UCL logo
People Overview Publications Projects Seminars Calls for Papers Reading Group Networking Resources PhD and Job Applications




March 2008

  • Wednesday, March 5th, 11:15 AM

    Speaker: Nickolai Zeldovich, Stanford University
    Title: Building Secure Systems around Information Flow Control
    Location: H.O. Schild Pharmacology Lecture Theatre, Department of Medical Sciences, UCL


    Today's state of computer security resembles an arms race: the bad guys are constantly searching for new ways to break in, and being safe requires staying one step ahead of them in cutting off avenues of attack. This strategy is simply too risky and too expensive in the long run. In this talk, I will argue that we need to address security at a much more fundamental level, and I will show how rethinking the design of operating systems, network protocols, and hardware can provide a solid foundation for building applications in a way that does not introduce vulnerabilities faster than we can fix them.

    Much of the challenge stems from the fact that real systems are constantly evolving, and that most programmers are not security-conscious, resulting in code rife with bugs that cause security vulnerabilities. Instead of trying to fix all code, this talk will focus on protecting data, by controlling how it can move through the system. The key insight is that data protection cuts across layers: any data in an application can also be viewed as memory or files by the OS, or as physical pages by the hardware. Consequently, even data in buggy applications can be protected by the OS or by hardware, despite the fact that the latter two are at a much lower level of abstraction.

    In particular, I will show how a low-level information flow control mechanism, provided by a small OS kernel or by hardware, can be used throughout the system to enforce security ranging from traditional Unix policies to privacy of user data in a web server built from largely untrusted code.


    Nickolai Zeldovich is a postdoc at Stanford University, where he recently received his Ph.D. Previously he received M.Eng. and S.B. degrees from MIT. His research interests are in security, operating systems, and networking.

  • Thursday, March 6th, 2 PM

    Speaker: Steve Uhlig, Delft University of Technology
    Title: Predicting Internet-wide Routing
    Location: Room 6.12, CS Department (Malet Place Engineering Building), UCL


    An understanding of the topological structure of the Internet is needed for quite a number of networking tasks, e.g., making decisions about peering relationships, choice of upstream providers, inter-domain traffic engineering.

    One essential component of these tasks is the ability to predict routes in the Internet. However, the Internet is composed of a large number of independent autonomous systems (ASes) resulting in complex interactions, and until now no model of the Internet has succeeded in producing predictions of acceptable accuracy. In this talk, we present our recent efforts to build models that capture routing diversity and policies in the Internet, and discuss the predictability of Internet routing.


    Steve Uhlig obtained his PhD in applied sciences from the University of Louvain, Belgium, in 2004. Between 2004 and 2006, he was a postdoctoral fellow of the Belgian National Fund for Scientific Research (FNRS). Since October 2006, he is an assistant professor at Delft University of Technology, The Netherlands, in the Network Architectures and Services group. His research interests are focused on the macroscopic behavior of the Internet, including routing, traffic engineering, network design and robustness.

  • Monday, March 10th, 2:30 PM

    Speaker: Bryan Ford, MIT
    Title: Intuitive Global Connectivity for Personal Mobile Devices
    Location: Gustave Tuck Lecture Theatre, Wilkins Building, UCL


    Network-enabled mobile devices are quickly becoming ubiquitous in the lives of ordinary people, but current technologies for providing ubiquitous global connectivity between these devices still require experts to set up and manage. Users must allocate and maintain global domain names in order to connect to their devices globally via DNS, they must allocate a static IP address and run a home server to use Mobile IP or set up a virtual private network, they must configure firewalls to permit desired remote access traffic while filtering potentially malicious traffic from unknown parties, and so on. This model of "management by experts" works for organizations with administrative staff, but is infeasible for most consumers who wish to set up and manage their own personal networks.

    The Unmanaged Internet Architecture (UIA) is a suite of design principles and experimental protocols that provide robust, efficient global connectivity among mobile devices while relying for configuration only on simple, intuitive management concepts. UIA uses "personal names" rather than traditional global names as handles for accessing personal devices remotely. Users assign these personal names via an ad hoc device introduction process requiring no central allocation. Once assigned, personal names bind securely to the global identities of their target devices independent of network location. Each user manages one namespace, shared among all the user's devices and always available on each device. Users can also name other users to share resources with trusted acquaintances. Devices with naming relationships automatically arrange connectivity when possible, both in ad hoc networks and using global infrastructure when available. We built a prototype implementation of UIA that demonstrates the utility and feasibility of these design principles. The prototype includes an overlay routing layer that leverages the user's social network to provide robust connectivity in spite of network failures and asymmetries such as NATs, a new transport protocol implementing a novel stream abstraction that more effectively supports the highly parallelized and media-oriented applications demanded on mobile devices, and a flexible security framework based on proof-carrying authorization (PCA) that provides "plug-in" interoperability with existing secure naming and authentication systems.


