Seminars
2008
January
February
March
April
May
June
July
August
September
October
November
December
Archive
2003
2004
2005
2006
2007
|
|
Seminars
-
Wednesday, March 5th, 11:15 AM
Speaker: Nickolai Zeldovich, Stanford University
Title: Building Secure Systems around Information Flow Control
Location: H.O. Schild Pharmacology Lecture Theatre, Department of Medical Sciences, UCL
Abstract:
Today's state of computer security resembles an arms race: the bad
guys are constantly searching for new ways to break in, and being safe
requires staying one step ahead of them in cutting off avenues of attack.
This strategy is simply too risky and too expensive in the long run.
In this talk, I will argue that we need to address security at a much
more fundamental level, and I will show how rethinking the design of
operating systems, network protocols, and hardware can provide a solid
foundation for building applications in a way that does not introduce
vulnerabilities faster than we can fix them.
Much of the challenge stems from the fact that real systems are constantly
evolving, and that most programmers are not security-conscious, resulting
in code rife with bugs that cause security vulnerabilities. Instead of
trying to fix all code, this talk will focus on protecting data, by
controlling how it can move through the system. The key insight is
that data protection cuts across layers: any data in an application
can also be viewed as memory or files by the OS, or as physical pages
by the hardware. Consequently, even data in buggy applications can be
protected by the OS or by hardware, despite the fact that the latter
two are at a much lower level of abstraction.
In particular, I will show how a low-level information flow control
mechanism, provided by a small OS kernel or by hardware, can be used
throughout the system to enforce security ranging from traditional Unix
policies to privacy of user data in a web server built from largely
untrusted code.
Bio:
Nickolai Zeldovich is a postdoc at Stanford University, where he recently
received his Ph.D. Previously he received M.Eng. and S.B. degrees
from MIT. His research interests are in security, operating systems,
and networking.
-
Thursday, March 6th, 2 PM
Speaker: Steve Uhlig, Delft University of Technology
Title: Predicting Internet-wide Routing
Location: Room 6.12, CS Department (Malet Place Engineering Building), UCL
Abstract:
An understanding of the topological structure of the Internet is needed for
quite a number of networking tasks, e.g., making decisions about peering
relationships, choice of upstream providers, inter-domain traffic
engineering.
One essential component of these tasks is the ability to predict routes in
the Internet. However, the Internet is composed of a large number of
independent autonomous systems (ASes) resulting in complex interactions,
and until now no model of the Internet has succeeded in producing
predictions of acceptable accuracy. In this talk, we present our recent
efforts to build models that capture routing diversity and policies in
the Internet, and discuss the predictability of Internet routing.
Bio:
Steve Uhlig obtained his PhD in applied sciences from the University of
Louvain, Belgium, in 2004. Between 2004 and 2006, he was a postdoctoral
fellow of the Belgian National Fund for Scientific Research (FNRS). Since
October 2006, he is an assistant professor at Delft University of Technology,
The Netherlands, in the Network Architectures and Services group. His
research interests are focused on the macroscopic behavior of the Internet,
including routing, traffic engineering, network design and robustness.
-
Monday, March 10th, 2:30 PM
Speaker: Bryan Ford, MIT
Title: Intuitive Global Connectivity for Personal Mobile Devices
Location: Gustave Tuck Lecture Theatre, Wilkins Building, UCL
Abstract:
Network-enabled mobile devices are quickly becoming ubiquitous in the
lives of ordinary people, but current technologies for providing
ubiquitous global connectivity between these devices still require
experts to set up and manage. Users must allocate and maintain global
domain names in order to connect to their devices globally via DNS,
they must allocate a static IP address and run a home server to use
Mobile IP or set up a virtual private network, they must configure
firewalls to permit desired remote access traffic while filtering
potentially malicious traffic from unknown parties, and so on. This
model of "management by experts" works for organizations with
administrative staff, but is infeasible for most consumers who wish to
set up and manage their own personal networks.
The Unmanaged Internet Architecture (UIA) is a suite of design
principles and experimental protocols that provide robust, efficient
global connectivity among mobile devices while relying for
configuration only on simple, intuitive management concepts. UIA uses
"personal names" rather than traditional global names as handles for
accessing personal devices remotely. Users assign these personal
names via an ad hoc device introduction process requiring no central
allocation. Once assigned, personal names bind securely to the global
identities of their target devices independent of network location.
Each user manages one namespace, shared among all the user's devices
and always available on each device. Users can also name other users
to share resources with trusted acquaintances. Devices with naming
relationships automatically arrange connectivity when possible, both
in ad hoc networks and using global infrastructure when available.
