Beom Heyn (Ben) Kim
Unity: Secure and Durable Personal Cloud Storage
Unity provides secure and durable storage for personal data
that does not depend on the security or availability of a central
service. Instead, Unity exploits the trend towards users
having more personal computing devices and the increasing
amounts of storage available on those devices. This motivates
the design of Unity, which does not store data on the
cloud provider at all, but instead leverages the availability
of the cloud provider to mount a coordination service that
enables a user's devices to provide durable storage for the
user's data themselves.
Ben is a 2nd year Computer Science PhD student and his supervisor is Prof. David Lie.
He completed his Bachelor and Master at the University of Toronto.
His research interest is building secure personal cloud systems.
Auditing Cloud Administrators Using Information Flow Tracking
In the last few years, cloud computing has evolved from being a promising
business concept to one of the fastest growing segments of the IT industry.
However, one impediment to widespread adoption by enterprise customers is
the threat of attack by a malicious cloud administrator. To address this
security and privacy challenge, we propose H-one, a new auditing mechanism
for cloud. H-one uses information flow tracking techniques to implement
complete, efficient and privacy-preserving logs that will enable the auditing
of the administrators of the cloud infrastructure, thus increasing the
customer's trust in cloud services.
Afshar is a 3rd year PhD student in the Computer Engineering department at
University of Toronto. He is working with Professor David Lie. He got his
MASc degree from University of Waterloo and his current research is on
security and privacy issues in the cloud environments.
PScout: Analyzing the Android Permission Specification
Modern smartphone operating systems (OSs) have been developed
with a greater emphasis on security and protecting privacy.
One of the mechanisms these systems use to protect users is
a permission system, which requires developers to declare what
sensitive resources their applications will use, has users agree
with this request when they install the application and constrains
the application to the requested resources during runtime.
As these permission systems become more common, questions have
risen about their design and implementation.
In this work, we perform an analysis of the permission system
of the Android smartphone OS in an attempt to begin answering
some of these questions. Because the documentation of Android's
permission system is incomplete and because we wanted to be able
to analyze several versions of Android, we developed PScout,
a tool that extracts the permission specification from the Android
OS source code using static analysis.
PScout overcomes several challenges, such as scalability due to
Android's 3.4 million line code base, accounting for permission
enforcement across processes due to Android's use of IPC, and
abstracting Android's diverse permission checking mechanisms
into a single primitive for analysis.
We use PScout to analyze 4 versions of Android spanning version
2.2 up to the recently released Android 4.0. Our main findings
are that while Android has over 75 permissions, there is little
redundancy in the permission specification. However, if applications
could be constrained to only use documented APIs, then about 22%
of the non-system permissions are actually unnecessary.
Finally, we find that a trade-off exists between enabling least-privilege
security with fine-grained permissions and maintaining stability of the
permission specification as the Android OS evolves.
Kathy is a second year Master student supervised by Professor David Lie.
She completed her Bachelor degree in the University of Toronto in the
Engineering Science program. Her research interest is on mobile devices
security with a special focus on Android permission system.
A Survey of Interdomain Routing Policies
Research on interdomain routing often requires models of BGP
routing policies. However, the state-of-the-art BGP routing
policy models, that are used by most researchers, have now been
around for more than a decade. Do the assumptions made in these
models make sense, or have things changed?
To answer this question, we ran a preliminary survey on the
routing policies used by 100 network operators. In this short
talk, we'll present the results of this survey, and solicit
more feedback from network operators so that we can develop
more accurate models. We hope this short talk will spur lively
discussion from NANOG participants, and inform the questions
we ask and the models we develop in future studies of BGP routing.
Phillipa Gill is post doctoral fellow with the Citizen Lab
at the University of Toronto. Her main research area is
computer networks with a focus on network measurement and
characterization. She uses network measurement and data
analysis to improve security and reliability of networks.
She completed her Ph.D. at the University of Toronto in 2012
and holds an M.Sc. and B.Sc. in Computer Science from the
University of Calgary. During her Ph.D., she spent time as
a visiting researcher at AT&T Labs--Research, Boston University,
and Microsoft Research.
Rethinking End-to-End Congestion Control in Software-Defined Networks
TCP is designed to operate in a wide range of networks.
Without any knowledge of the underlying network and
traffic characteristics, TCP is doomed to continuously
increase and decrease its congestion window size to
embrace changes in network or traffic. In light of
emerging popularity of centrally controlled Software-
Defined Networks (SDNs), one might wonder whether
we can take advantage of the global network view available
at the controller to make faster and more accurate
congestion control decisions. In this paper, we identify
the need and the underlying requirements for a congestion
control adaptation mechanism. To this end, we
propose OpenTCP as a TCP adaptation framework that
works in SDNs. OpenTCP allows network operators to
define rules for tuning TCP as a function of network
and traffic conditions. We also present a preliminary
implementation of OpenTCP in a 4000 node data center.
