highly concurrent infrastructure for massive-scale online games and virtual worlds. This work has brought us into contact with the culture of games and the inhabitants of that culture. In this talk I will describe some of the ways in which the game world differs from the computing world most of us are used to, and I'll discuss the challenges facing that world that might profitably be approached in a cross-cultural fashion.
Internet Surveillance: Building Our Own Trojan Horse
From its requirement that surveillance capabilities be built into VoIP communications systems to its expansion of warrantless wiretapping into any communications of which one end is "reasonably believed" to be located outside the United States, the U.S. federal government is slowly but steadily extending wiretapping capabilities onto the Internet. This effort is made in the name of national security, but building architected security breaches into a communications network carries real risks. In a world that includes al-Qaeda and Hurricane Katrina, does this increased wiretapping capability make us safer? We will examine what real security needs are in a post-9/11 world.
Using Hadoop for Webscale Computing
Apache Hadoop is an open source implementation of a distributed filesystem and map-reduce programming model combined into one package. Hadoop scales smoothly from tens to thousands of computers. The framework allows engineers to harness the power of these clusters very simply, taking advantage of three major features:
- A reliable, non-hardware-based distributed filesystem: Hadoop DFS runs on any number of nodes, taking advantage of their combined storage to manage replication and recovery from failure.
- A simple, functional programming model: Hadoop Map-Reduce is a parallelized implementation of a very simple programming methodology first popularized by the functional programming group in the 1970s.
- Infrastructure to aid in the automation of job execution: Hadoop automates bringing user code to the data, and it manages parallel execution and handles node failure.
This talk provides an overview of Apache Hadoop, along with examples of how this infrastructure is being used at Yahoo! and other organizations today.
Google Hacking:
Making Competitive Intelligence Work for You
With more than 200 million searches a day, Google offers users a quick and easy solution to finding information with just a flick of a finger. Today, everything from online newspapers to public documents and search engines is being used to perform competitive intelligence analysis, and it's easier than ever. But how much information is truly available? Can it be used against you and your business? Is it possible to use simple, everyday tools like Google to gain—or forfeit—economic advantage over your competitors?
Current and Next-Generation Digital Forensics
Digital evidence exists on a wide variety of devices, from traditional computers to PDAs, voice recorders, game consoles, and cell phones. This talk provides an introduction to digital forensics, the art (and science) of discovering and preserving digital evidence, from two perspectives: digital investigation and research. The talk covers basic concepts, best practices, common data-hiding techniques, investigative challenges, and what is (and isn't) recoverable. Most important, it examines the major limitations of current-generation tools and discusses next-generation approaches that may help investigators to deal with the ever-increasing size and complexity of forensics targets. These approaches cover a wide spectrum, from applying research in bioinformatics to the use of parallel and distributed architectures, Graphics Processing Units (GPUs), advanced file-carving techniques, and tools for live investigation.
NSDI '08 [ Return to Top]
Xen and the Art of Virtualization Revisited
This is a talk in three parts. I'll give a summary of the Xen story so far, looking at how Xen made the transition from research project to enterprise software and the many challenges along the way. Next, I'll look at why virtualization is such a hot topic in IT and the failings of common operating systems that have led to this. I'll then look at how Xen has evolved since the 2004 SOSP paper, seeing how paravirtualization and software/hardware co-design have helped reduce the overhead of virtualization. In particular, I will look at network interfaces to see how what was once a high-overhead device to virtualize has been tamed.
FAST '08 [Return to Top]
"It's like a fire. You just have to move on": Rethinking Personal Digital Archiving
Many consumers engage in magical thinking when it comes to the long-term fate of their digital stuff. A strategy that hinges on benign neglect coupled with lots of copies seems to be the best we can hope for. Yet if we take a fresh look at what real people do, it becomes possible to reframe personal digital archiving as more than a battle with burgeoning file formats and media obsolescence, and a push toward trusted repositories—"storage in the cloud." I will discuss four pervasive themes of personal digital archiving that have emerged from recent studies and try my best to convince you that this is a problem whose time has come.