    Bryan Ford began his systems research career as an undergraduate in the Flux group at the University of Utah, where he developed novel kernel structuring and component reuse techniques. After a break to join Phobos Inc., a successful networking startup, he returned to research as a graduate student at MIT, where he has pursued a diverse array of interests including programming languages, peer-to-peer and ubiquitous device networking, storage systems, and virtual machines.

  • Tuesday, March 11th, 2 PM
    Speaker: Maxwell Krohn, MIT
    Title: Securing Servers with Decentralized Information Flow Control
    Location: Room 6.12, CS Department (Malet Place Engineering Building), UCL


    Today's operating systems struggle to contain the effects of malicious application code. For a desktop PC, one bad software download can reveal the entire contents of the PC's file system. On servers, one bad Web application component can reveal the entire contents of a site's database. In both cases, bad software can maliciously overwrite important data. Far from receding, these security flaws are finding their way into new server-side computing platforms, such as Facebook applications.

    Our solution is Decentralized Information Flow Control (DIFC) at the OS level. DIFC systems track the flow of secret and high-integrity data, as they are copied from file to file, and communicated from process to process. In the end, the operating system lets modules known as declassifiers determine the policy for secret data exiting to the network and for impure applications overwriting important files. Example policies include "only reveal Alice's secret data to Alice's Web client" or "only local, authorized text-editors can overwrite this file." DIFC gives better security than standard OSes because it allows developers to concentrate security-critical code in small, audit-friendly declassifiers, which remain small and contained even as the overall system balloons with new features.

    This talk presents DIFC, an implementation of DIFC for Linux, and a case study of a complex, popular open-source application (MoinMoin Wiki) secured with DIFC. MoinMoin is a prototype for more ambitious and general work to come, such as a novel server-side application platform with encouraging security guarantees.

    (Joint work with: Micah Brodsky, Natan Cliffer, Petros Efstathopoulos, Cliff Frey, Eddie Kohler, David Mazieres, Robert Morris, Frans Kaashoek, Steve VanDeBogart, Mike Walfish, Alex Yip, David Ziegler.)


    Maxwell Krohn is a PhD candidate in Computer Science at MIT. He received his BA from Harvard in 1999 and was a staff research scientist at NYU from 2002-2003. In between, he has co-founded and co-built several community Web sites, some vintage (TheSpark.com, SparkNotes.com), others live and kicking (OkCupid.com). His research interests are in operating systems, distributed systems and security.

  • Thursday, March 13th, 2 PM
    Speaker: Peter Desnoyers, University of Massachusetts, Amherst
    Title: Data Management for Streaming Systems
    Location: Room 6.12, CS Department (Malet Place Engineering Building), UCL


    Many new computing applications are characterized by the arrival of asynchronous event data from the external world. These applications impose new requirements on the underlying system--requirements which are not addressed by the traditional timesharing model where user and application form a closed loop.

    One area in which these differences are especially pronounced is that of data storage and retrieval. In this talk we examine two data handling systems for streaming data: TSAR, which provides an energy-efficient distributed data store to networks of tiny wireless sensors, and Hyperion, a distributed network monitor comprised of server-class machines, providing real-time recording and online querying of network data. Despite the vast differences in scale, these two systems must address similar application requirements and resource constraints. In this talk I will describe the theory and practice of these two systems, present results, and address the implications of new storage models for the future of operating systems research.


    Peter Desnoyers received his PhD this fall from the University of Massachusetts, Amherst, under the supervision of Prashant Shenoy; his research interests are in the area of operating systems and storage. Prior to UMass he spent fifteen years in industry, and holds two patents. He is currently at VMware.

  • Monday, March 17th, 10 AM
    Speaker: Jakob Eriksson, MIT
    Title: WiFi on the Road - Real-World Performance and Applications
    Location: Room 212, Roberts Building, UCL


    Open WiFi connectivity is widely available today, even, or perhaps particularly, to moving vehicles. However, our experiments with 25 taxis in the Boston area have shown that encounters with such access points tend to be brief, on the order of 5-10 seconds, and signal quality tends to be poor, experiencing 30% packet losses on average. In the first part of my talk, I will present the QuickWiFi connection manager and the CarTel transport protocol, both designed to withstand these adverse conditions. Using these, we are able to achieve an averaged throughput of 38 Mb/hour, or 80kbit/s, from moving vehicles.

