Why your encrypted database is not secure

June 16, 2017 ~ Adrian Colyer ~ 2 Comments

Why your encrypted database is not secure Grubbs et al., HotOS'17 This is the third paper we've looked at so far in The Morning Paper on the topic of encrypted databases. The clear takeaway for me is that practical, provable security guarantees are very hard to deliver! Don't confuse better protection with unbreakable protection, and ... Continue Reading

Gray failure: the Achilles’ heel of cloud-scale systems

June 15, 2017 ~ Adrian Colyer ~ 18 Comments

Gray failure: the Achilles' heel of cloud-scale systems Huang et al., HotOS'17 If you're going to fail, fail properly dammit! All this limping along in degraded mode, doing your best to mask problems, turns out to be one of the key causes of major availability breakdowns and performance anomalies in cloud-scale systems. Today's HotOS'17 paper ... Continue Reading

System programming in Rust: beyond safety

June 14, 2017 ~ Adrian Colyer ~ 20 Comments

System programming in Rust: beyond safety Balasubramanian et al., HotOS'17 Balasubramanian et al. want us to switch all of our systems programming over to Rust. This paper sets out the case. Despite many advances in programming languages, clean-slate operating systems, hypervisors, key-value stores, web servers, network and storage frameworks are still developed in C, a ... Continue Reading

A dissection of the test-driven development process: does it really matter to test-first or test-last?

June 13, 2017 ~ Adrian Colyer ~ 4 Comments

A dissection of the test-driven development process: does it really matter to test-first or to test-last? Fucci et al., ICSE'17 Here we have a study with a really interesting aim - to find out which aspects of TDD are most significant when it comes to developer productivity and code quality. What we'd really love to ... Continue Reading

Decoding the representation of code in the brain: an fMRI study of code review and expertise

June 12, 2017 ~ Adrian Colyer ~ 1 Comment

Decoding the representation of code in the brain: an fMRI study of code review and expertise Floyd et al., ICSE'17 fMRI studies have been used to explore how our brains encode expertise in physical tasks involving specialised motor skills (for example, playing golf), in memory development (for example, London taxi drivers), and in mental skills ... Continue Reading

Node.fz: fuzzing the server-side event-driven architecture

June 9, 2017 ~ Adrian Colyer ~ 3 Comments

Node.fz: Fuzzing the server-side event-driven architecture Davis et al., EuroSys'17 This paper provides a fascinating look at common causes of concurrency bugs in server-side event driven architecture (EDA) based applications. By far the most popular framework supporting this style is Node.js of course. The Node.js package ecosystem, npm, is the largest ever, with over 400,000 ... Continue Reading

SyncPerf: Categorizing, detecting, and diagnosing synchronization performance bugs

June 8, 2017 ~ Adrian Colyer ~ 2 Comments

SyncPerf: Categorizing, detecting, and diagnosing synchronization performance bugs Mejbah ul Alam et al., EuroSys'17 This paper is an investigation into the causes of synchronisation-related performance issues in concurrent systems, together with a pair of tools that can help to detect and diagnose them. The main SyncPerf detection tool is very lightweight (average overhead 2.3%). It ... Continue Reading

RFP: When RPC is faster than server-bypass with RDMA

June 7, 2017 ~ Adrian Colyer ~ 2 Comments

RFP: When RPC is faster than server-bypass with RDMA Su et al., EuroSys'17 Every system that works with RDMA faces a choice of how best to use it: IP emulation mode, two-sided request-reply calls (RPC), one-sided calls, or even dropping down to the datagram level. We've seen a number of papers weighing in on this ... Continue Reading

SGXBounds: memory safety for shielded execution

June 6, 2017 ~ Adrian Colyer ~ 3 Comments

SGXBounds: memory safety for shielded execution Kuvaiskii et al., EuroSys'17 We've previously looked at a number of Intel SGX-related papers in The Morning Paper, including SCONE, which today's paper builds on. SGX comes with a memory encryption engine and seeks to protect trusted applications from an untrusted operating system, providing confidentiality and integrity guarantees. SGX, ... Continue Reading

Hybrids on Steroids: SGX-based high-performance BFT

June 5, 2017 ~ Adrian Colyer ~ 1 Comment

Hybrids on Steroids: SGX-based high performance BFT Behl et al., EuroSys'17 Byzantine fault tolerance (BFT) is the kind of fault-tolerance designed to withstand not just process crashes and network problems, but also active adversaries trying to break the system, as well as storage and memory corruptions and so on. We've taken a look at BFT ... Continue Reading

the morning paper

a random walk through Computer Science research, by Adrian Colyer
Made delightfully fast by strattic

Month: June 2017