AI2: Training a big data machine to defend Veeramachaneni et al. IEEE International conference on Big Data Security, 2016 Will machines take over? The lesson of today’s paper is that we’re better off together. Combining AI with HI (human intelligence, I felt like we deserved an acronym of our own ;) ) yields much better … Continue reading AI^2: Training a big data machine to defend
Hacking Blind
Hacking Blind Bittau et al. IEEE Symposium on Security and Privacy, 2014 (With thanks to Chris Swan for pointing this paper out to me a few months ago…) The ingenuity of attackers continues to amaze. Today’s paper presents an interesting trade-off: security or availability, pick one! (*) The work you put in to make sure … Continue reading Hacking Blind
BlindBox: Deep packet inspection over encrypted traffic
BlindBox: Deep packet inspection over encrypted traffic Sherry et al. SIGCOMM 2015 This is the final paper from the inaugural Research for Practice selections, and the third of Justine Sherry's three picks. The fundamental problem addressed is the same as we looked at yesterday: how do you accommodate middleboxes in HTTPS traffic? More specifically, this … Continue reading BlindBox: Deep packet inspection over encrypted traffic
Multi-context TLS (mcTLS): Enabling secure in-network functionality in TLS
Multi-Context TLS (mcTLS): Enabling secure in-network functionality in TLS Naylor et al. SIGCOMM 2015 We're rushing to deploy HTTPS everywhere - and about time - but this has interesting implications for middleboxes since it's hard for them to do their job when traffic is encrypted end-to-end. Say you want to add caching, compression, an intrusion … Continue reading Multi-context TLS (mcTLS): Enabling secure in-network functionality in TLS
E2: A framework for NFV applications
E2: A Framework for NFV Applications Palkar et al. SOSP 2015 Today we move into the second part of the Research for Practice article, which is a selection of papers from Justine Sherry on Network Function Virtualization. We start with 'E2,' which seeks to address the proliferation and duplication of network function (NF) specific management … Continue reading E2: A framework for NFV applications
Shielding applications from an untrusted cloud with Haven
Shielding applications from an untrusted cloud with Haven Baumann et al. OSDI 2014 Our objective is to run existing server applications in the cloud with a level of trust and security roughly equivalent to a user operating their own hardware in a locked cage at a colocation facility. We're all familiar with the idea of … Continue reading Shielding applications from an untrusted cloud with Haven
IX: A protected dataplane operating system for high throughput and low latency
IX: A Protected Dataplane Operating System for High Throughput and Low Latency Belay et al. OSDI 2014 This is the second of Simon Peter's recommended papers in the 'Data Center OS Design' Research for Practice guide. Like Arrakis, IX splits the operating system into a control plane and data plane for networking. To quote Simon … Continue reading IX: A protected dataplane operating system for high throughput and low latency
Arrakis: the operating system is the control plane
Arrakis: The Operating System is the Control Plane - Peter et al. OSDI 2014 ACM Queue just introduced their "Research for Practice" series with Peter Bailis. Each edition contains 'expert curated guides to the best of CS research,' and in the first instalment Simon Peter selects a set of papers on data-center operating system trends, … Continue reading Arrakis: the operating system is the control plane
Identifying and quantifying architectural debt
Identifying and quantifying architectural debt - Xiao et al., ICSE 2016 (Update: thanks to Lu Xiao for providing an open access version of this paper, the link above has now been updated to point to it.) So finally we have arrived at Xiao et al.'s 2016 ICSE paper (see the write-ups on Design Rule Spaces … Continue reading Identifying and quantifying architectural debt
Hotspot Patterns: The formal definition and automatic detection of architecture smells
Hotspot Patterns: The formal definition and automatic detection of architecture smells - Mo et al. International Conference on Software Architecture, 2015 Yesterday we looked at Design Rule Spaces (DRSpaces) and how some design rule spaces seem to account for large numbers of the error-prone files within a project. Today's paper brings us up to date … Continue reading Hotspot Patterns: The formal definition and automatic detection of architecture smells
the morning paper 