Monia is PhD candidate in Systems and Networking group
at University of Toronto. Her research interests are in
the general area of computer networking, including data
center networking, transport protocols, switch and router
architecture, resource management, network measurement,
and online social networks. In the past she worked on
sizing buffers in Internet routers.
Thursday, Nov 1, 2-3pm
Design and Analysis of a Social Botnet
The ease with which we adopt online personas and relationships has created a soft spot
that cyber criminals are willing to exploit. Advances in artificial intelligence make
it feasible to design bots that sense, think and act cooperatively in social settings
just like human beings. In the wrong hands, these bots can be used to infiltrate online
communities, build up trust over time and then send personalized messages to elicit
information, sway opinions and call to action. In this talk, I will present an evaluation
of how vulnerable Online Social Networks (OSNs) are to large-scale infiltration by
socialbots: bots that control hijacked or adversary-owned OSN accounts and mimic the
actions of real users. Specifically, I will describe one way to design and build a
Socialbot Network (SbN): a group of programmable socialbots that are orchestrated in
a command-and-control fashion. I will next present an analysis of users behavior in
response to a large-scale infiltration using such an SbN, along with the corresponding
security and privacy implications. Finally, I will close this talk by discussing how
defending against socialbots raises a set of unique challenges that relate to web
automation, online-offline identity binding and usable security.
Yazan Boshmaf is currently a PhD student at the University of British Columbia, Canada.
He received his M.Sc. degree in Information Technology from the University of Stuttgart,
Germany in 2008. His current research focuses on the security of large-scale social and
information networks. Beyond that, Yazan's research experience spans cross-disciplinary
areas such as parallel and distributed systems, databases, and ubiquitous computing.
He is a funded research member of the Canadian NSERC Internetworked Systems Security Network
(ISSNet) and GRAND Network of Centers of Excellence (NCE), and is a holder of many awards
and scholarships including an institutional doctoral fellowship.
Friday, Nov 2, usual time: 12-1pm
Surveying the Landscape: An In-Depth Analysis of Spatial Database Workloads
Spatial databases are increasingly important for a wide variety of
real-world applications, such as land surveying, urban planning,
cartography and location-based services. However, spatial database
workload properties are not well-understood. For example, it is
unknown to what degree one spatial application resembles another
in terms of resource demand, or how the demand will change as
more concurrent queries (i.e., more users) are added. We show that
spatial workloads have a different CPU execution profile than wellstudied
decision support workloads, as represented by TPC-H.
We present a framework to automatically classify spatial queries
and characterize spatial workload mixes. We first analyze the resource
consumption (i.e., computation and I/O) of a representative
set of spatial queries, which are then classified into five distinct
categories. Next, we create five homogeneous spatial workloads,
each composed of queries from one of these classes. We then
vary database-specific parameters (e.g., the buffer pool size) and
workload specific parameters (e.g., the query mix), to characterize
a workload in terms of CPU utilization and I/O activity trends.
We study workloads simulating real-world spatial database applications
and show how our framework can classify them and predict
resource utilization trends under various settings. This can provide
clues to the database administrator regarding which resources
are heavily contended and can guide resource upgrades. We further
validate our approach by applying it to a much larger dataset, and
to a second DBMS.
Bogdan is a 3rd year PhD student in the Department of Computer Science
at University of Toronto, under the supervision of professor Angela Demke Brown.
His research interests are in the area of distributed systems with a
focus on spatial and parallel databases.
Tuesday, Nov 27, 1-2pm !!
Algorithmic challenges for greening data centers
Given the significant energy consumption of data centers,
improving their energy efficiency is an important social problem.
However, energy efficiency is necessary but not sufficient for
sustainability, which demands reduced usage of energy from fossil
fuels. In this talk, I will describe some recent work highlighting the
algorithmic challenges associated with "greening" data centers. We
will focus on two applications:(i) dynamic resizing within a data
center; and (ii) geographical load balancing across an Internet-scale
system. In both contexts I will present our new algorithms, which
provide significantly improved performance guarantees when compared
with the "standard" approaches using Receding Horizon Control.
Additionally, if time allows, I will briefly discuss the our recent
progress toward the implementation and evaluation of these algorithms
in HP data centers.
Adam Wierman is a Professor in the Department of Computing and
Mathematical Sciences at the California Institute of Technology, where
he is a member of the Rigorous Systems Research Group (RSRG). His
research interests center around resource allocation and scheduling
decisions in computer systems and services. He received the ACM
SIGMETRICS Rising Star award in 2011, and has been co-recipient of
best paper awards at ACM SIGMETRICS, IEEE INFOCOM, IFIP Performance,
the IEEE Green Computing Conference, and ACM GREENMETRICS. He was named a
Seibel Scholar, received an Okawa Foundation grant, and received an
NSF CAREER grant. Additionally, he has received multiple teaching
awards, including the Associated Students of the California Institute
of Technology (ASCIT) Teaching Award.