CSL seminars - Fall 2012

Location and time: BA5256, Friday 12-1pm





Sep 21

Beom Heyn (Ben) Kim

Unity: Secure and Durable Personal Cloud Storage

Unity provides secure and durable storage for personal data that does not depend on the security or availability of a central service. Instead, Unity exploits the trend towards users having more personal computing devices and the increasing amounts of storage available on those devices. This motivates the design of Unity, which does not store data on the cloud provider at all, but instead leverages the availability of the cloud provider to mount a coordination service that enables a user's devices to provide durable storage for the user's data themselves.

Presenter Bio: Ben is a 2nd year Computer Science PhD student and his supervisor is Prof. David Lie. He completed his Bachelor and Master at the University of Toronto. His research interest is building secure personal cloud systems.

Sep 28

Afshar Ganjali

Auditing Cloud Administrators Using Information Flow Tracking

In the last few years, cloud computing has evolved from being a promising business concept to one of the fastest growing segments of the IT industry. However, one impediment to widespread adoption by enterprise customers is the threat of attack by a malicious cloud administrator. To address this security and privacy challenge, we propose H-one, a new auditing mechanism for cloud. H-one uses information flow tracking techniques to implement complete, efficient and privacy-preserving logs that will enable the auditing of the administrators of the cloud infrastructure, thus increasing the customer's trust in cloud services.

Presenter Bio: Afshar is a 3rd year PhD student in the Computer Engineering department at University of Toronto. He is working with Professor David Lie. He got his MASc degree from University of Waterloo and his current research is on security and privacy issues in the cloud environments.

Oct 5

Kathy Au

PScout: Analyzing the Android Permission Specification

Modern smartphone operating systems (OSs) have been developed with a greater emphasis on security and protecting privacy. One of the mechanisms these systems use to protect users is a permission system, which requires developers to declare what sensitive resources their applications will use, has users agree with this request when they install the application and constrains the application to the requested resources during runtime. As these permission systems become more common, questions have risen about their design and implementation.

In this work, we perform an analysis of the permission system of the Android smartphone OS in an attempt to begin answering some of these questions. Because the documentation of Android's permission system is incomplete and because we wanted to be able to analyze several versions of Android, we developed PScout, a tool that extracts the permission specification from the Android OS source code using static analysis. PScout overcomes several challenges, such as scalability due to Android's 3.4 million line code base, accounting for permission enforcement across processes due to Android's use of IPC, and abstracting Android's diverse permission checking mechanisms into a single primitive for analysis.

We use PScout to analyze 4 versions of Android spanning version 2.2 up to the recently released Android 4.0. Our main findings are that while Android has over 75 permissions, there is little redundancy in the permission specification. However, if applications could be constrained to only use documented APIs, then about 22% of the non-system permissions are actually unnecessary. Finally, we find that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permission specification as the Android OS evolves.

Presenter Bio: Kathy is a second year Master student supervised by Professor David Lie. She completed her Bachelor degree in the University of Toronto in the Engineering Science program. Her research interest is on mobile devices security with a special focus on Android permission system.

Oct 19

Phillipa Gill

A Survey of Interdomain Routing Policies

Research on interdomain routing often requires models of BGP routing policies. However, the state-of-the-art BGP routing policy models, that are used by most researchers, have now been around for more than a decade. Do the assumptions made in these models make sense, or have things changed?

To answer this question, we ran a preliminary survey on the routing policies used by 100 network operators. In this short talk, we'll present the results of this survey, and solicit more feedback from network operators so that we can develop more accurate models. We hope this short talk will spur lively discussion from NANOG participants, and inform the questions we ask and the models we develop in future studies of BGP routing.

Presenter Bio: Phillipa Gill is post doctoral fellow with the Citizen Lab at the University of Toronto. Her main research area is computer networks with a focus on network measurement and characterization. She uses network measurement and data analysis to improve security and reliability of networks. She completed her Ph.D. at the University of Toronto in 2012 and holds an M.Sc. and B.Sc. in Computer Science from the University of Calgary. During her Ph.D., she spent time as a visiting researcher at AT&T Labs--Research, Boston University, and Microsoft Research.

Oct 26

Monia Ghobadi

Rethinking End-to-End Congestion Control in Software-Defined Networks

TCP is designed to operate in a wide range of networks. Without any knowledge of the underlying network and traffic characteristics, TCP is doomed to continuously increase and decrease its congestion window size to embrace changes in network or traffic. In light of emerging popularity of centrally controlled Software- Defined Networks (SDNs), one might wonder whether we can take advantage of the global network view available at the controller to make faster and more accurate congestion control decisions. In this paper, we identify the need and the underlying requirements for a congestion control adaptation mechanism. To this end, we propose OpenTCP as a TCP adaptation framework that works in SDNs. OpenTCP allows network operators to define rules for tuning TCP as a function of network and traffic conditions. We also present a preliminary implementation of OpenTCP in a 4000 node data center.

