Results 1 - 10
of
10
Declarative Networking
, 2009
"... Declarative Networking is a programming methodology that enables developers to concisely specify network protocols and services, which are directly compiled to a dataflow framework that executes the specifications. This paper provides an introduction to basic issues in declarative networking, includ ..."
Abstract
-
Cited by 76 (31 self)
- Add to MetaCart
Declarative Networking is a programming methodology that enables developers to concisely specify network protocols and services, which are directly compiled to a dataflow framework that executes the specifications. This paper provides an introduction to basic issues in declarative networking, including language design, optimization and dataflow execution. We present the intuition behind declarative programming of networks, including roots in Datalog, extensions for networked environments, and the semantics of long-running queries over network state. We focus on a sublanguage we call Network Datalog (NDlog), including execution strategies that provide crisp eventual consistency semantics with significant flexibility in execution. We also describe a more general language called Overlog, which makes some compromises between expressive richness and semantic guarantees. We provide an overview of declarative network protocols, with a focus on routing protocols and overlay networks. Finally, we highlight related work in declarative networking, and new declarative approaches to related problems.
Data-centric programming in the datacenter
, 2009
"... ABSTRACT The advent of cloud computing is turning datacenter clusters into a commodity. By making large clusters trivial to acquire, manage, and maintain, cloud computing promises to seed a phase of innovative software development, with a wide range of programmers developing new services that scale ..."
Abstract
-
Cited by 10 (3 self)
- Add to MetaCart
(Show Context)
ABSTRACT The advent of cloud computing is turning datacenter clusters into a commodity. By making large clusters trivial to acquire, manage, and maintain, cloud computing promises to seed a phase of innovative software development, with a wide range of programmers developing new services that scale out quickly and flexibly. However, current cloud platforms focus on relatively traditional, single-server programming models over shared storage, and do little to simplify the task of coordinating large-scale distributed systems. There is as yet no widely-used programming model that lets a developer easily harness the distributed power of a cluster. In this paper, we detail our experience building distributed datacenter software via high-level, data-centric programming. Using the Overlog language and Java, we developed a "Big Data" analytics stack that is API-compatible with Hadoop and HDFS. We describe our experience reimplementing the Hadoop stack and extending it incrementally with new features not yet available in Hadoop, including availability, scalability, and unique monitoring and debugging facilities. Developed in a relatively short nine-month design cycle, our Overlog interpreter and Hadoop implementation perform within a modest factor of the standard Java-only implementation, with a compact and easily-extendible codebase. We reflect on the opportunities and challenges we encountered along the way, which may inform new development environments for distributed programming in datacenters.
SecureBlox: Customizable Secure Distributed Data Processing
, 2010
"... We present SecureBlox, a declarative system that unifies a distributed query processor with a security policy framework. SecureBlox decouples security concerns from system specification, allowing easy reconfiguration of a system’s security properties to suit a given execution environment. Our implem ..."
Abstract
-
Cited by 6 (5 self)
- Add to MetaCart
(Show Context)
We present SecureBlox, a declarative system that unifies a distributed query processor with a security policy framework. SecureBlox decouples security concerns from system specification, allowing easy reconfiguration of a system’s security properties to suit a given execution environment. Our implementation of SecureBlox is a series of extensions to LogicBlox, an emerging commercial Datalog-based platform for enterprise software systems. SecureBlox enhances LogicBlox to enable distribution and static meta-programmability, and makes novel use of existing LogicBlox features such as integrity constraints. SecureBlox allows meta-programmability via BloxGenerics–a language extension for compile-time code generation based on the security requirements and trust policies of the deployed environment. We present and evaluate detailed use-cases in which SecureBlox enables diverse applications, including an authenticated declarative routing protocol with encrypted advertisements and an authenticated and encrypted parallel hash join operation. Our results demonstrate SecureBlox’s abilities to specify and implement a wide range of different security constructs for distributed systems as well as to enable tradeoffs between performance and security.
Towards a data-centric view of cloud security
- in Proceedings of the second international workshop on Cloud data management, ser. CloudDB ’10
"... Cloud security issues have recently gained traction in the research community, with much of the focus primarily concentrated on securing the operating systems and virtual machines on which the services are deployed. In this paper, we take an alternative perspective and propose a data-centric view of ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
Cloud security issues have recently gained traction in the research community, with much of the focus primarily concentrated on securing the operating systems and virtual machines on which the services are deployed. In this paper, we take an alternative perspective and propose a data-centric view of cloud security. In particular, we explore the security properties of secure data sharing between applications hosted in the cloud. We discuss data management challenges in the areas of secure distributed query processing, system analysis and forensics, and query correctness assurance, and describe our current efforts towards meeting these challenges using our Declarative Secure Distributed Systems (DS2) platform.
Research Statement
"... My research focuses on the development of new programming tools and analysis techniques that improve the process of designing, implementing, and securing large-scale distributed systems. At the University of Pennsylvania, I lead the NetDB@Penn ..."
Abstract
- Add to MetaCart
(Show Context)
My research focuses on the development of new programming tools and analysis techniques that improve the process of designing, implementing, and securing large-scale distributed systems. At the University of Pennsylvania, I lead the NetDB@Penn
Declarative Secure Distributed Systems
, 2010
"... In the past decade, distributed systems have rapidly evolved and gained significant traction in the research community, with an increasing interest concentrated on developing and analyzing secure distributed systems. In this paper, we present DS2 (Declarative Secure Distributed Systems), a unified p ..."