Sustainable Information Technology Ecosystem
The next generation of information technology services will be driven by an ecosystem made up of billions of service-oriented handheld devices and thousands of data centers. The IT ecosystem must address the fundamental needs of society while reducing the destruction of available energy when compared to conventional ways of conducting business. This applies in particular to IT services in growth economies where users are eager to use IT to improve the quality of life. To enable "IT as a weapon" for the masses while producing a net-positive impact on the environment, we need to devise a least-material and least-energy approach to IT solutions.
We propose an approach that traces the lifecycle of IT solutions based on the second law of thermodynamics. This "cradle-to-cradle" method calculates the cost in Joules of available energy destroyed to provide a uniform framework to compare the sustainability of IT solutions with respect to conventional approaches. We will probe the design of computer and storage hardware and services in view of inflections in the technologies and their impact from a thermo-mechanical point of view. We will call for a multidisciplinary community to develop a sustainable global IT ecosystem by fusing the least-materials and least-energy approaches.
2007 [Return to Top]
LISA '07 [Return to Top]
CERN's Large Hadron Collider turns on next year, providing high-energy particle collisions for four experiments that, between them, are expected to generate up to 15PB of data per year. After giving a brief introduction to the accelerator and experiments, this talk will outline the associated computing challenges—in particular, cluster management, data storage and distribution, and grid computing—and describe how CERN and the worldwide particle physics community have been preparing to meet them.
The Biggest Game of Clue® You Have Ever Played
It's 3:30 in the morning and your pager is going off. There's a new mystery to be solved and you're the one who's been picked to solve it. That mystery may be a server down or a lost hiker. While the problem spaces are different, the problem-solving techniques are similar. This talk will look at the methodology used in lost person search management: preplanning, event notification and mobilization, team dynamics, objectives, strategy, tactics, investigation, statistical analysis, paperwork, and demobilization. These are all puzzle pieces regardless of the problem space. Can you figure it out?
Prince Caspian on Location: Commodity Hardware and Gaffer Tape
The as yet unreleased Walden/Disney production Prince Caspian was shot on location throughout Europe and New Zealand. While you might expect that a big-budget Hollywood production replete with thousands of SFX shots would have a tightly organized, well-financed, top-notch IT department, the truth might surprise you. Trey Darley saw it all first-hand and will talk about how the Prince Caspian IT department pulled it off using mainly commodity hardware, their wits, and lots of gaffer tape.
Deploying Nagios in a Large Enterprise Environment
This talk will cover scalability issues, security issues, our design and how it has evolved, user acceptance issues, integrating monitoring of proprietary applications, monitoring "closed" devices, high availability/disaster recovery, and lessons learned.
Who's the Boss? Autonomics and New-Fangled Security Gizmos with Minds of Their Own
How do humans stay in the loop when autonomics seems to be pushing them out? What do you do with a system designed to have a mind of its own? Who's responsible when it makes agreements with other systems that may cost your company money? This talk will incorporate the results of interviews with sysadmins working with autonomic systems. I'll share their reflections and my own on the potential impacts of future autonomic systems.
Yes, disk is marvelous, getting inexorably cheaper and bigger. But here's the dark side: How do you attach, configure, and mount tens of TB on a PC? How do you manage the files and back up that data? Worst of all, vast amounts of cheap disk allow users to dream of projects requiring petabytes of disk and ask you to make it happen. This talk will identify most of the serious issues and will describe solutions.
Experiences with Scalable Network Operations at Akamai
Akamai's platform for content delivery and application acceleration consists of over 20,000 servers in over 2,800 locations in 72 countries and over 1000 networks. Providing high levels of performance and reliability without requiring a large network operations team necessitates significant automation. Further challenges are introduced by the highly distributed nature of the Akamai system. We'll discuss some methodologies and systems we have developed for operating the Akamai network.
Using Throttling and Traffic Shaping to Combat Botnet Spam
In this talk, Ken Simpson describes his research into spammer behavior and explains how spammers' impatience can be used for spam suppression. During this talk, you will learn about spammer economics and spammer behavior, get an introduction to connection management, and hear how we have used connection management in some real-world scenarios to reduce spam traffic.