Presenter Bio: Monia is PhD candidate in Systems and Networking group at University of Toronto. Her research interests are in the general area of computer networking, including data center networking, transport protocols, switch and router architecture, resource management, network measurement, and online social networks. In the past she worked on sizing buffers in Internet routers.

Thursday, Nov 1, 2-3pm

Yazan Boshmaf

Design and Analysis of a Social Botnet

The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. Advances in artificial intelligence make it feasible to design bots that sense, think and act cooperatively in social settings just like human beings. In the wrong hands, these bots can be used to infiltrate online communities, build up trust over time and then send personalized messages to elicit information, sway opinions and call to action. In this talk, I will present an evaluation of how vulnerable Online Social Networks (OSNs) are to large-scale infiltration by socialbots: bots that control hijacked or adversary-owned OSN accounts and mimic the actions of real users. Specifically, I will describe one way to design and build a Socialbot Network (SbN): a group of programmable socialbots that are orchestrated in a command-and-control fashion. I will next present an analysis of users behavior in response to a large-scale infiltration using such an SbN, along with the corresponding security and privacy implications. Finally, I will close this talk by discussing how defending against socialbots raises a set of unique challenges that relate to web automation, online-offline identity binding and usable security.

Presenter Bio: Yazan Boshmaf is currently a PhD student at the University of British Columbia, Canada. He received his M.Sc. degree in Information Technology from the University of Stuttgart, Germany in 2008. His current research focuses on the security of large-scale social and information networks. Beyond that, Yazan's research experience spans cross-disciplinary areas such as parallel and distributed systems, databases, and ubiquitous computing. He is a funded research member of the Canadian NSERC Internetworked Systems Security Network (ISSNet) and GRAND Network of Centers of Excellence (NCE), and is a holder of many awards and scholarships including an institutional doctoral fellowship.

Friday, Nov 2, usual time: 12-1pm

Bogdan Simion

Surveying the Landscape: An In-Depth Analysis of Spatial Database Workloads

Spatial databases are increasingly important for a wide variety of real-world applications, such as land surveying, urban planning, cartography and location-based services. However, spatial database workload properties are not well-understood. For example, it is unknown to what degree one spatial application resembles another in terms of resource demand, or how the demand will change as more concurrent queries (i.e., more users) are added. We show that spatial workloads have a different CPU execution profile than wellstudied decision support workloads, as represented by TPC-H.

We present a framework to automatically classify spatial queries and characterize spatial workload mixes. We first analyze the resource consumption (i.e., computation and I/O) of a representative set of spatial queries, which are then classified into five distinct categories. Next, we create five homogeneous spatial workloads, each composed of queries from one of these classes. We then vary database-specific parameters (e.g., the buffer pool size) and workload specific parameters (e.g., the query mix), to characterize a workload in terms of CPU utilization and I/O activity trends.

We study workloads simulating real-world spatial database applications and show how our framework can classify them and predict resource utilization trends under various settings. This can provide clues to the database administrator regarding which resources are heavily contended and can guide resource upgrades. We further validate our approach by applying it to a much larger dataset, and to a second DBMS.

Presenter Bio: Bogdan is a 3rd year PhD student in the Department of Computer Science at University of Toronto, under the supervision of professor Angela Demke Brown. His research interests are in the area of distributed systems with a focus on spatial and parallel databases.

Tuesday, Nov 27, 1-2pm !!

Adam Wierman

Algorithmic challenges for greening data centers

Given the significant energy consumption of data centers, improving their energy efficiency is an important social problem. However, energy efficiency is necessary but not sufficient for sustainability, which demands reduced usage of energy from fossil fuels. In this talk, I will describe some recent work highlighting the algorithmic challenges associated with "greening" data centers. We will focus on two applications:(i) dynamic resizing within a data center; and (ii) geographical load balancing across an Internet-scale system. In both contexts I will present our new algorithms, which provide significantly improved performance guarantees when compared with the "standard" approaches using Receding Horizon Control. Additionally, if time allows, I will briefly discuss the our recent progress toward the implementation and evaluation of these algorithms in HP data centers.

Presenter Bio: Adam Wierman is a Professor in the Department of Computing and Mathematical Sciences at the California Institute of Technology, where he is a member of the Rigorous Systems Research Group (RSRG). His research interests center around resource allocation and scheduling decisions in computer systems and services. He received the ACM SIGMETRICS Rising Star award in 2011, and has been co-recipient of best paper awards at ACM SIGMETRICS, IEEE INFOCOM, IFIP Performance, the IEEE Green Computing Conference, and ACM GREENMETRICS. He was named a Seibel Scholar, received an Okawa Foundation grant, and received an NSF CAREER grant. Additionally, he has received multiple teaching awards, including the Associated Students of the California Institute of Technology (ASCIT) Teaching Award.