The DSL Seminar is a weekly gathering of the research students and professors in the Distributed Systems Laboratory. We discuss research ideas and specific projects within University of Pennsylvania as well as external to Penn. We welcome visitors to participate as both speakers and audience members.
DSL acknowledges and appreciates the funding of Comcast for seminar lunches in 2017.
|Sept. 8||Yang Wu||Diagnosing Performance Problems with Timing Provenance
When diagnosing a problem in a distributed system, it is sometimes necessary to explain the timing of an event -- for instance, why a response has been delayed, or why the network latency is high. Existing tools offer some support for this, typically by tracing the problem to a bottleneck or to an overloaded server. However, locating the bottleneck is merely the first step: the real problem may be some other service that is sending traffic over the bottleneck link, or a misbehaving machine that is overloading the server with requests. These off-path root causes do not appear in a conventional trace and will thus be missed by most existing diagnostic tools.
In this paper, we introduce a new concept we call timing provenance that can help with diagnosing problems that are related to timing. Timing provenance is inspired by earlier work on provenance-based network debugging; however, in addition to the functional problems that can already be handled with classical provenance, it can also diagnose problems that are related to timing. We present an algorithm for generating timing provenance, and we describe a concrete debugger that uses this algorithm to diagnose both functional and temporal problems. Our experimental evaluation with several realistic performance bugs shows that this debugger can successfully diagnose complex timing-related problems, and that its overhead is comparable to that of existing provenance-based debuggers.
|Sept. 15||Joe Devietti||Fixing the Engine While It's Running: Automatic False Sharing Repair
for Managed and Unmanaged Code
Multicore architectures continue to pervade every part of our computing infrastructure, from servers to phones and smart watches. While these parallel architectures bring established performance and energy-efficiency gains compared to single-core designs, parallel code written for these architectures can suffer from subtle performance bugs that are difficult to understand and repair with current tools. I'll describe a series of hybrid hardware/software systems for detecting and repairing false sharing bugs in C/C++ and Java code. These systems rely on sophisticated performance counters for efficient bug detection, and various runtime system tricks to repair false sharing automatically. Through careful accounting of memory consistency model semantics, these systems are able to achieve much of the speedup of manual fixes, but without the need for programmer intervention.
|Sept. 22||Lei Shi|| Opportunistic Privilege Separation
Despite rising numbers of large scale data breaches, security remains an after thought in common software design processes, resulting in rising complexity with each new feature and large continuously evolving, monolithic and over-privileged software. Applying security to such systems is ad-hoc, which protects against known attack vectors but still exploitable.
Opportunistic Privilege Separation (OPS) is a new approach to modular decomposition and associated separation mechanisms. OPS exploits observed program behavior to identify opportunities for creating protected subspaces automatically. The OPS strategy replaces a burdensome explicit decomposition process demanding high programmer involvement with software mechanisms that decompose systems automatically, based on their actions. OPS targets legacy systems and thus eases progress toward fine-grained protection to overcome well-understood security weaknesses in monolithic architectures with coarse-grained or no privilege separation.
This work presents ongoing efforts on OPS. Specifically focusing on privilege modeling that allows OPS to extend beyond existing "policy-from-behavior" approaches, which hinges on a new low level representation of privileges called Context-Aware Provenance via Memory Access Pattern Maps (CAPMAPS, cmaps). We describe the model, and a tool that collects privileges within the Linux kernel.
|Sept. 29||Joel Hypolite|| Putting Network Intrusion Detection Systems in the PHAST lane
PHAST, P4-based Hardware Accelerated Stream Preprocessing, enables a novel architectural approach to scaling network applications. This is ongoing work and we will present preliminary results of applying PHAST to the domain of network intrusion detection systems (NIDS).
PHAST decomposes NIDS components and analytic rules into a multi-stage “pipeline" for processing streams of traffic. Highly parallelized programmable line cards execute the first stages of the pipeline, offloading processing from CPUs comprising the remaining stages. The effectiveness of PHAST depends on both the filter detection language being a conservative approximation of the original NIDS, L(NIDS) ⊆ L(Filter), and the ability to minimize P, the probability that a packet is sent from the filter stages of the pipeline to the CPU stages.
A PHAST implementation comprising P4 and micro-C code was evaluated on Netronome’s P4 cards. A preliminary evaluation on a 10 Gb network demonstrated that a snort NIDS deployment, limited to 1 Gbps, can be augmented with PHAST to handle over 9 Gbps of sustained network traffic. PHAST’s architecture also yields power-efficient operation; at 0.328 Gb/W, this is the best performance reported for this important metric, making PHAST attractive for data centers.
|Oct. 6||None||(Fall Break)|
|Oct. 13||Linh Thi Xuan Phan|| Predictable timing for the cloud
I will discuss some recent efforts on real-time resource allocation for the cloud and its application to network function virtualization, as well as highlight some open research questions moving forward.
|Oct. 20||Luke Valenta|| May the Fourth Be With You:
A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519
In recent years, applications increasingly adopt security primitives designed with better countermeasures against side channel attacks. A concrete example is Libgcrypt’s implementation of ECDH encryption with Curve25519. The implementation employs the Montgomery ladder scalar-by-point multiplication, uses the unified, branchless Montgomery double-and-add formula and implements a constant-time argument swap within the ladder. However, Libgcrypt’s field arithmetic operations are not implemented in a constant-time side-channel-resistant fashion.
