@INPROCEEDINGS{ports08:_towar_applic_secur_untrus_operat_system,
ADDRESS = {San Jose, CA, USA},
AUTHOR = {Dan R. K. Ports and Tal Garfinkel},
BOOKTITLE = {Proceedings of the 3rd Workshop on Hot Topics in Security
(HotSec '08)},
MONTH = JUL,
ORGANIZATION = {{USENIX}},
TITLE = {Towards Application Security on Untrusted Operating
Systems},
YEAR = {2008},
ABSTRACT = {Complexity in commodity operating systems makes
compromises inevitable. Consequently, a great deal of work
has examined how to protect security-critical portions of
applications from the OS through mechanisms such as
microkernels, virtual machine monitors, and new processor
architectures. Unfortunately, most work has focused on CPU
and memory isolation and neglected OS semantics. Thus,
while much is known about how to prevent OS and application
processes from modifying each other, far less is understood
about how different OS components can undermine application
security if they turn malicious. We consider this
problem in the context of our work on Overshadow, a
virtual-machine-based system for retrofitting protection in
commodity operating systems. We explore how malicious
behavior in each major OS subsystem can undermine
application security, and present potential mitigations.
While our discussion is presented in terms of Overshadow
and Linux, many of the problems and solutions are
applicable to other systems where trusted applications rely
on untrusted, potentially malicious OS components.},
PDF = {papers/overshadow-hotsec08.pdf},
PSGZ = {papers/overshadow-hotsec08.ps.gz},
SLIDESPDF = {papers/overshadow-hotsec08-slides.pdf},
MONTHNUM = {07}
}
@INPROCEEDINGS{chen08:_overs,
ADDRESS = {Seattle, WA, USA},
AUTHOR = {Xiaoxin Chen and Tal Garfinkel and E. Christopher Lewis
and Pratap Subrahmanyam and Carl A. Waldspurger and Dan
Boneh and Jeffrey Dwoskin and Dan R. K. Ports},
BOOKTITLE = {Proceedings of the 13th {I}nternational {C}onference on
{A}rchitectural {S}upport for {P}rogramming {L}anguages and
{O}perating {S}ystems ({ASPLOS '08})},
MONTH = MAR,
ORGANIZATION = {{ACM}},
TITLE = {Overshadow: A Virtualization-Based Approach to
Retrofitting Protection in Commodity Operating Systems},
YEAR = {2008},
ABSTRACT = {Commodity operating systems entrusted with securing
sensitive data are remarkably large and complex, and
consequently, frequently prone to compromise. To address
this limitation, we introduce a virtual-machine-based
system called Overshadow that protects the privacy and
integrity of application data, even in the event of a total
OS compromise. Overshadow presents an application with a
normal view of its resources, but the OS with an encrypted
view. This allows the operating system to carry out the
complex task of managing an application's resources,
without allowing it to read or modify them. Thus,
Overshadow offers a last line of defense for application
data. Overshadow builds on multi-shadowing, a novel
mechanism that presents different views of ``physical''
memory, depending on the context performing the access.
This primitive offers an additional dimension of protection
beyond the hierarchical protection domains implemented by
traditional operating systems and processor architectures.
We present the design and implementation of Overshadow
and show how its new protection semantics can be integrated
with existing systems. Our design has been fully
implemented and used to protect a wide range of unmodified
legacy applications running on an unmodified Linux
operating system. We evaluate the performance of our
implementation, demonstrating that this approach is
practical.},
PDF = {papers/overshadow-asplos08.pdf},
PSGZ = {papers/overshadow-asplos08.ps.gz},
MONTHNUM = {03}
}
@INPROCEEDINGS{ports05:_persif,
ADDRESS = {Brighton, United Kingdom},
AUTHOR = {Dan R. K. Ports and Austin T. Clements and Erik D.