We built a prototype implementation of UIA that demonstrates the
utility and feasibility of these design principles. The prototype
includes an overlay routing layer that leverages the user's social
network to provide robust connectivity in spite of network failures
and asymmetries such as NATs, a new transport protocol implementing a
novel stream abstraction that more effectively supports the highly
parallelized and media-oriented applications demanded on mobile
devices, and a flexible security framework based on proof-carrying
authorization (PCA) that provides "plug-in" interoperability with
existing secure naming and authentication systems.
Bio:
Bryan Ford began his systems research career as an undergraduate in
the Flux group at the University of Utah, where he developed novel
kernel structuring and component reuse techniques. After a break to
join Phobos Inc., a successful networking startup, he returned to
research as a graduate student at MIT, where he has pursued a diverse
array of interests including programming languages, peer-to-peer and
ubiquitous device networking, storage systems, and virtual machines.
-
Tuesday, March 11th, 2 PM
Speaker: Maxwell Krohn, MIT
Title: Securing Servers with Decentralized Information Flow Control
Location: Room 6.12, CS Department (Malet Place Engineering Building), UCL
Abstract:
Today's operating systems struggle to contain the effects of malicious
application code. For a desktop PC, one bad software download can reveal the
entire contents of the PC's file system. On servers, one bad Web application
component can reveal the entire contents of a site's database. In both cases,
bad software can maliciously overwrite important data. Far from receding,
these security flaws are finding their way into new server-side computing
platforms, such as Facebook applications.
Our solution is Decentralized Information Flow Control (DIFC) at the
OS level. DIFC systems track the flow of secret and high-integrity
data, as they are copied from file to file, and communicated from
process to process. In the end, the operating system lets modules
known as declassifiers determine the policy for secret data exiting
to the network and for impure applications overwriting important
files. Example policies include "only reveal Alice's secret data to
Alice's Web client" or "only local, authorized text-editors can
overwrite this file." DIFC gives better security than standard OSes
because it allows developers to concentrate security-critical code in
small, audit-friendly declassifiers, which remain small and contained
even as the overall system balloons with new features.
This talk presents DIFC, an implementation of DIFC for Linux, and a case study
of a complex, popular open-source application (MoinMoin Wiki) secured with
DIFC. MoinMoin is a prototype for more ambitious and general work to come,
such as a novel server-side application platform with encouraging security
guarantees.
(Joint work with: Micah Brodsky, Natan Cliffer, Petros Efstathopoulos, Cliff
Frey, Eddie Kohler, David Mazieres, Robert Morris, Frans Kaashoek, Steve
VanDeBogart, Mike Walfish, Alex Yip, David Ziegler.)
Bio:
Maxwell Krohn is a PhD candidate in Computer Science at MIT. He received
his BA from Harvard in 1999 and was a staff research scientist at NYU from
2002-2003. In between, he has co-founded and co-built several community Web
sites, some vintage (TheSpark.com, SparkNotes.com), others live and kicking
(OkCupid.com). His research interests are in operating systems, distributed
systems and security.
-
Thursday, March 13th, 2 PM
Speaker: Peter Desnoyers, University of Massachusetts, Amherst
Title: Data Management for Streaming Systems
Location: Room 6.12, CS Department (Malet Place Engineering Building), UCL
Abstract:
Many new computing applications are characterized by the arrival of
asynchronous event data from the external world. These applications
impose new requirements on the underlying system--requirements which
are not addressed by the traditional timesharing model where user and
application form a closed loop.
One area in which these differences are especially pronounced is that
of data storage and retrieval. In this talk we examine two data
handling systems for streaming data: TSAR, which provides an
energy-efficient distributed data store to networks of tiny wireless
sensors, and Hyperion, a distributed network monitor comprised of
server-class machines, providing real-time recording and online
querying of network data. Despite the vast differences in scale,
these two systems must address similar application requirements and
resource constraints. In this talk I will describe the theory and
practice of these two systems, present results, and address the
implications of new storage models for the future of operating systems
research.
Bio:
Peter Desnoyers received his PhD this fall from the University of
Massachusetts, Amherst, under the supervision of Prashant
Shenoy; his research interests are in the area of operating systems
and storage. Prior to UMass he spent fifteen years in industry, and holds
two patents. He is currently at VMware.
-
Monday, March 17th, 10 AM
Speaker: Jakob Eriksson, MIT
Title: WiFi on the Road - Real-World Performance and Applications
Location: Room 212, Roberts Building, UCL
Abstract:
Open WiFi connectivity is widely available today, even, or perhaps
particularly, to moving vehicles. However, our experiments with 25
taxis in the Boston area have shown that encounters with such access
points tend to be brief, on the order of 5-10 seconds, and signal
quality tends to be poor, experiencing 30% packet losses on average.
In the first part of my talk, I will present the QuickWiFi connection
manager and the CarTel transport protocol, both designed to withstand
these adverse conditions. Using these, we are able to achieve an
averaged throughput of 38 Mb/hour, or 80kbit/s, from moving vehicles.