Ganeti: An Open Source Multi-Node HA Cluster Based on Xen
Ganeti is a cluster management tool we built at Google that leverages the power of Xen and other open source software in order to provide a seamless environment in which to manage highly available virtual instances. The talk will focus on what Ganeti provides, what audience it is targeted to, and what the plans for its future are.
Using Throttling and Traffic Shaping to Combat Botnet Spam
In this talk, Ken Simpson describes his research into spammer behavior and explains how spammers' impatience can be used for spam suppression. During this talk, you will learn about spammer economics and spammer behavior, get an introduction to connection management, and hear how we have used connection management in some real-world scenarios to reduce spam traffic.
Homeless Vikings: BGP Prefix Hijacking and the Spam Wars
BGP prefix hijacks take the IP addresses of others and make them your own. This talk provides a chilling account of the current use of prefix hijacks by spammers in a successful effort to defeat RBLs. Placed within the context of the history of the spam wars, this talk makes clear the grim future we face if we continue to escalate the spam wars into the network layer; namely, a future where every spammer on earth can arbitrarily choose and make routable an unallocated IPv4 address (one that the RBLs have never seen) once per day for the next few hundred years or so without ever using the same address twice or ever colliding with any other spammer.
Beyond NAC: What's Your Next Step?
Now that you have adopted Network Access Control, what is your next step? With the NAC market maturing at a rapid rate, most companies have either already implemented NAC or are evaluating it for future deployment. However, there is still much confusion about what is and what isn't NAC. This presentation will clearly outline how NAC is an important security enhancement, and why it is not an end-all security solution. Attendees of this presentation will learn the technology that is required in today's world to ensure network security and effectively mitigate threats.
The Economic Meltdown of Moore's Law and the Green Data Center
The net economic productivity of IT is threatened because server power consumption improvement is occurring at a slower rate than the increase in computer performance. As a result, the enterprise TCO per unit of computing has not been falling nearly as rapidly as senior executives might think. The one-time benefit of killing dead servers and virtualization will defer this new economic reality, but CFOs, CTOs, and CIOs need to change their economic decision models now or risk investing in new applications that can't pay back their real costs.
Hardening Your Systems Against Litigation
Recent amendments to the Federal Rules of Civil Procedure require parties in litigation to make electronically stored information available to the opposing side. Unfortunately, legal and IT departments still don't communicate well with one another. The presentation will include an overview of the parts of the Federal Rules that are relevant to IT professionals and how IT staff should approach their legal department. Some examples of how not to handle a litigation hold will be given, as well as how to prepare one's systems for potential or pending litigation.
Data centers can't be built fast enough to take care of the increases in power consumption and lack of available floor space for numerous companies. Companies are concerned over new environmental legislation being considered and how it will impact their business. If you aren't seeing these issues in your data centers now, you could in the next five years. Hear about what we at Sun have done in our own data centers and how we are trying to approach the problems with a fresh new perspective.
The butterfly effect is traditionally described as the almost imperceptible flap of a butterfly's wings causing changes that result in a tornado being formed (or not!). In information security, a change that seems simple may result in serious vulnerabilities—and as the complexity and interdependence of the environments we manage increase, predicting the effects of apparently innocent actions will become infinitely more challenging. This talk will discuss some notable examples of the butterfly effect in security, as well as giving a brief overview of future hot points to look toward.
There's a field in which people routinely:
- Work well under pressure—improvising and showing great creativity even in the worst of situations
- Create (repeatable!) multi-step procedures that integrate different components into cohesive systems
- Document these procedures so that even total neophytes can understand them
- Train other people to do the same
Nope, not system administration. Sysadmins only wish we could consistently do these things.
All of this stuff is taken for granted in the world of cooking. How the heck do they do it?
David and his lovely assistant Lee Damon will not only tell you how they do it, but will also show you some of how it is done. We'll take a highly entertaining romp through the cooking world to find the tools, techniques, and processes that can be applied to system administration. You'll never look at your food or your field in the same way again.