Demaine},
BOOKTITLE = {Proceedings of the 20th {ACM} {S}ymposium on {O}perating
{S}ystems {P}rinciples ({SOSP} '05)},
MONTH = OCT,
NOTE = {Poster and extended abstract},
ORGANIZATION = {{ACM}},
TITLE = {{PersiFS}: A Versioned File System with an Efficient
Representation},
YEAR = {2005},
MONTHNUM = {10}
}
@INPROCEEDINGS{clements05:_arpeg,
ADDRESS = {Ithaca, NY, USA},
AUTHOR = {Austin T. Clements and Dan R. K. Ports and David R.
Karger},
BOOKTITLE = {Proceedings of the 4th International Workshop on
Peer-to-Peer Systems ({IPTPS} '05)},
KEY = {IPTPS '05},
MONTH = FEB,
PAGES = {58--68},
PUBLISHER = {Springer},
SERIES = {Lecture Notes in Computer Science},
TITLE = {Arpeggio: Metadata Searching and Content Sharing with
{C}hord},
VOLUME = {3640},
YEAR = {2005},
ABSTRACT = {Arpeggio is a peer-to-peer file-sharing network based on
the Chord lookup primitive. Queries for data whose metadata
matches a certain criterion are performed efficiently by
using a distributed keyword-set index, augmented with
index-side filtering. We introduce index gateways, a
technique for minimizing index maintenance overhead.
Because file data is large, Arpeggio employs subrings to
track live source peers without the cost of inserting the
data itself into the network. Finally, we introduce
postfetching, a technique that uses information in the
index to improve the availability of rare files. The result
is a system that provides efficient query operations with
the scalability and reliability advantages of full
decentralization, and a content distribution system tuned
to the requirements and capabilities of a peer-to-peer
network.},
PDF = {papers/arpeggio-iptps05.pdf},
PSGZ = {papers/arpeggio-iptps05.ps.gz},
SLIDESPDF = {papers/arpeggio-iptps05-slides.pdf},
MONTHNUM = {02}
}
@INPROCEEDINGS{clements04:_arpeg,
ADDRESS = {Cambridge, MA, USA},
AUTHOR = {Austin T. Clements and Dan R. K. Ports and David R.
Karger},
BOOKTITLE = {Proceedings of the 2nd Project IRIS Student Workshop
({ISW} '04)},
KEY = {ISW '04},
MONTH = NOV,
NOTE = {Poster and extended abstract.},
TITLE = {Arpeggio: Efficient Metadata-based Searching and File
Transfer with {DHTs}},
YEAR = {2004},
ABSTRACT = {Arpeggio is a peer-to-peer file-sharing network
based on the Chord distributed hash table. Queries for
files whose metadata matches a certain criterion are
performed efficiently by using a distributed
keyword-set index , augmented with index-side
filtering . We introduce metadata gateways , a
technique for minimizing index maintenance overhead.
Arpeggio also uses the DHT for indirect
storage of file contents, maintaining pointers from
content to the live peers that provide it. Finally, we
introduce postfetching , a technique that uses
information in the index to improve the availability of
rare files. The result is a system that provides efficient
query operations with the scalability and reliability
advantages of full decentralization, and a content
distribution system tuned to the requirements of a
peer-to-peer file-sharing network.},
MONTHNUM = {11}
}
@MASTERSTHESIS{ports07:_metad_index_in_struc_peer,
ADDRESS = {Cambridge, MA, USA},
AUTHOR = {Dan R. K. Ports},
MONTH = FEB,
SCHOOL = {Massachusetts Institute of Technology},
TITLE = {Arpeggio: Metadata Indexing in a Structured Peer-to-Peer
Network},
YEAR = {2007},
ABSTRACT = {Peer-to-peer networks require an efficient means for
performing searches for files by metadata keywords.