This free, high-capacity vehicular connectivity enables a wide range
of new applications, including various forms of mobile sensing and in-
car media. One application of particular interest to the CarTel group
is traffic congestion monitoring. In the second part of my talk, I
will describe a system for WiFi-based street-by-street vehicle
trajectory estimation. By using WiFi for both sensing and
connectivity, it is possible to turn any WiFi-enabled device into a
"traffic congestion probe." Deployed in large scale, this enables an
extremely low-cost method of measuring street congestion levels, city-
wide.
Bio:
Jakob Eriksson is a postdoctoral associate in the CarTel group at MIT
CSAIL. He received his Ph.D. from UC Riverside in 2006. Before that,
he graduated with an M.Sc. from the Royal Institute of Technology
(KTH) in Stockholm, Sweden. His research interests include vehicular
networking and mobile sensing, routing and security in wired and
wireless networks.
-
Tuesday, March 18th, 2 PM
Speaker: Brighten Godfrey, UC Berkeley
Title: Stabilizing Internet Routing, or, A Story of Heterogeneity
Location: Room 6.12, CS Department (Malet Place Engineering Building), UCL
Abstract:
A significant cause of the unreliability of end-to-end communications on
the Internet is route instability: dynamic changes in routers' selected
paths. Instability is becoming even more problematic due to the
increasing prevalence of real-time applications and concerns about the
scalability of the Internet routing architecture. Yet Route Flap
Damping, the main mechanism for combating instability, has introduced
unexpected pathologies and reduced availability.
This talk describes a more principled approach to stabilizing Internet
routing. We identify general approaches to achieve stability, and
quantify their inherent tradeoffs with other objectives via upper and
lower bounds. I will describe Stable Route Selection (StaRS), a new
approach which uses flexibility in route selection to improve stability
without sacrificing availability. Simulation and experimental results
show that StaRS improves stability and end-to-end reliability while
deviating only slightly from preferred routes, and closely approaching
our theoretical lower bound. These results indicate that StaRS is a
promising, easily deployable way to safely stabilize Internet routing.
StaRS's stability improvements are enabled by dramatic heterogeneity in
route failure patterns. I will present the case that StaRS is an
instance of a much more general principle: that heterogeneity--variation
in reliability, processing speed, bandwidth, or other metrics
--should quite often be viewed as an advantage. This thesis is
supported by practical and theoretical results in a variety of settings
including distributed hash tables, overlay multicast, and job
scheduling.
Bio:
Brighten Godfrey's research concerns distributed and networked systems,
including Internet routing architecture, distributed algorithms,
analysis of networks, peer-to-peer systems and overlay networks. He is
presently a Ph.D. candidate advised by Ion Stoica at UC Berkeley.
-
Wednesday, March 19th, 2 PM
Speaker: Kyle Jamieson, MIT
Title: A Shift from Packets to Symbols in Wireless Systems
Location: Watson Lecture Theatre, Medawar Building, UCL
Abstract:
At an increasing rate, we are using wireless systems to communicate
with others and retrieve content of interest to us. Current wireless
technologies such as WiFi or Zigbee use forward error correction to
drive bit error rates down when there are few interfering
transmissions. However, as more of us use wireless networks to
retrieve increasingly rich content, interference increases in
unpredictable ways. This results in errored bits, degraded
throughput, and eventually, an unusable network. I will argue that
this is the result of higher layers working at the packet granularity,
whereas they would benefit from a shift in perspective from whole
packets to individual symbols.
From real-world experiments on a 31-node Zigbee/software radio
testbed, I find that often, not all of the bits in corrupted packets
share fate. Thus, today's wireless protocols retransmit packets where
only a small number of the constituent bits in a packet are in error,
wasting network resources. I will describe a physical layer that
passes information about its confidence in each decoded symbol up to
higher layers. These SoftPHY hints have many applications, one of
which I will describe in detail. PP-ARQ is a linklayer ARQ protocol
that allows a receiver to compactly encode a request for
retransmission of only the bits in a packet that are likely in error.
My experimental results show that PP-ARQ increases aggregate network
throughput by a factor of approximately 2x under various conditions.
Finally, I will place PP-ARQ in context in terms of other systems work
I have undertaken to adapt to the harsh wireless channel, and discuss
other uses of SoftPHY.
Bio:
Kyle Jamieson received the B.S. degree in mathematics (2000), the
B.S. degree in computer science (2001), and the M.Eng. degree in
computer science (2002) from the Massachusetts Institute of Technology
(Cambridge, MA). He is currently a Ph.D. student at the MIT Computer
Science and Artificial Intelligence Laboratory. His current research
interests are in networked and wireless systems, with an emphasis on
the interaction of wireless systems with the physical layer. In prior
work, he has examined energy efficiency, medium access control, and
congestion control in wireless networks. His research advisor is
Prof. Hari Balakrishnan.
|
|
|