Keynote Address:
Autonomic Administration: HAL 9000 Meets Gene Roddenberry
How will we enhance network management so that the promise of future technologies and services can be realized? This talk will first provide an introduction to the problems that make network management difficult from the point of view of the practitioner. Then it will examine some exciting new technologies that, when combined, offer a holistic solution that could be used for system administration as well. The talk will conclude with examples from autonomic networking research being done in Motorola Labs that can be used in network and system administration.
Scaling Production Repairs and QA Operations in a Live Environment
Google has seen explosive growth over the years, and this has evidenced itself in the increase in size of the production fleet. As the fleet increases, so do the number of machines both being released and repaired. This talk will cover how, operationally and in many different locations, the methods in which data center work, and the systems that support it, were developed.
A Service-Oriented Data Grid: Beyond Storage Virtualization
The storage industry talks about "virtualization" in static and device-specific contexts, while enterprise IT organizations are under pressure to deliver a range of data "services" to their customers, with a tiered pricing model and verifiable service levels. These disparate producer- and consumer-oriented views of storage leave an implementation gap that must be filled in order to realize the "virtual everything" vision of enterprise grid computing. We will identify key storage and data management trends that are evolving to deliver this service-oriented view of data.
USENIX Security '07 [Return to Top]
The Human Factor in Online Fraud
In this talk, we discuss what impact deceit and misuse have on online security, drawing on examples from phishing, click-fraud, and general privacy intrusions. We believe that a methodology founded on an improved understanding of human behavior—in particular, in the context of deceit—may help anticipate trends and steer the development of structures and heuristics to curb online fraud. Guided by behavioral aspects of security, we consider technical measures to preemptively counter some of the threats we describe. An extended abstract is available at www.human-factor.org.
How to Obtain and Assert Composable Security
This talk motivates and presents the paradigm of Universally Composable security. It then briefly reviews some of the recent research done within this paradigm and on it. Part of this research touches foundational aspects in security and cryptography. Other parts have immediate practical implications.
This talk (based on a book of the same title co-authored by Greg Hoglund) frankly describes controversial security issues surrounding MMORPGs such as World of Warcraft. This no-holds-barred approach is fully loaded with code examples, debuggers, bots, and hacks, of interest whether you are a gamer, a game developer, a software security person, or an interested bystander.
Computer Security in a Large Enterprise
Computer security is one of the most complex challenges facing large enterprises today. Securing a multinational enterprise is a balancing act based on solid risk management and technical solutions in a multifaceted, changing environment. Managing risks without securing the enterprise is meaningless, but is there a one-size-fits-all solution or special technology to secure the organization? Will this solution or technology be cost-effective? What about the intersection between IT security, physical security, and information security? Ultimately, tackling computer security within a large enterprise is more than a technical problem; it must be based on people, process, and technology in order to properly manage risks associated with threats.
The first real viruses for mobile phones were found in June 2004. Since then, scores of different viruses have been found, most of them targeting smartphones running different versions of the Symbian operating system. Many of them are spreading in the wild and have been reported from all continents. These mobile viruses use new spreading vectors such as multimedia messages and Bluetooth and pose special problems for researchers. For example, they can easily escape during analysis as they use radio connections to spread. As total count of known mobile malware is now around 350, we know much more about what types of viruses to expect in the future and about who writes them. We also know what we should do to prevent this niche area from becoming a bigger problem.
It is now quite clear that most electronic voting systems were designed with only minor concern and rudimentary knowledge of computer security. Over the past five years, people with more in-depth knowledge of computer security have helped tremendously in appraising the security of current systems and, to a lesser extent, in improving the security of voting systems. This talk will highlight the ways a computer security perspective might be able to contribute to more trustworthy voting systems, as well as some of the ways that voting is different from other computer security problems.
Report of the California Voting Systems Review
Earlier this year, California Secretary of State Debra Bowen commissioned the University of California to examine 3 voting systems. They found significant security problems in all 3 systems.
