Continuous monitoring methods to achieve resiliency for virtual machines

This dissertation describes monitoring methods to achieve both security and reliability in virtualized computer systems. Our key contribution is showing how we can perform continuous monitoring and leverage information across different layers of a virtualized computer system to detect malicious attacks and accidental failures. For monitoring software running inside a virtual ma- chine, we introduce HyperTap and Hprobes, which are out-of-VM monitoring frameworks that facilitate detection of security and reliability incidents oc- curring inside a VM. For monitoring the hypervisor, we introduce hShield, a Control-Flow Integrity (CFI) enforcement method to detect VM-escape at- tacks. HyperTap, Hprobes, and hShield create a complete chain-of-trust for the entire virtualization software stack

DEPEND: A Simulation-Based Environment for System Level Dependability Analysis

Coordinated Science Laboratory was formerly known as Control Systems LaboratoryNational Aeronautics and Space Administration / NASA NAG-1-613 and NASA NGT-5083

APUS: Fast and Scalable PAXOS on RDMA

State machine replication (SMR) uses Paxos to enforce the same inputs for a program (e.g., Redis) replicated on a number of hosts, tolerating various types of failures. Unfortunately, traditional Paxos protocols incur prohibitive performance overhead on server programs due to their high consensus latency on TCP/IP. Worse, the consensus latency of extant Paxos protocols increases drastically when more concurrent client connections or hosts are added. This paper presents APUS, the first RDMA-based Paxos protocol that aims to be fast and scalable to client connections and hosts. APUS intercepts inbound socket calls of an unmodified server program, assigns a total order for all input requests, and uses fast RDMA primitives to replicate these requests concurrently. We evaluated APUS on nine widely-used server programs (e.g., Redis and MySQL). APUS incurred a mean overhead of 4.3% in response time and 4.2% in throughput. We integrated APUS with an SMR system Calvin. Our Calvin-APUS integration was 8.2X faster than the extant Calvin-ZooKeeper integration. The consensus latency of APUS outperformed an RDMA-based consensus protocol by 4.9X. APUS source code and raw results are released on github. com/hku-systems/apus.published_or_final_versio

Design for dependability: A simulation-based approach

This research addresses issues in simulation-based system level dependability analysis of fault-tolerant computer systems. The issues and difficulties of providing a general simulation-based approach for system level analysis are discussed and a methodology that address and tackle these issues is presented. The proposed methodology is designed to permit the study of a wide variety of architectures under various fault conditions. It permits detailed functional modeling of architectural features such as sparing policies, repair schemes, routing algorithms as well as other fault-tolerant mechanisms, and it allows the execution of actual application software. One key benefit of this approach is that the behavior of a system under faults does not have to be pre-defined as it is normally done. Instead, a system can be simulated in detail and injected with faults to determine its failure modes. The thesis describes how object-oriented design is used to incorporate this methodology into a general purpose design and fault injection package called DEPEND. A software model is presented that uses abstractions of application programs to study the behavior and effect of software on hardware faults in the early design stage when actual code is not available. Finally, an acceleration technique that combines hierarchical simulation, time acceleration algorithms and hybrid simulation to reduce simulation time is introduced

An architecture for trustworthy services built on event based probing of untrusted guests

Numerous event-based probing methods exist for cloud computing environments allowing a trusted hypervisor to gain insight into guest activities. Such event based probing has been shown to be useful for detecting attacks, system hangs through watchdogs, and also for inserting exploit detectors before a system can be patched, among others. In this paper, we illustrate how to use such probing for trustworthy logging and highlight some of the challenges that existing event based probing mechanisms do not address. These challenges include ensuring a probe inserted at given address is trustworthy despite the lack of attestation available for probes that have been inserted dynamically. We show how probes can be inserted to ensure proper logging of every invocation of a probed instruction. When combined with attested boot of the hypervisor and guest machines, we can ensure the output stream of monitored events is trustworthy. Using these techniques we build a trustworthy log of certain guest-system-call events powering a cloud-tuned Intrusion Detection System (IDS). Additionally, we identify new types of events that must be added to existing probing systems to ensure attempts to circumvent probes within the guest appear in the log. We highlight the overhead penalties paid by guests to ensure log completeness when faced with probabilistic attacks and show promising results (less that 10% for guests) when a guest is willing to relax the trade-off between log completeness and overhead. Our demonstrative IDS shows the ability to detect common attack scenarios with simple policies built using our guest behavior recording system