Unfortunately, current methods usually sacrifice either
scalability or recall. Arpeggio is a peer-to-peer
file-sharing network that uses the Chord lookup primitive
as a basis for constructing distributed keyword-set index,
augmented with index-side filtering, to address this
problem. We introduce index gateways, a technique for
minimizing index maintenance overhead. Arpeggio also
includes a content distribution system for finding source
peers for a file; we present a novel system that uses Chord
subrings to track live source peers without the cost of
inserting the data itself into the network, and supports
postfetching: using information in the index to improve the
availability of rare files. The result is a system that
provides efficient query operations with the scalability
and reliability advantages of full decentralization. We use
analysis and simulation results to show that our indexing
system has reasonable storage and bandwidth costs, and
improves load distribution.},
PDF = {papers/arpeggio-meng.pdf},
PSGZ = {papers/arpeggio-meng.ps.gz},
MONTHNUM = {02}
}
@UNPUBLISHED{ports07:_optim_distr_read_only_trans,
ADDRESS = {Cambridge, MA, USA},
AUTHOR = {Dan R. K. Ports and Austin T. Clements and Irene Y.
Zhang},
INSTITUTION = {Massachusetts Institute of Technology},
MONTH = DEC,
NOTE = {6.830 (Database Systems) Project Report},
TITLE = {Optimizing Distributed Read-Only Transactions Using
Multiversion Concurrency},
YEAR = {2007},
ABSTRACT = {Distributed transactional systems typically achieve
efficiency by abandoning true serializability for weaker
forms of consistency that are difficult to reason about
because they expose the concurrency in the underlying
system. We explore an alternate route: weakening
causality instead of consistency. Our proposed
algorithm achieves global serializability by sacrificing
global causality, which we argue is reasonable in many
situations. This allows our algorithm to achieve efficiency
by permitting read-only transactions to operate on stale
but locally available cache data. We present the details of
a transactional block storage protocol that implements this
form of concurrency control, as well as a performance
evaluation of an experimental implementation of this
protocol and comparison against conventional optimistic
concurrency control.},
PDF = {papers/anastore-6830.pdf},
PSGZ = {papers/anastore-6830.ps.gz},
SLIDESPDF = {papers/anastore-6830-slides.pdf},
MONTHNUM = {12}
}
@UNPUBLISHED{ports07:_plaid,
ADDRESS = {Cambridge, MA, USA},
AUTHOR = {Dan R. K. Ports and Austin T. Clements and Irene Y.
Zhang},
INSTITUTION = {Massachusetts Institute of Technology},
MONTH = MAY,
NOTE = {6.891 (Advanced Symbolic Programming) Project Report},
TITLE = {Plaid: Pattern Language for Abstract Datatypes},
YEAR = {2007},
ABSTRACT = {The expressiveness of traditional syntactic pattern
matching is severely limited by its lack of abstraction.
Because syntax patterns are mired in the built-in types
understood by the pattern matching system, they lack the
ability to express patterns over abstract data types
(ADT's). More advanced pattern matching techniques, such as
semantic matching, can overcome this, but at the per-ADT
cost of the complex code required to add new pattern
combinators to the system.
Plaid defines
a new pattern language that captures a strict subset of
Scheme capable of both regular computation, as well as
reverse computation. This allows it to overcome both the
limitations of syntactic patterns and the cost of semantic
patterns by providing a means by which programmers can
write a single specification of the mapping between the
abstract and concrete representations of an ADT that
simultaneously serves as constructor, predicate, accessor,
and pattern combinator for that ADT. This specification is
written virtually identically to how a regular constructor
would be written.
Furthermore, the Plaid
pattern language is capable of capturing non-determinism
and decisions within pattern matching, thus admitting a
very broad interpretation of what can be considered an ADT
constructor. This leads to variety of interesting
capabilities, such as the ability to view concrete data in
multiple abstract ways, the ability to canonicalize
multiple concrete representations in one abstract way, and
the ability to imagine more convenient representations of
existing data.},
PDF = {papers/plaid-6891.pdf},
PSGZ = {papers/plaid-6891.ps.gz},
SLIDESPDF = {papers/plaid-6891-slides.pdf},
MONTHNUM = {05}
}
@UNPUBLISHED{ports05:_canop,
ADDRESS = {Cambridge, MA, USA},
AUTHOR = {Dan R. K. Ports and Austin T. Clements and Jeff Arnold},
INSTITUTION = {Massachusetts Institute of Technology},
MONTH = DEC,
NOTE = {6.829 (Computer Networks) Project Report},
TITLE = {Canopy: A Controlled Emulation Environment for Network
System Experimentation},
YEAR = {2005},
ABSTRACT = {Network systems are hard to debug because they are
inherently parallel and non-deterministic. Canopy assists
with network debugging by putting the entire network system
into a controlled emulation environment
constructed from virtual machines and a simulated network.