Abstract
- Add to MetaCart
In the past decade, distributed systems have rapidly evolved and gained significant traction in the research community, with an increasing interest concentrated on developing and analyzing secure distributed systems. In this paper, we present DS2 (Declarative Secure Distributed Systems), a unified platform for specifying, implementing, and analyzing large-scale secure distributed systems. First, we propose the Secure Network Datalog (SeNDlog) language that enables distributed systems and their security policies to be specified and implemented within a same declarative framework. We show that the existing semi-naïve evaluation can be extended to execute SeNDlog programs that incorporate authenticated communication among untrusted nodes. Second, we demonstrate that network provenance – the metadata that explains the derivation of network state – can be naturally and concisely captured within the DS2 system. We extend existing data models for provenance to enable distribution at Internet-scale, and present techniques for efficient and customizable maintenance and querying of network provenance. Finally, the future research plans on secure provenance and its integration with legacy applications are presented for discussion.
Teaching Statement
"... As a faculty member, I place equal emphasis on teaching and research. I believe that teaching and research have a synergistic relationship. My education goal mirrors my inter-disciplinary approach towards research: I aim to ensure that students develop a holistic view of distributed systems by drawi ..."
Abstract
- Add to MetaCart
(Show Context)
As a faculty member, I place equal emphasis on teaching and research. I believe that teaching and research have a synergistic relationship. My education goal mirrors my inter-disciplinary approach towards research: I aim to ensure that students develop a holistic view of distributed systems by drawing stronger connections between the networking field, and related areas in data management, formal methods, and programming languages. Consequently, I have developed two inter-disciplinary doctoral seminar courses exploring topics at the interaction of databases, networking, formal methods and programming languages. I design courses that have a significant experimental component, where students work in teams to develop sizable software systems based on concepts learned in class. These include building an operating system, fault tolerant distributed mail server, and a peer-to-peer search engine. Since Jan 2007, I have introduced several new courses and improved two existing core classes in software systems and operating systems. Several of these courses are not only core requirements for undergraduates and graduate students, but they are among the highest enrolled courses in our Computer and Information Science (CIS) department. 1 Experimental Systems Courses I will briefly highlight three experimental systems-oriented courses that I have taught at Penn. 1.1 CIS 380: Operating systems
reports/919 Towards Secure Cloud Data Management
"... This paper explores the security challenges posed by data-intensive applications deployed in cloud environments that span administrative and network domains. We propose a data-centric view of cloud security and discuss data management challenges in the areas of secure distributed data processing, en ..."
Abstract
- Add to MetaCart
(Show Context)
This paper explores the security challenges posed by data-intensive applications deployed in cloud environments that span administrative and network domains. We propose a data-centric view of cloud security and discuss data management challenges in the areas of secure distributed data processing, end-to-end query result verification, and cross-user trust policy management. In addition, we describe our current and future efforts to investigate security challenges in cloud data management using the Declarative Secure Distributed Systems (DS 2) platform, a declarative infrastructure for specifying, analyzing, and deploying secure information systems. 1.
Personal Statement of Research
"... My research work aims to ease the implementation, management, and analysis of secure distributed systems. I adopt a multi‐disciplinary approach towards address this problem by unifying three bodies of work: (a) logic‐based trust management systems, (b) declarative networking [1][2] that enables comp ..."
Abstract
- Add to MetaCart
(Show Context)
My research work aims to ease the implementation, management, and analysis of secure distributed systems. I adopt a multi‐disciplinary approach towards address this problem by unifying three bodies of work: (a) logic‐based trust management systems, (b) declarative networking [1][2] that enables compact specifications of network protocols, and (c) database techniques for analyzing data computations. My research work has been published in selective venues in the areas of database [3, 5, 7, 8], security [4], and runtime verification [6]. I seek to ground my research in practical problems by collaborating closely with industry (e.g. Microsoft Research and LogicBlox) with an eye towards solving realistic problems. My work is motivated by the proliferation of networked information systems currently deployed for a variety of application domains. Despite the widespread usage, designing and implementing these large‐scale systems remains a challenge, in part because of the emerging security threats. Two important challenges are that of (1) securing distributed data‐centric computations, particularly when the computations span administrative boundaries, and (2) monitoring and analyzing security properties of these systems. Declarative Secure Distributed Systems (DS2):
Recent Advances in Declarative Networking
, 2012
"... Recent Advances in Declarative Networking Declarative networking is a programming methodology that enables developers to concisely specify network protocols and services, and directly compile these specifications into a dataflow framework for execution. This paper describes recent advances in declar ..."
Abstract
- Add to MetaCart
(Show Context)
Recent Advances in Declarative Networking Declarative networking is a programming methodology that enables developers to concisely specify network protocols and services, and directly compile these specifications into a dataflow framework for execution. This paper describes recent advances in declarative networking, tracing its evolution from a rapid prototyping framework towards a platform that serves as an important bridge connecting formal theories for reasoning about protocol correctness and actual implementations. In particular, the paper focuses on the use of declarative networking for addressing four main challenges in the distributed systems development cycle: the generation of safe routing implementations, debugging, security and privacy, and optimizing distributed