Rootkits are backdoor programs that can be placed in a computer without detection. Virus scanners and desktop firewalls are woefully inadequate to stop a rootkit attack, which can go undetected for years. This talk will explain how rootkits are built for Microsoft Windows XP. It will cover detailed technical aspects of rootkit development, such as compilation, loading and unloading, function hooking, paged and nonpaged memory, interrupts, and inline code injections. You'll also learn the technical aspects of the hardware environment, such as interrupt handling, memory paging, and virtual memory address translation. The talk will also cover how to detect rootkits, including runtime integrity checks and detecting hooks of all kinds, such as IRP hooks, SSDT hooks, and IDT hooks.
Covering Computer Security in The New York Times
The MSM gets it wrong, the conventional wisdom goes, because the reporters aren't technically adept but are looking for scare stories to sell newspapers or get ratings. John Schwartz debunks a few myths about the mainstream media and explains that it is possible to write about security and other topics without hype and still keep your job.
2007 USENIX Annual Technical Conference [Return to Top]
The Impact of Virtualization on Computing Systems
This talk describes how virtualization is changing the way computing is done in the industry today and how it is causing users to rethink how they view hardware, operating systems, and application programs. The talk will describe this new view of computing and the benefits driving users to adopt it. The roles of hardware and operating systems will be discussed, along with what changes will be needed to support this new computing model efficiently and simply.
Life Is Not a State-Machine: The Long Road from Research to Production
Traditionally a technology adoption cycle progresses at least 10–15 years before technologies become mature enough for widespread adoption. That time period is dramatically shortened as there is a need for technologies that can satisfy the unlimited appetite for ultra-scalable, highly reliable, high-performance, and cost-efficient software architectures by the top Internet companies. In reality, however, it turns out to be very difficult to speed up the adoption process. In this presentation I will review some of the obstacles that stand in the way of adoption of research results into production environments and will revisit the principles of "worse is better" and Occam's razor in the context of technology transition.
This talk (based on a book of the same title co-authored by Greg Hoglund) frankly describes controversial security issues surrounding MMORPGs such as World of Warcraft. This no-holds-barred approach is fully loaded with code examples, debuggers, bots, and hacks, of interest whether you are a gamer, a game developer, a software security person, or an interested bystander.
Rob Lanphier, Linden Lab's Open Source Busybody, and Mark Lentczner, who directs a software engineering studio at Linden Lab, will talk about the release of the Second Life viewer source code: what that means, what it might mean, and what it doesn't mean. He'll provide a brief overview of the technology and history of Second Life, discuss the astronomical growth in use of Second Life, and explain what Linden Lab is doing to cope with the ever-increasing stress on the system. He'll discuss some key improvements Linden Lab is making in the protocols used by the product—utilizing a Web services model to increase scalability and to decouple versioning between clients and servers, as well as server-to-server communication.
High-performance technical computing stresses computer systems in many ways, from CPU performance to memory systems to inter-system communication. Over the past twelve years, clusters of commodity hardware running Linux have become the most common tool for high-performance computing. However, the dynamics of such applications are often very different from those of applications that drive the design of commodity computer systems, which means that commodity systems may be cheap for computing, but they are not efficient for many technical applications.
This talk will feature a live—but entirely self-contained, and therefore safe!—demonstration of a modern malware attack in action. Gain insight into how the bad guys think and operate, and you learn how better to defend yourself against them. The talk will also examine some of the tricks and techniques that can be used in a malware research lab to get even an apparently complex and heavily obfuscated piece of malware to reveal its secrets in safety.
LiveJournal's Backend Technologies
Hear the history and lessons learned while scaling a community site (LiveJournal.com) from a single server with a dozen friends to hundreds of machines and 10M+ users: what's worked, what hasn't, and all the things we've had to build ourselves that are now in common use thoughout the Web 2.0 world, including memcached, MogileFS, Perlbal, and our job dispatch systems.
