Thursday, April 23, 2009

NSDI 2009, Day Two

NSDI marches on. A couple of my favorite talks from today:

Tolerating Latency in Replicated State Machines Through Client Speculation
Benjamin Wester, University of Michigan; James Cowling, MIT CSAIL; Edmund B. Nightingale, Microsoft Research; Peter M. Chen and Jason Flinn, University of Michigan; Barbara Liskov, MIT CSAIL

In this paper, the authors propose to permit clients to speculate on the result of a replicated operation assuming the response from the first server is correct. Although this seems like an obvious idea, it's well executed here. Of course, it requires that clients also implement checkpoint and rollback in case the speculation was incorrect. To avoid side-effecting operations from triggering before the true result of the speculation is known, dependent requests can carry a predicate tied to the result of a previous speculation; this effectively forces a "collapse of the wave function" (as I think of it), forcing the servers to finalize the agreement.

Studying Spamming Botnets Using Botlab
John P. John, Alexander Moshchuk, Steven D. Gribble, and Arvind Krishnamurthy, University of Washington

Botnets are a huge problem and are responsible for a great deal of spam and DDoS attacks. This paper focuses on the problem of intercepting malicious binaries and observing a botnet's behavior in a safe environment. (This is not a trivial problem: 10 bot instances running in their sandbox generate 6 million emails a day!) It turns out that many botnets propagate through social engineering rather than exploiting security holes in software. Therefore the authors collect binaries by intercepting spam. Some clever techniques are involved, such as the use of network connection fingerprints to determine if two potentially malicious binaries are the same (a simple hash on the binary won't work). They also test binaries to see if they do VMM detection by running one instance under a real Windows XP machine and another on VMWare, and compare the network signatures they produce.

This was a very cool talk (and I can't wait to read the paper). My only concern is that the authors might find a few tough guys with Slavic features carrying Kalashnikovs outside of their offices one day...

No comments:

Post a Comment