Why your encrypted database is not secure

June 16, 2017June 9, 2017 ~ adriancolyer ~ 3 Comments

Why your encrypted database is not secure Grubbs et al., HotOS'17 This is the third paper we've looked at so far in The Morning Paper on the topic of encrypted databases. The clear takeaway for me is that practical, provable security guarantees are very hard to deliver! Don't confuse better protection with unbreakable protection, and … Continue reading Why your encrypted database is not secure

Gray failure: the Achilles’ heel of cloud-scale systems

June 15, 2017June 9, 2017 ~ adriancolyer ~ 21 Comments

Gray failure: the Achilles' heel of cloud-scale systems Huang et al., HotOS'17 If you're going to fail, fail properly dammit! All this limping along in degraded mode, doing your best to mask problems, turns out to be one of the key causes of major availability breakdowns and performance anomalies in cloud-scale systems. Today's HotOS'17 paper … Continue reading Gray failure: the Achilles’ heel of cloud-scale systems

System programming in Rust: beyond safety

June 14, 2017June 9, 2017 ~ adriancolyer ~ 20 Comments

System programming in Rust: beyond safety Balasubramanian et al., HotOS'17 Balasubramanian et al. want us to switch all of our systems programming over to Rust. This paper sets out the case. Despite many advances in programming languages, clean-slate operating systems, hypervisors, key-value stores, web servers, network and storage frameworks are still developed in C, a … Continue reading System programming in Rust: beyond safety

A dissection of the test-driven development process: does it really matter to test-first or test-last?

June 13, 2017June 9, 2017 ~ adriancolyer ~ 4 Comments

A dissection of the test-driven development process: does it really matter to test-first or to test-last? Fucci et al., ICSE'17 Here we have a study with a really interesting aim - to find out which aspects of TDD are most significant when it comes to developer productivity and code quality. What we'd really love to … Continue reading A dissection of the test-driven development process: does it really matter to test-first or test-last?

Decoding the representation of code in the brain: an fMRI study of code review and expertise

June 12, 2017July 31, 2017 ~ adriancolyer ~ 1 Comment

Decoding the representation of code in the brain: an fMRI study of code review and expertise Floyd et al., ICSE'17 fMRI studies have been used to explore how our brains encode expertise in physical tasks involving specialised motor skills (for example, playing golf), in memory development (for example, London taxi drivers), and in mental skills … Continue reading Decoding the representation of code in the brain: an fMRI study of code review and expertise

Node.fz: fuzzing the server-side event-driven architecture

June 9, 2017June 20, 2017 ~ adriancolyer ~ 3 Comments

Node.fz: Fuzzing the server-side event-driven architecture Davis et al., EuroSys'17 This paper provides a fascinating look at common causes of concurrency bugs in server-side event driven architecture (EDA) based applications. By far the most popular framework supporting this style is Node.js of course. The Node.js package ecosystem, npm, is the largest ever, with over 400,000 … Continue reading Node.fz: fuzzing the server-side event-driven architecture

SyncPerf: Categorizing, detecting, and diagnosing synchronization performance bugs

June 8, 2017July 31, 2017 ~ adriancolyer ~ 2 Comments

SyncPerf: Categorizing, detecting, and diagnosing synchronization performance bugs Mejbah ul Alam et al., EuroSys'17 This paper is an investigation into the causes of synchronisation-related performance issues in concurrent systems, together with a pair of tools that can help to detect and diagnose them. The main SyncPerf detection tool is very lightweight (average overhead 2.3%). It … Continue reading SyncPerf: Categorizing, detecting, and diagnosing synchronization performance bugs

RFP: When RPC is faster than server-bypass with RDMA

June 7, 2017May 30, 2017 ~ adriancolyer ~ 2 Comments

RFP: When RPC is faster than server-bypass with RDMA Su et al., EuroSys'17 Every system that works with RDMA faces a choice of how best to use it: IP emulation mode, two-sided request-reply calls (RPC), one-sided calls, or even dropping down to the datagram level. We've seen a number of papers weighing in on this … Continue reading RFP: When RPC is faster than server-bypass with RDMA

SGXBounds: memory safety for shielded execution

June 6, 2017May 29, 2017 ~ adriancolyer ~ 3 Comments

SGXBounds: memory safety for shielded execution Kuvaiskii et al., EuroSys'17 We've previously looked at a number of Intel SGX-related papers in The Morning Paper, including SCONE, which today's paper builds on. SGX comes with a memory encryption engine and seeks to protect trusted applications from an untrusted operating system, providing confidentiality and integrity guarantees. SGX, … Continue reading SGXBounds: memory safety for shielded execution

Hybrids on Steroids: SGX-based high-performance BFT

June 5, 2017May 29, 2017 ~ adriancolyer ~ 1 Comment

Hybrids on Steroids: SGX-based high performance BFT Behl et al., EuroSys'17 Byzantine fault tolerance (BFT) is the kind of fault-tolerance designed to withstand not just process crashes and network problems, but also active adversaries trying to break the system, as well as storage and memory corruptions and so on. We've taken a look at BFT … Continue reading Hybrids on Steroids: SGX-based high-performance BFT