MapReduce and Other Building Blocks for Large-Scale Distributed Systems at Google
MapReduce is a programming model and an associated implementation for processing and generating large data sets. Users specify a Map function which processes a key/value pair to generate a set of intermediate key/value pairs, and a Reduce function which merges all intermediate values associated with the same intermediate key. Programs written in this functional style are automatically parallelized and executed on a large cluster of commodity machines. The MapReduce run-time system takes care of the details of partitioning the input data, scheduling the program's execution across a set of machines, handling machine failures, and managing the required inter-machine communication. This allows programmers without any experience with parallel and distributed systems to easily utilize the resources of a large distributed system. Thousands of MapReduce programs have been implemented, and several thousand MapReduce jobs are executed on Google's clusters every day. In this talk I'll describe the design and implementation of MapReduce and other building blocks for large-scale distributed systems at Google.
Perfect Data in an Imperfect World
It is no secret that we are at the dawn of the digital age—our parents (and, for some of us, even our grandparents) have computers, digital cameras, MP3 players, etc. We each have more computing power in our cell phones than the mainframes of 35 years ago had, and everywhere we find data acquisition and tracking systems. Privacy has never been more zealously guarded or more freely abandoned, and with the proliferation of digital data collection and dissemination have come new worries.
Tasks such as image recognition are trivial for humans, but they continue to challenge even the most sophisticated computer programs. This talk introduces a paradigm for utilizing human processing power to solve problems that computers cannot yet solve. Traditional approaches to solving such problems focus on improving software. I advocate a novel approach: constructively channel human brainpower using computer games. For example, the ESP Game, described in this talk, is an enjoyable online game—many people play over 40 hours a week—and when people play, they help label images on the Web with descriptive keywords. These keywords can be used to significantly improve the accuracy of image search. People play the game not because they want to help, but because they enjoy it. The ESP Game has been licensed by a major Internet company and will soon become the basis of their image search engine.
The computing systems that are powering many of today's large-scale Internet services look less like refrigerators and more like warehouses. Designing efficient warehouse-scale computers requires many of the traditional tools and methods developed by computer architects, and some new tricks as well. In this talk I'll describe some of the defining characteristics of these systems, with a focus on failure handling and power management.
Crossing the Digital Divide: The Latest Efforts from One Laptop per Child
This effort emerged as a way to capture the endless momentum of Moore's Law and create a laptop for those far on the other side of the digital divide—the poor children of the world and their families. In fact, the vast majority of the world lives without so many of the things we consider essential, not least of which is access to education and information. This year, we intend to launch with millions of laptops simultaneously in Rwanda, Pakistan, Brazil, Argentina, Uruguay, Libya, Nigeria, and Thailand. The children themselves will own these laptops, which will be distributed to them by the Ministries of Education. They should last for five years and are cheaper than five years' worth of textbooks in the average developing country.
NSDI '07 [Return to Top]
While running an election sounds simple, it is in fact extremely challenging. Not only are there millions of voters to be authenticated and millions of votes to be carefully collected, counted, and stored, there are now millions of "voting machines" containing millions of lines of code to be evaluated for security vulnerabilities. Moreover, voting systems have a unique requirement: the voter must not be given a "receipt" that would allow them to prove how they voted to someone else—otherwise the voter could be coerced or bribed into voting a certain way. This lack of receipts makes the security of voting system much more challenging than, say, the security of banking systems (where receipts are the norm).
FAST '07 [Return to Top]
A System's Hackers Crash Course: Techniques That Find Lots of Bugs in Real (Storage) System Code
This talk describes several effective bug-finding tools we have developed, which exploit not-widely-understood techniques—implementation-level model checking and symbolic execution—focusing on the key intuitions and ideas behind them.
Trends in Managing Data at the Petabyte Scale
The explosive growth in stored data has made petabyte-scale storage infrastructures increasingly common. The scale, growth rate, and increases in regulations related to data storage have imposed a number of non-obvious burdens on data ownership. These trends are driving the need to reorganize the traditional application-centric storage architectures toward a more unified storage infrastructure with new data management paradigms. This reorganization will likely drive a vibrant storage market over the next ten years.
