go back to the main page

 SSS Abstracts 
Fall 2001

go back to the main page

Securing Programmable Routers with Access Control

Friday, September 7th, 2001 from 12-1 pm in WeH 4615.

Presented by Jun Gao,

Unlike routers in a traditional network, routers in a programmable network can be programmed and their functionality can thus be dynamically extended through the use of third-party programs, sometimes known as active extensions. This open architecture, on the one hand, facilitates the deployment of new network services and protocols, and makes it possible for end-users to customize routers' behavior regarding the processing of their traffic; on the other hand, also brings up serious security and safety issues, which must be dealt with properly before programmable routers can be deployed in the real world environment.

In this talk, I will focus on the security challenges faced by programmable networks. The specific question being addressed is how to limit what resources active extensions can access on a programmable router, hence to protect services provided by the router from being disrupted by the extensions. While existing operating systems provide adequate mechanisms to protect resources on end-hosts, they typically do not handle resources that are unique to routers. I will present the design and implementation of a secure router architecture in which active extensions' access to two types of router-unique resources, namely routers' link bandwidth and end-users' traffic passing through routers, are guarded by access control lists (ACLs). Each active extension to be executed on a router is granted by a trusted authority a set of permissions on the resources that the extension requires to access. Programmable routers then check all active extensions' operations that may affect the use of link bandwidth, or may involve access to user traffic, and allow only the ones that are permitted by the corresponding access control list. We implemented the access control mechanisms in the Darwin system, an example of a programmable network.

A Web-Tier Framework for Enterprise Business Applications

Friday, September 28th, 2001 from 12-1 pm in WeH 4623.

Presented by Takahide Matsutsuka,

In this talk I am going to have a brief explaination of my educational/industrial background and a recent research in Japan. One of my research interests is software architecture for web-enabled enterprise business applications. Development of a web-tier of these applications is an especially burdensome task because the number of screens tends to be large. But current environments for developing web-tier(e.g. ASP, JSP, Servlet) themselves don't have sufficient mechanism to help developers. I addressed this problem by creating a framework which separated the whole logic into presentations, data and logics. In our evaluation, the framework decreased most of the code which needed maintenance as logic, and a real application which has 500+ screens was successfully developed in short term using the framework. Now the framework is sold as a product in Japan.

Online Algorithms for Market Clearing

Friday, October 26th, 2001 from 12-1 pm in WeH 4623.

Presented by Martin Zinkevich,

Imagine that Wonderbots are the new hot toy for kid's birthdays, and every child wants a Wonderbot. You run a website, and decide that you will run an online forum where people can buy and sell Wonderbots.

I will present the problem of online market clearing where there is one commodity in the market, being bought and sold by multiple buyers and sellers who submit buy and sell bids that arrive and expire at different times. The auctioneer is faced with an online clearing problem of deciding which buy and sell bids to match without knowing what bids will arrive in the future.

This is joint work with Avrim Blum and Tuomas Sandholm.

Improving Performance of Web Servers Under Overload

Friday, November 9th, 2001 from 12-1 pm in WeH 4623.

Presented by Bianca Schroeder,

Most well-managed web servers perform well most of the time. Occasionally, however, every popular web server experiences transient overload. An overloaded web server typically displays signs of its affliction within a few seconds. Work enters the web server at a greater rate than the web server can complete it, causing the number of connections at the server to build up. This implies large delays for clients accessing the server.

In this talk we propose and evaluate a particular kernel-level solution for improving the performance of web servers under overload. The solution is based on SRPT connection scheduling. Second, we provide a systematic performance study of exactly what happens when a web server is run under transient overload, both from the perspective of the server and from the perspective of the client.

We show that SRPT-based scheduling improves overload performance across a variety of client and server-oriented metrics.

This work is joint with Mukesh Agrawal, Nikhil Bansal and Mor Harchol-Balter.

This talk is in partial fulfillment of the speaking requirement.

Applying Connector Transformations

Friday, November 16th, 2001 from 12-1 pm in WeH 4623.

Presented by Bridget Spitznagel,

Today, software systems are often constructed from independently developed parts (components). This kind of construction relies on the use of interaction mechanisms (connectors) that allow those parts to communicate, and thus enable the system to function. Generic communication mechanisms (such as RPC and publish-subscribe) are readily available.

Often, however, just getting the system to function isn't enough: your software system may need to have specific extra-functional properties, such as high reliability, decent performance, or good security. In order to achieve these properties, you may require specialized connectors that aren't readily available (and could be difficult and costly to implement by hand).

I will describe a set of operators that can transform existing generic communication mechanisms by incrementally adding new capabilities. These transformations can be used to generate implementations of new, specialized types of connectors; I have used connector transformations to incorporate some common dependability-enhancing modifications into software systems that use Java RMI. Note: There will be no giant orbital lasers in this talk.

Extending Shape-from-Motion to Noncentral Omnidirectional Cameras

Friday, November 30th, 2001 from 12-1 pm in WeH 4623.

Presented by Dennis Strelow,

Algorithms for shape-from-motion simultaneously estimate camera motion and scene structure. When extended to omnidirectional cameras, which combine a conventional camera with a convex mirror, shape-from-motion algorithms are likely to provide robust motion estimates, in particular, because of the camera's wide field of view. In this talk, I'll describe both batch and online shape-from-motion algorithms for omnidirectional cameras, and a precise calibration technique that improves the accuracy of both methods.

The shape-from-motion and calibration methods are general and handle a wide variety of omnidirectional camera geometries. In particular, the methods do not require that the camera-mirror combination have a single center of projection. I will describe a noncentral camera that we have developed, and show experimentally that combining shape-from-motion with this design produces highly accurate motion estimates.

Auctions with Computationally Limited Bidding Agents

Friday, December 7th, 2001 from 12-1 pm in WeH 4623.

Presented by Katherine Larson,

Game theory provides a way of designing and analyzing systems with multiple agents in order to guarantee certain desirable outcomes. However, traditional game theory often assumes that agents are fully rational, that is they have no limits on their computational capabilities. In many real world settings this assumption is too strong. Instead agents are boundedly rational. Agents may have time and cost constraints that hinder them in determining what optimal actions to take or what their optimal payoffs could be.

Auctions provide efficient and distributed ways of allocating goods and tasks among agents. In this talk I will discuss optimal strategies for computationally limited bidding agents, where they must use their limited computing resources in order to determine valuations for bundles of items being auctioned. I will show that the model of bounded rationality impacts the agents' equilibrium strategies and so must be considered when designing mechanisms for computationally limited agents.

Web contact: sss+www@cs