176 research outputs found
The JStar language philosophy
This paper introduces the JStar parallel programming language, which is a Java-based declarative language aimed at discouraging sequential programming, en-couraging massively parallel programming, and giving the compiler and runtime maximum freedom to try alternative parallelisation strategies. We describe the execution semantics and runtime support of the language, several optimisations and parallelism strategies, with some benchmark results
Recent Advances in Declarative Networking
Declarative networking is a programming methodology that enables developers to concisely specify network protocols and services, and directly compile these specifications into a dataflow framework for execution. This paper describes recent advances in declarative networking, tracing its evolution from a rapid prototyping framework towards a platform that serves as an important bridge connecting formal theories for reasoning about protocol correctness and actual implementations. In particular, the paper focuses on the use of declarative networking for addressing four main challenges in the distributed systems development cycle: the generation of safe routing implementations, debugging, security and privacy, and optimizing distributed systems
Monitoring Auditable Claims in the Cloud
When deploying mission-critical systems in the cloud, where deviations may
have severe consequences, the assurance of critical decisions becomes
essential. Typical cloud systems are operated by third parties and are built on
complex software stacks consisting of e.g., Kubernetes, Istio, or Kafka, which
due to their size are difficult to be verified. Nevertheless, one needs to make
sure that mission-critical choices are made correctly. We propose a flexible
runtime monitoring approach that is independent of the implementation of the
observed system that allows to monitor safety and data-related properties. Our
approach is based on combining distributed Datalog-based programs with
tamper-proof storage based on Trillian to verify the premises of
safety-critical actions. The approach can be seen as a generalization of the
Certificate Transparency project. We apply our approach to an industrial use
case that uses a cloud infrastructure for orchestrating unmanned air vehicles
A flexible architecture for privacy-aware trust management
In service-oriented systems a constellation of services cooperate, sharing potentially sensitive information and responsibilities. Cooperation is only possible if the different participants trust each other. As trust may depend on many different factors, in a flexible framework for Trust Management (TM) trust must be computed by combining different types of information. In this paper we describe the TAS3 TM framework which integrates independent TM systems into a single trust decision point. The TM framework supports intricate combinations whilst still remaining easily extensible. It also provides a unified trust evaluation interface to the (authorization framework of the) services. We demonstrate the flexibility of the approach by integrating three distinct TM paradigms: reputation-based TM, credential-based TM, and Key Performance Indicator TM. Finally, we discuss privacy concerns in TM systems and the directions to be taken for the definition of a privacy-friendly TM architecture.\u
Automated Formal Analysis of Internet Routing Configurations
Today\u27s Internet interdomain routing protocol, the Border Gateway
Protocol (BGP), is increasingly complicated and fragile due to policy
misconfigurations by individual autonomous systems (ASes). To create
provably correct networks, the past twenty years have witnessed, among
many other efforts, advances in formal network modeling, system
verification and testing, and point solutions for network management
by formal reasoning. On the conceptual side, the formal models
usually abstract away low-level details, specifying what are the
correct functionalities but not how to achieve them. On the practical
side, system verification of existing networked systems is generally
hard, and system testing or simulation provide limited formal
guarantees. This is known as a long standing challenge in network
practice --- formal reasoning is decoupled from actual implementation.
This thesis seeks to bridge formal reasoning and actual network
implementation in the setting of the Border Gateway Protocol (BGP), by
developing the Formally Verifiable Routing (FVR) toolkit that
combines formal methods and programming language techniques. Starting
from the formal model, FVR automates verification of routing
models and the synthesis of faithful implementations that
carries the correctness property. Conversely, starting from large
real-world BGP systems with arbitrary policy configurations,
automates the analysis of Internet routing configurations,
and also includes a novel network reduction technique that
scales up existing techniques for automated analysis. By
developing the above formal theories and tools, this thesis aims to
help network operators to create and manage BGP systems with
correctness guarantee
- …