Based on the secure design of Curve25519, users of the curve are advised that there is no need to perform validation of input points. In this work, we demonstrate that when this recommendation is followed, the mathematical structure of Curve25519 facilitates the exploitation of side-channel weaknesses.
We demonstrate the effect of this vulnerability on three software applications—encrypted git, email, and messaging—that use Libgcrypt. In each case, we show how to craft malicious OpenPGP files that use the Curve25519 point of order 4 as a chosen ciphertext to the ECDH encryption scheme. We find that the resulting interactions of the point at infinity, order-2, and order-4 elements in the Montgomery ladder scalar-by-point multiplication routine create side channel leakage that allows us to recover the private key in as few as 11 attempts to access such malicious files.
|Oct. 25||Guest: Rohan Amin|| Cybersecurity @ JPMorgan Chase
Led by Penn alumni, Dr. Rohan Amin, Global Chief Information Security Officer (CISO) and Chief Technology Control Officer at JPMorgan Chase. JPMorgan Chase is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. Dr. Amin is responsible for the firm’s cybersecurity, technology controls and resiliency programs and will provide real-world insight on the current threat environment facing global enterprises and what it takes to have a successful career in this field. Rohan will share his views on the current cyber landscape, innovation in information security and JPMorgan Chase’s global approach to cyber defense. He will also highlight the variety of opportunities for career development in Cybersecurity and Technology at the firm, including internship and graduate training programs designed for STEM majors.
We will have a networking opportunity immediately following the presentation to ensure you have the opportunity to receive insightful answers to your questions from a leading executive in the profession.
307 Levine Time: 3-4pm (talk), 4-5pm (reception)
|Nov. 3||James Weimer||
The Internet of Medical Things:
Personalizing Medicine in an Impersonal World
Modern medical devices provide an unprecedented amount of personal health data. When networked together, the Internet of Medical Things (IoMT) is poised to revolutionize healthcare in the next decade. However, privacy, security, and efficacy concerns limit current IoMT penetration in healthcare applications. In this talk, I will present our recent work on the design of personalized medical systems and analytic solutions that address fundamental challenges in the IoMT arising from medical device interoperability and inter/intra-patient variability. Real-world case study evaluations and implementations covering surgical, intensive care, and outpatient medical conditions provide insight into the proposed technologies and future research challenges towards physiological closed-loop control.
|Nov. 10||Alex Marder||
Measuring Internet Congestion
Internet congestion can indicate a significant problem. As an example, it might result from networks intentionally degrading the quality of service for their customers, in the hopes of coercing payment from other networks. In the last few years, the federal government has been trying to identify the scope of this problem, but currently no viable method exists for measuring congestion without access to the routers. Complicating this problem, congestion is also a natural consequence of the congestion control mechanism built into TCP, and often indicates nothing more than typical resource sharing.
In this talk, I discuss our ongoing research into measuring the existence of congestion, and building a predictive model capable of identifying the available bandwidth of a link suffering congestion. Our model should be capable of differentiating between acceptable congestion, and links that require immediate upgrades. We build our model on a small test network, designed to reduce much of the uncertainty and limitations of traditional Internet-based experiments. Finally, I discuss our preliminary results, as well as future experiments and directions for our research.
|Nov. 17||Qizhen Zhang||
Suffice: Shuffle as a Service
Data center networks were once defined by their homogeneity. Epitomized by the ‘One Big Switch’ model, data centers allowed programmers to ignore low-level concerns such as job placement and network topology. Big data analytics frameworks thrived in this environment.
Reality, however, is messy. Real data centers are often oversubscribed and heterogeneous, and recent hardware trends point toward further changes to the big switch model. In this paper, we propose to facilitate extensibility by making the ‘shuffle’ operation the narrow waist of the big data analytics stack. The resulting system, Suffice, has a simple and general interface that: (1) can be used by many big data systems with minimal changes to those systems, and (2) is compatible with a range of different network configurations. In addition to serving as a narrow waist, Suffice is also extensible with custom annotations, which we leverage to implement shuffle optimizations such as deduplication and combination of values at both the machine and rack level. Our evaluation results using Pregel and Spark show that Suffice provides portable performance that, in some cases, is an order of magnitude better than an infrastructure-agnostic approach.
|Dec. 8||Nikos Vasilakis||
Query-efficient Partitions for Dynamic Data
Large-scale data storage requirements have led to the development of distributed, non-relational databases (NoSQL). Single-dimension NoSQL achieves scalability by partitioning data over a single key space. Queries on primary (“key”) properties are made efficient at the cost of queries on other properties. Multidimensional NoSQL systems attempt to remedy this inefficiency by creating multiple key spaces. Unfortunately, the structure of data needs to be known a priori and must remain fixed, eliminating many of the original benefits of NoSQL.
In this talk, I will present three techniques that together enable query-efficient partitioning of dynamic data. First, unispace hashing (UH) extends multidimensional hashing to data of unknown structure with the goal of improving queries on secondary properties. Second, compression formulas leverage user insight to address UH’s inefficiencies and further accelerate lookups by certain properties. Third, formula spaces use UH to simplify compression formulas and accelerate queries on the structure of objects. The resulting system supports dynamic data similar to single-dimension NoSQL systems, efficient data queries on secondary properties, and novel intersection, union, and negation queries on the structure of dynamic data.
Back to DSL Home Page