    This free, high-capacity vehicular connectivity enables a wide range of new applications, including various forms of mobile sensing and in- car media. One application of particular interest to the CarTel group is traffic congestion monitoring. In the second part of my talk, I will describe a system for WiFi-based street-by-street vehicle trajectory estimation. By using WiFi for both sensing and connectivity, it is possible to turn any WiFi-enabled device into a "traffic congestion probe." Deployed in large scale, this enables an extremely low-cost method of measuring street congestion levels, city- wide.


    Jakob Eriksson is a postdoctoral associate in the CarTel group at MIT CSAIL. He received his Ph.D. from UC Riverside in 2006. Before that, he graduated with an M.Sc. from the Royal Institute of Technology (KTH) in Stockholm, Sweden. His research interests include vehicular networking and mobile sensing, routing and security in wired and wireless networks.

  • Tuesday, March 18th, 2 PM
    Speaker: Brighten Godfrey, UC Berkeley
    Title: Stabilizing Internet Routing, or, A Story of Heterogeneity
    Location: Room 6.12, CS Department (Malet Place Engineering Building), UCL


    A significant cause of the unreliability of end-to-end communications on the Internet is route instability: dynamic changes in routers' selected paths. Instability is becoming even more problematic due to the increasing prevalence of real-time applications and concerns about the scalability of the Internet routing architecture. Yet Route Flap Damping, the main mechanism for combating instability, has introduced unexpected pathologies and reduced availability.

    This talk describes a more principled approach to stabilizing Internet routing. We identify general approaches to achieve stability, and quantify their inherent tradeoffs with other objectives via upper and lower bounds. I will describe Stable Route Selection (StaRS), a new approach which uses flexibility in route selection to improve stability without sacrificing availability. Simulation and experimental results show that StaRS improves stability and end-to-end reliability while deviating only slightly from preferred routes, and closely approaching our theoretical lower bound. These results indicate that StaRS is a promising, easily deployable way to safely stabilize Internet routing.

    StaRS's stability improvements are enabled by dramatic heterogeneity in route failure patterns. I will present the case that StaRS is an instance of a much more general principle: that heterogeneity--variation in reliability, processing speed, bandwidth, or other metrics --should quite often be viewed as an advantage. This thesis is supported by practical and theoretical results in a variety of settings including distributed hash tables, overlay multicast, and job scheduling.


    Brighten Godfrey's research concerns distributed and networked systems, including Internet routing architecture, distributed algorithms, analysis of networks, peer-to-peer systems and overlay networks. He is presently a Ph.D. candidate advised by Ion Stoica at UC Berkeley.

  • Wednesday, March 19th, 2 PM
    Speaker: Kyle Jamieson, MIT
    Title: A Shift from Packets to Symbols in Wireless Systems
    Location: Watson Lecture Theatre, Medawar Building, UCL


    At an increasing rate, we are using wireless systems to communicate with others and retrieve content of interest to us. Current wireless technologies such as WiFi or Zigbee use forward error correction to drive bit error rates down when there are few interfering transmissions. However, as more of us use wireless networks to retrieve increasingly rich content, interference increases in unpredictable ways. This results in errored bits, degraded throughput, and eventually, an unusable network. I will argue that this is the result of higher layers working at the packet granularity, whereas they would benefit from a shift in perspective from whole packets to individual symbols.

    From real-world experiments on a 31-node Zigbee/software radio testbed, I find that often, not all of the bits in corrupted packets share fate. Thus, today's wireless protocols retransmit packets where only a small number of the constituent bits in a packet are in error, wasting network resources. I will describe a physical layer that passes information about its confidence in each decoded symbol up to higher layers. These SoftPHY hints have many applications, one of which I will describe in detail. PP-ARQ is a linklayer ARQ protocol that allows a receiver to compactly encode a request for retransmission of only the bits in a packet that are likely in error. My experimental results show that PP-ARQ increases aggregate network throughput by a factor of approximately 2x under various conditions. Finally, I will place PP-ARQ in context in terms of other systems work I have undertaken to adapt to the harsh wireless channel, and discuss other uses of SoftPHY.


    Kyle Jamieson received the B.S. degree in mathematics (2000), the B.S. degree in computer science (2001), and the M.Eng. degree in computer science (2002) from the Massachusetts Institute of Technology (Cambridge, MA). He is currently a Ph.D. student at the MIT Computer Science and Artificial Intelligence Laboratory. His current research interests are in networked and wireless systems, with an emphasis on the interaction of wireless systems with the physical layer. In prior work, he has examined energy efficiency, medium access control, and congestion control in wireless networks. His research advisor is Prof. Hari Balakrishnan.