Dependability of Wireless Sensor Networks

As wireless sensor networks (WSNs) are becoming ever more prevalent, the runtime characteristics of these networks are becoming an increasing issue. Commonly, external sources of interference make WSNs behave in a different manner to that expected from within simplistic simulations, resulting in the need to use additional systems which monitor the state of the network. Despite dependability of WSNs being an increasingly important issue, there are still only a limited number of works within this specific field, with the majority of works focusing on ensuring that specific devices are operational, not the application as a whole. This work instead aims to look at the dependability of WSNs from an application-centric view, taking into account the possible ways in which the application may fail and using the application's requirements to focus on assuring dependability

Factors Influencing the Adoption of Learning Management Systems by Medical Faculty

Despite recommendations by the Association of American Medical Colleges regarding the adoption of technology in medical universities, faculty are still reluctant to adopt new learning technologies. The purpose of this qualitative interview study was to determine the factors existing in the adoption of learning management technology among late adopters within the faculty of colleges labeled as comprehensive academic medical centers. Using the Everett Rogers diffusion of innovations theory as its framework, this study sought to ascertain the factors late adopters identify as preventing them from adopting technology and to determine what measures they suggest to increase technology adoption among their peers. This qualitative study used interviews of participants identified as late adopters and subsequent document analysis to provide evidence for the factors identified. Using in vivo coding, data were organized into 5 themes: factors, learning management systems, demographics, general technology, and solutions. Results showed that late adopters avoided adopting learning management technology for several reasons including training, time, ease of use, system changes, lack of technical support, disinterest, and the sense that the technology does not meet their needs. Recommended solutions offered by faculty included varied times for trainings, peer mentoring, and modeling learning management system use among faculty. Understanding these factors may contribute to social change by leading to more rapid adoption and thus introducing efficiencies such that faculty can dedicate more time to medical instruction. It also may aid other universities when considering the adoption of a learning management system

Use case scenarios and preliminary reference model

This document provides the starting point for the development of dependability solutions in the HIDENETS project with the following contents: (1) A conceptual framework is defined that contains the relevant terminology, threats and general requirements. This framework is a HIDENETS relevant subset of existing state-of-the-art views in the scientific dependability community. Furthermore, the dependability framework contains a first list of relevant functionalities in the communication and middleware level, which will act as input for the architectural discussions in HIDENETS work packages (WPs) 2 and 3. (2) A set of 17 applications with HIDENETS relevance is identified and their corresponding dependability requirements are derived. These applications belong mostly to the class of car-tocar and car-to-infrastructure services and have been selected due to their different types of dependability needs. (3) The applications have been grouped in six HIDENETS use cases, each consisting of a set of applications. The use cases will be the basis for the development of the dependability solutions in all other WPs. Together with a description of each use-case, application-specific architectural aspects are identified and corresponding failure modes and challenges are listed. (4) The business impact of dependability solutions for these use cases is analysed. (5) A preliminary definition of a HIDENETS reference model is provided, which contains highlevel architectural assumptions. This HIDENETS reference model will be further developed in the course of the HIDENETS projects in close cooperation with the other WPs, which is the reason why the preliminary version also contains a collection of potential contributions from other WPs that shall be developed and investigated in the course of the HIDENETS project. In summary, the identified use-cases and their requirements clearly show the large number of dependability related challenges. First steps towards technical solutions have been made in this report in the preliminary reference model, whereas the other work-packages have started in the meanwhile to develop such solutions further based on 'middleware technology' (WP2), 'communication protocols' (WP3), 'quantitative analysis methodology' (WP4), and 'design and testing methodology' (WP5

Dagstuhl News January - December 2007

"Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic