barricade defending systems against operator mistakes
play

Barricade: Defending Systems Against Operator Mistakes Ricardo - PowerPoint PPT Presentation

Sep 06, 2022 •290 likes •862 views

Compute ter Science ce Barricade: Defending Systems Against Operator Mistakes Ricardo Bianchini In collaboration with Fbio Oliveira, Andrew Tjang, Rich Martin, Thu Nguyen Motivation Computer systems pervade our lives Work and

  1. Compute ter Science ce Barricade: Defending Systems Against Operator Mistakes Ricardo Bianchini In collaboration with Fábio Oliveira, Andrew Tjang, Rich Martin, Thu Nguyen

  2. Motivation  Computer systems pervade our lives  Work and leisure  Enterprise systems: email, storage, database, etc.  Internet services: e-commerce, social networks, etc.  Cloud computing  Systems need to be highly available, behave correctly  Misbehavior and downtime can be costly  Operator mistakes are common source of such problems

  3. “Google Glitch Briefly Disrupts World’s Search” By LIZ ROBBINS – The New York Times News Blog Jan 31, 2009  Google blacklisted all sites on the Web for 1 hour Results warned ―This site may harm your computer‖  Sites would not load   Cause: Operator mistake Operator added ―/‖ to blacklist file   Estimated cost: $2 — 3 million

  4. Operator Mistakes Are Very Common 0% 34% Mistakes are responsible Operator (at least partly) for 79% of Hardware 51% DB administration problems Software Overload [Oliveira’06] 15% Avg of 3 Internet sites [Patterson’02]  Examples of mistakes: misconfiguration, improper testing of changes, improper deployment, dissemination  Fixing mistakes can be time-consuming

  5. Our Idea  What do we need?  Mistake-aware management of systems  Focus: multi-node systems with replicated components  Goals  Proactively defend the system against potential mistakes  Confine mistakes to isolated, off-line subset of nodes  Require less-experienced operators, lowering labor costs

  6. Contributions  A framework for mistake-aware management and a prototype system (Barricade)  Two case studies  Prototype 3-tier online auction service  System that mimics our dept’s computing infrastructure (email, DNS, authentication)  64 live experiments with 20 volunteers, showing that mistake-aware management is effective  Barricade contained 75 out of 82 observed mistakes

  7. Outline  Motivation  Mistake-Aware Systems Management  Framework overview  Example  Prototype Implementation: Barricade  Evaluation  Conclusions & Future Work

  8. Mistake-Aware Management  Our approach to mistake-aware management is:  Monitor the operator’s actions  Predict the expected cost of a mistake  If cost is high, take nodes off-line and block actions  Enforce testing of actions  Lift blocks when tests confirm correctness  Blocking mechanisms: command and file blocking  Operators = scripts  Key questions: What should be blocked and when? Can we make it all be un-intrusive?

  9. Framework for MAM Task Prediction Cost Blocking Module Module Module Diagnosis Mistake Prediction Testing Module Module Module Monitors Actuators For each task i, the expected cost of a mistake (ECM) is: ( ) ( ) ( | ) ( ) ECM task P task P mistake task CM task i i i i Blocking actions for task i ( i ) ECM task threshold Lifting actions for task i ( i ) ECM task threshold

  10. Overview of a MAM System Monitors System engineer instantiates and configures the MAM system Actuator Managed Server Task Prediction Model Monitors Mistake Prediction Model Cost Model Actuator Managed Diagnosis Model Server Management Blocking Actions Server Test Procedures Monitors Actuator Managed Server

  11. Overview of a MAM System Operators interact with modified Monitors shell at managed/target servers (site of operation) Actuator Managed Server Task Prediction Model Monitors Mistake Prediction Model Shell commands, changes Cost Model to persistent state, info Actuator for testing Managed Diagnosis Model Server Management Blocking Actions Server Test Procedures Monitors Actuator Managed Server

  12. Overview of a MAM System Monitors Super-operator can Blocking/Lifting bypass the blocks Actions Actuator Managed Server Task Prediction Model Monitors Mistake Prediction Model Shell commands, changes Cost Model to persistent state, info Actuator for testing Managed Diagnosis Model Server Management Blocking Actions Server Test Procedures Monitors Blocking/Lifting Actions Actuator Managed Server

  13. Example: 3-tiered Service  Operator task: add an application server Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Database Server Actions: install, config, start appl server; reconfig Web servers Site of operation: appl server and 1 Web server at a time

  14. Example: 3-tiered Service  Operator task: add an application server Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Database Server P(add_app_server) increases

  15. Example: 3-tiered Service  Operator task: add an application server Site of operation Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Database Server P(add_app_server) increases

  16. Example: 3-tiered Service  Operator task: add an application server Site of operation Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Database Server Expected cost of mistake for ―add app server‖ > threshold

  17. Example: 3-tiered Service  Operator task: add an application server Site of operation Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Barricade Database Server Expected cost of mistake for ―add app server‖ > threshold Erect barricade for ―add app server‖: containment phase Block commands: startup and shutdown of server software Block files: configuration files of server software

  18. Example: 3-tiered Service  Operator task: add an application server Site of operation Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Barricade Database Server Expected cost of mistake for ―add app server‖ > threshold In background, run test procedures on site of operation: Check running processes; Verify consistency of config files; etc.

  19. Example: 3-tiered Service  Operator task: add an application server Site of operation Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Barricade Database Server Operator starts working on ―Web server m‖

  20. Example: 3-tiered Service  Operator task: add an application server Site of operation Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Barricade Database Server Operator starts working on ―Web server m‖ Extend the barricade and the site of operation; take WS off-line Keep running tests until behavior on site of operation is ―correct‖

  21. Example: 3-tiered Service  Operator task: add an application server Site of operation Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Barricade Database Server Operator is done working on site of operation AND all tests succeed Containment phase is over; dissemination phase begins Establish dissemination order and adjust barricade

  22. Example: 3-tiered Service  Operator task: add an application server Dissemination target Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Barricade Database Server Next dissemination target is Web server 2 In background, run test procedures on dissemination target

  23. Example: 3-tiered Service  Operator task: add an application server Dissemination target Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Barricade Database Server Operator is done working on dissemination target AND tests succeed Allow operator to proceed to next dissemination target Adjust barricade

  24. Example: 3-tiered Service  Operator task: add an application server Dissemination target Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Barricade Database Server Web server 1 is the next dissemination target Allow operator to proceed to next dissemination target Adjust barricade

  25. Example: 3-tiered Service  Operator task: add an application server Dissemination target Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Barricade Database Server Operator completes last dissemination step AND tests succeed Task is over Destroy barricade

  26. Example: 3-tiered Service  Operator task: add an application server Web Web Web … Server m Server 1 Server 2 … Application Application Application Application Server 1 Server 2 Server n Server n+1 Database Server

  27. Outline  Motivation  Mistake-Aware Systems Management  Prototype Implementation: Barricade  Evaluation  Conclusions & Future Work

Recommend

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES MISTAKES Christian Kaestner With slides

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES MISTAKES Christian Kaestner With slides

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES MISTAKES Christian Kaestner With slides adopted from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning Engineering."

1.27k views • 84 slides
Existentially closed C algebras, operator systems, and operator spaces Isaac Goldbring

Existentially closed C algebras, operator systems, and operator spaces Isaac Goldbring

Existentially closed C algebras, operator systems, and operator spaces Isaac Goldbring University of Illinois at Chicago East Coast Operator Algebras Symposium Fields Institute, Toronto, ON October 11, 2014 E.c. C algebras Isaac

394 views • 38 slides
Distributed Systems Firewalls: Defending the Network Paul Krzyzanowski pxk@cs.rutgers.edu

Distributed Systems Firewalls: Defending the Network Paul Krzyzanowski pxk@cs.rutgers.edu

Distributed Systems Firewalls: Defending the Network Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. inetd Most U NIX systems ran

581 views • 21 slides
Mistakes Irrend lernt man (Learning through mistakes) Johann Wolfgang von Goethe 2 Rome

Mistakes Irrend lernt man (Learning through mistakes) Johann Wolfgang von Goethe 2 Rome

Europe and Finland 20 years of Monetary Union Turku Europe Forum 30 August 2018 Intervention of Francesco Papadia Mistakes Irrend lernt man (Learning through mistakes) Johann Wolfgang von Goethe 2 Rome Mistakes Italian fiscal

451 views • 22 slides
Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Presenting a live 90 minute webinar with interactive Q&A Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in Workouts, Defaults, and Bankruptcy TUES DAY, DECEMBER 21, 2010 1pm Eastern |

1.33k views • 131 slides
Defending Distributed Cyber-Physical Systems with Bounded Time Recovery Bri Brian Sa

Defending Distributed Cyber-Physical Systems with Bounded Time Recovery Bri Brian Sa

Defending Distributed Cyber-Physical Systems with Bounded Time Recovery Bri Brian Sa Sandler, Neeraj Gandhi, Linh Thi Xuan Phan, Andreas Haeberlen NSF/Intel CPS PI Meeting July 2018 1 Machines in Control Vulnerable CPS can cause

434 views • 28 slides
Jeremy Edberg Why am I here? Why should we learn from other peoples mistakes? Mistakes

Jeremy Edberg Why am I here? Why should we learn from other peoples mistakes? Mistakes

Jeremy Edberg Why am I here? Why should we learn from other peoples mistakes? Mistakes weve made What is reddit? reddit is an online community Way back in 2005... Two UVA students applied for this thing called YCombinator They

1.68k views • 119 slides
Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto

Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto

Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject WARNING! This is a talk about DEFENDING not attacking NO systems were harmed on the

801 views • 47 slides
Defending Against Malicious Socialbots Position Paper Yazan Boshmaf, Ildar Muslukhov,

Defending Against Malicious Socialbots Position Paper Yazan Boshmaf, Ildar Muslukhov,

Key Challenges in Defending Against Malicious Socialbots Position Paper Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems

391 views • 36 slides
MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL GLOBAL EQUITIES OBAL EQUITIES TO US PRIV US PRIVATE CLIENT E CLIENTS Jonathan F Jonathan Foster ster President & CEO Angeles Wealth

643 views • 19 slides
Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex

Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex

Presenting a live 90-minute webinar with interactive Q&A Wrongful Death Claims and Survival Actions: Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex Valuation and Settlement Issues WEDNESDAY,

481 views • 26 slides
CS 147: Computer Systems Performance Analysis Mistakes in Graphical Presentation 1 / 45

CS 147: Computer Systems Performance Analysis Mistakes in Graphical Presentation 1 / 45

CS147 2015-06-15 CS 147: Computer Systems Performance Analysis Mistakes in Graphical Presentation CS 147: Computer Systems Performance Analysis Mistakes in Graphical Presentation 1 / 45 Overview CS147 Overview 2015-06-15 Common Mistakes

467 views • 45 slides
If you are not making mistakes, then you are not doing anything. Im positive that a DOER

If you are not making mistakes, then you are not doing anything. Im positive that a DOER

If you are not making mistakes, then you are not doing anything. Im positive that a DOER makes mistakes. John Wooden Oct. 2017 Agenda Introductions and GGOB Organization -- Sonoma/Napa/Marin games Assignment process tools

503 views • 28 slides
Adaptive Management Systems Dont make the same mistakes twice! 13 December 2017 Agenda

Adaptive Management Systems Dont make the same mistakes twice! 13 December 2017 Agenda

Adaptive Management Systems Dont make the same mistakes twice! 13 December 2017 Agenda Moderator: Kasparas Kemeklis , Ocean Energy Europe, ETIP Ocean Presentations: Finlay Bennet - Marine Scotland Frank Fortune - Royal HaskoningDHV Q&A

453 views • 42 slides
Most Common Mistakes w ith Real-Time Softw are Development Embedded Systems Conference Boston,

Most Common Mistakes w ith Real-Time Softw are Development Embedded Systems Conference Boston,

Most Common Mistakes w ith Real-Time Softw are Development Embedded Systems Conference Boston, September 2006 Class ESC 401/421 Dave Stewart Director of Software Engineering I nHand Electronics Rockville, Maryland dstewart@inhand.com

686 views • 45 slides
RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES II MISTAKES II Eunsuk Kang Required

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES II MISTAKES II Eunsuk Kang Required

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES II MISTAKES II Eunsuk Kang Required reading: "How Big Data Transformed Applying to College", Cathy O'Neil 1 LEARNING GOALS: LEARNING GOALS: Evaluate the risks of mistakes from

718 views • 61 slides
Perturbations of L-systems Sergey Belyi Troy University (USA) Operator Theory and Krein Spaces

Perturbations of L-systems Sergey Belyi Troy University (USA) Operator Theory and Krein Spaces

L-systems L-systems with 1-D input-output Donoghue classes and L-systems Realization of perturbed classes Perturbation of L-systems Perturbations of L-systems Sergey Belyi Troy University (USA) Operator Theory and Krein Spaces Vienna,

1.07k views • 102 slides
Lease-Up Lessons Learned Stephanie R. Barbabosa Head of Build to Rent at Lendlease 2 Common

Lease-Up Lessons Learned Stephanie R. Barbabosa Head of Build to Rent at Lendlease 2 Common

Lease-Up Lessons Learned Stephanie R. Barbabosa Head of Build to Rent at Lendlease 2 Common Area Mistakes 3 Interior Design Mistakes 4 Interior Unit Mistakes 5 Technology Mistakes an expensive one! 6 7 Target Market Mistakes 8 9

238 views • 10 slides
The Choquet boundary of an operator system Matthew Kennedy (joint work with Ken Davidson)

The Choquet boundary of an operator system Matthew Kennedy (joint work with Ken Davidson)

The Choquet boundary of an operator system Matthew Kennedy (joint work with Ken Davidson) Carleton University May 28, 2013 Operator systems and completely positive maps Definition An operator system is a unital self-adjoint subspace of a

1.06k views • 62 slides
Mistakes, Obstacles and Conflicts Mistakes, Obstacles and Conflicts in using CMMI for Process in

Mistakes, Obstacles and Conflicts Mistakes, Obstacles and Conflicts in using CMMI for Process in

Mistakes, Obstacles and Conflicts Mistakes, Obstacles and Conflicts in using CMMI for Process in using CMMI for Process Improvement Improvement Itzhak Lavi, Sarit Aserraf, Alon Modai Israel Aircraft Industries SEPG North America 2008 SEPG

240 views • 21 slides
SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via Social Networks via Social Networks Intel Research Pittsburgh / CMU Haifeng Yu National University of Singapore Michael Kaminsky Intel Research

501 views • 22 slides
Success does not consist in never making mistakes but in never making the same one a second time.

Success does not consist in never making mistakes but in never making the same one a second time.

Success does not consist in never making mistakes but in never making the same one a second time. George Bernard Shaw Repeat offenders make mistakes by NOT: Utilising key learnings from Yr. 11 Mapping assessment schedules Linking

530 views • 23 slides
Defending Against the Sneakers Scenario Bryan Sullivan, Security Program Manager, Microsoft SDL

Defending Against the Sneakers Scenario Bryan Sullivan, Security Program Manager, Microsoft SDL

Defending Against the Sneakers Scenario Bryan Sullivan, Security Program Manager, Microsoft SDL Crypto systems get broken eh vxuh wr gulqn brxu rydowlqh be sure to drink your ovaltine Why assume that current algorithms really are unbreakable,

656 views • 64 slides
2 2 f f + = 0 2 2 x y Laplacian operator is discretized version

2 2 f f + = 0 2 2 x y Laplacian operator is discretized version

IIT Bombay Slide 75 Laplacian Operator The Laplacian operator is based on the Laplace equation given by 2 2 f f + = 0 2 2 x y Laplacian operator

731 views • 26 slides

More recommend