A Tour of Gallifrey, a Language for Geodistributed Programming

Programming efficient distributed, concurrent systems requires new abstractions that go beyond traditional sequential programming. But programmers already have trouble getting sequential code right, so simplicity is essential. The core problem is that low-latency, high-availability access to data requires replication of mutable state. Keeping replicas fully consistent is expensive, so the question is how to expose asynchronously replicated objects to programmers in a way that allows them to reason simply about their code. We propose an answer to this question in our ongoing work designing a new language, Gallifrey, which provides orthogonal replication through _restrictions_ with _merge strategies_, _contingencies_ for conflicts arising from concurrency, and _branches_, a novel concurrency control construct inspired by version control, to contain provisional behavior

Safe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency (Technical Report)

Modern applications often operate on data in multiple administrative domains. In this federated setting, participants may not fully trust each other. These distributed applications use transactions as a core mechanism for ensuring reliability and consistency with persistent data. However, the coordination mechanisms needed for transactions can both leak confidential information and allow unauthorized influence. By implementing a simple attack, we show these side channels can be exploited. However, our focus is on preventing such attacks. We explore secure scheduling of atomic, serializable transactions in a federated setting. While we prove that no protocol can guarantee security and liveness in all settings, we establish conditions for sets of transactions that can safely complete under secure scheduling. Based on these conditions, we introduce staged commit, a secure scheduling protocol for federated transactions. This protocol avoids insecure information channels by dividing transactions into distinct stages. We implement a compiler that statically checks code to ensure it meets our conditions, and a system that schedules these transactions using the staged commit protocol. Experiments on this implementation demonstrate that realistic federated transactions can be scheduled securely, atomically, and efficiently.This work was supported by MURI grant FA9550-12-1-0400, by NSF grants 1513797, 1422544, 1601879, by gifts from Infosys and Google, and by the Department of Defense (DoD) through the National Defense Science & Engineering Graduate Fellowship (NDSEG) Program

Warranties for Faster Strong Consistency

We present a new mechanism, warranties, to enable building distributed systems with linearizable transactions. A warranty is a time-limited assertion about one or more distributed objects. These assertions generalize optimistic concurrency control, improving throughput because clients holding warranties need not communicate to verify the warranty’s assertion. Updates that might cause an active warranty to become false are delayed until the warranty expires, trading write latency for read latency. For workloads biased toward reads, warranties improve scalability and system throughput. Warranties can be expressed using language-level computations, and they integrate harmoniously into the programming model as a form of memoization. Experiments with some nontrivial programs demonstrate that warranties enable high performance despite the simple programming model.

Contextual Policy Enforcement in Android Programs with Permission Event Graphs

The difference between a malicious and a benign Android application can often be characterised by context and sequence in which certain permissions and APIs are used. We present a new technique for checking temporal properties of the interaction between an application and the Android event system. Our tool can automatically detect sensitive operations being performed without the user's consent, such as recording audio after the stop button is pressed, or accessing an address book in the background. Our work centres around a new abstraction of Android applications, called a Permission Event Graph, which we construct with static analysis, and query using model checking. We evaluate application-independent properties on 152 malicious and 117 benign applications, and application-specific properties on 8 benign and 9 malicious applications. In both cases, we can detect, or prove the absence of malicious behaviour beyond the reach of existing techniques

Delayed colorectal cancer care during covid-19 pandemic (decor-19). Global perspective from an international survey

Background The widespread nature of coronavirus disease 2019 (COVID-19) has been unprecedented. We sought to analyze its global impact with a survey on colorectal cancer (CRC) care during the pandemic. Methods The impact of COVID-19 on preoperative assessment, elective surgery, and postoperative management of CRC patients was explored by a 35-item survey, which was distributed worldwide to members of surgical societies with an interest in CRC care. Respondents were divided into two comparator groups: 1) ‘delay’ group: CRC care affected by the pandemic; 2) ‘no delay’ group: unaltered CRC practice. Results A total of 1,051 respondents from 84 countries completed the survey. No substantial differences in demographics were found between the ‘delay’ (745, 70.9%) and ‘no delay’ (306, 29.1%) groups. Suspension of multidisciplinary team meetings, staff members quarantined or relocated to COVID-19 units, units fully dedicated to COVID-19 care, personal protective equipment not readily available were factors significantly associated to delays in endoscopy, radiology, surgery, histopathology and prolonged chemoradiation therapy-to-surgery intervals. In the ‘delay’ group, 48.9% of respondents reported a change in the initial surgical plan and 26.3% reported a shift from elective to urgent operations. Recovery of CRC care was associated with the status of the outbreak. Practicing in COVID-free units, no change in operative slots and staff members not relocated to COVID-19 units were statistically associated with unaltered CRC care in the ‘no delay’ group, while the geographical distribution was not. Conclusions Global changes in diagnostic and therapeutic CRC practices were evident. Changes were associated with differences in health-care delivery systems, hospital’s preparedness, resources availability, and local COVID-19 prevalence rather than geographical factors. Strategic planning is required to optimize CRC care