- AboutThis should describe the systems research collaboration, and present the overall research goals of the new group.
- PeopleHere are the different labs in the SRC…
- PublicationsA page where you will find categorized publications!
- ProjectsA page where you will find our projects
- ResourcesVarious resources for prospective students, current students, alumni. Maybe put something here about life in NYC and at Columbia…
Publications from 2007
Proceedings of the 21st Large Installation System Administration Conference (LISA 2007), November 2007
Existing applications often contain security holes that are not patched until after the system has already been compromised. Even when software updates are available, applying them often re- sults in system services being unavailable for some time. This can force administrators to leave system services in an insecure state for extended periods. To address these system security issues, we have developed the PeaPod virtualization layer. The PeaPod virtualization layer provides a group of processes and associated users with two virtualization abstractions, pods and peas. A pod provides an isolated virtualized environment that is decoupled from the underlying operating sys- tem instance. A pea provides an easy-to-use least privilege model for fine grain isolation amongst application components that need to interact with one another. As a result, the system easily en- ables the creation of lightweight environments for privileged program execution that can help with intrusion prevention and containment. Our measurements on real world desktop and server appli- cations demonstrate that the PeaPod virtualization layer imposes little overhead and enables secure isolation of untrusted applications.
Proceedings of the American Medical Informatics Association (AMIA) 2007 Annual Symposium, November 2007
As the availability of home broadband in- creases, there is an increasing need for a broadband- based home telemedicine architecture. A home tele- medicine architecture supporting broadband and remote training is presented.
Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP 2007), October 2007
As users interact with the world and their peers through their computers, it is becoming important to archive and later search the information that they have viewed. We present DejaView, a personal virtual computer recorder that provides a complete record of a desktop computing experi- ence that a user can playback, browse, search, and revive seamlessly. DejaView records visual output, checkpoints corresponding application and file system state, and cap- tures displayed text with contextual information to index the record. A user can then browse and search the record for any visual information that has been displayed on the desktop, and revive and interact with the desktop computing state corresponding to any point in the record. DejaView com- bines display, operating system, and file system virtualiza- tion to provide its functionality transparently without any modifications to applications, window systems, or operating system kernels. We have implemented DejaView and eval- uated its performance on real-world desktop applications. Our results demonstrate that DejaView can provide con- tinuous low-overhead recording without any user noticeable performance degradation, and allows browsing, search and playback of records fast enough for interactive use.
Proceedings of the 2007 ACM SIGMOD International Conference on Management of Data, June 2007
This paper presents HomeViews, a peer-to-peer middleware system for building personal data management applications. HomeViews provides abstractions and services for data organization and distributed data sharing. The key innovation in HomeViews is the integration of three concepts: views and queries from databases, a capability-based protection model from operating systems, and a peer-to-peer distributed architecture. Using HomeViews, applications can (1) create views to organize files into dynamic collections, (2) share these views in a protected way across the Internet through simple exchange of capabilities, and (3) transparently integrate remote views and data into a user's local organizational structures. HomeViews operates in a purely peer-topeer fashion, without the need for account administration or centralized data and protection management inherent in typical data-sharing systems.
We have prototyped HomeViews, deployed it on a small network of Linux machines, and used it to develop two distributed data-sharing applications: a peer-to-peer version of the Gallery photo-sharing application and a simple readonly shared file system. Using measurements, we demonstrate the practicality and performance of our approach.
Proceedings of the 2007 USENIX Annual Technical Conference, June 2007
The ability to checkpoint a running application and restart it later can provide many useful benefits including fault recovery, advanced resources sharing, dynamic load bal- ancing and improved service availability. However, appli- cations often involve multiple processes which have de- pendencies through the operating system. We present a transparent mechanism for commodity operating systems that can checkpoint multiple processes in a consistent state so that they can be restarted correctly at a later time. We introduce an efficient algorithm for recording process re- lationships and correctly saving and restoring shared state in a manner that leverages existing operating system ker- nel functionality. We have implemented our system as a loadable kernel module and user-space utilities in Linux. We demonstrate its ability on real-world applications to provide transparent checkpoint-restart functionality with- out modifying, recompiling, or relinking applications, li- braries, or the operating system kernel. Our results show checkpoint and restart times 3 to 55 times faster than OpenVZ and 5 to 1100 times faster than Xen.
Proceedings of the IEEE Symposium on Security and Privacy, May 2007
We present a new technique that enables software recov- ery in legacy applications by retrofitting exception-handling capabilities, error virtualization using rescue points. We in- troduce the idea of â€œrescue pointsâ€ as program locations to which an application can recover its execution in the pres- ence of failures. The use of rescue points reduces the chance of unanticipated execution paths thereby making recovery more robust by mimicking system behavior under controlled error conditions. These controlled error conditions can be thought of as a set erroneous inputs, like the ones used by most quality-assurance teams during software development, designed to stress-test an application. To discover rescue points applications are profiled and monitored during tests that bombard the program with bad/random inputs. The intuition is that by monitoring application behavior dur- ing these runs, we gain insight into how programmer-tested program points are used to propagate faults gracefully.
Proceedings of the Third International Workshop on Networking Meets Databases (NetDB), April 2007
Today, network intrusion detection systems (NIDSs) use custom solutions to log historical network flows and support forensic analysis by network administrators. These solutions are expensive, inefficient, and lack flexibility. In this paper, we investigate database support for interactive network forensic analysis. We show that an "out-of-the-box" relational database management system (RDBMS) can support moderate flow rates in a manner that ensures high query performance. To enable support for significantly higher data rates, we propose a technique based on on-demand view materialization and indexing. In our approach, when an event occurs, the system proactively extracts relevant historical data and indexes it in preparation for forensic queries over that data. We show that our approach significantly improves response times for a large class of queries, while maintaining high insert throughput.