This puts all variables under the user's control and
provides a coherent, omniscient viewpoint of the entire
system. To aid the user in observing and manipulating the
system, Canopy provides tools such as traffic
visualization, packet manipulation, rollback and replay.},
PDF = {papers/canopy-6829.pdf},
PSGZ = {papers/canopy-6829.ps.gz},
MONTHNUM = {12}
}
@UNPUBLISHED{clements05:_persif,
ADDRESS = {Cambridge, MA, USA},
AUTHOR = {Austin T. Clements and Dan R. K. Ports and Ben A.
Schmeckpeper and Hector Yuen},
INSTITUTION = {Massachusetts Institute of Technology},
MONTH = MAY,
NOTE = {6.824 (Distributed Systems Engineering) Project Report},
TITLE = {{PersiFS}: A Continuously Versioned Network File System},
YEAR = {2005},
ABSTRACT = {Most file systems are ephemeral , meaning that
once a change has been made, there is no way to recall the
previous contents of the file system. Backups, version
control systems, and user interface improvements such as
"trash cans" attempt to alleviate this problem; however,
these are all rough approximations of persistent
file system structures, giving users restricted access to a
restricted set of past states of the file system. PersiFS
is a fully persistent file system, providing
access to any past state of the entire file
system. PersiFS achieves full persistence without
sacrificing access time to either current versions or past
versions, using inordinate amounts of disk space, or
requiring modification to existing applications.},
PDF = {papers/persifs-6824.pdf},
PSGZ = {papers/persifs-6824.ps.gz},
SLIDESPDF = {papers/persifs-6824-slides.pdf},
MONTHNUM = {05}
}
@UNPUBLISHED{ports05:_struc_for_effic_file_system,
ADDRESS = {Cambridge, MA, USA},
AUTHOR = {Dan R. K. Ports and Austin T. Clements},
INSTITUTION = {Massachusetts Institute of Technology},
MONTH = MAY,
NOTE = {6.897 (Advanced Data Structures) Project Report},
TITLE = {Structures for Efficient File System-Scale Partial
Persistence},
YEAR = {2005},
ABSTRACT = {A persistent file system stores every previous
state of each file, allowing convenient access to the full
state of the file system as it appeared at any point in the
past. Achieving this convenient feature presents a
challenging data structural problem because the amount of
data involved is so large: it must use as little space as
possible, and provide efficient operations for modifying
the current state and accessing both current and past
states. We formalize persistent file systems as a problem
in data structures, and analyze it in the context of the
external memory model. We begin by considering the design
of our initial solution to this problem from the
PersiFS1 file system, which is based on a log of
metadata changes and an indirection layer for storing file
data. These "systems" data structures support the desired
operations, but are not asymptotically efficient. Applying
more advanced data structures, we refine the design into
the next version, PersiFS2. We use
B+-trees for file content indexing in order to
improve the space efficiency of the system, and we present
a novel partially-persistent B+-tree design,
which can be used to track changes to files with
logarithmic modification and query cost.
PersiFS2 has been implemented as a working file
system with these data structures, and our measurements
indicate that the new file system data structure provides
dramatically improved access time for previous revisions
with a small increase in cost for modifications.},
PDF = {papers/persifs-6897.pdf},
PSGZ = {papers/persifs-6897.ps.gz},
SLIDESPDF = {papers/persifs-6897-slides.pdf},
MONTHNUM = {05}
}
This file has been generated by bibtex2html 1.75