ti e e ffi cient server audit problem deduplicated re
play

Ti e E ffi cient Server Audit Problem, Deduplicated Re-execution, - PowerPoint PPT Presentation

Nov 24, 2022 •147 likes •805 views

Ti e E ffi cient Server Audit Problem, Deduplicated Re-execution, and the Web Cheng Tan, Lingfan Yu, Joshua B. Leners*, and Michael Wal fj sh NYU Department of Computer Science, Courant Institute *Two Sigma Investments company Amazon Web

  1. Ti e E ffi cient Server Audit Problem, Deduplicated Re-execution, and the Web Cheng Tan, Lingfan Yu, Joshua B. Leners*, and Michael Wal fj sh NYU Department of Computer Science, Courant Institute *Two Sigma Investments

  2. company Amazon Web Services wiki PHP Alice employee employee

  3. company Amazon Web Services Alice wiki PHP database request PHP runtime employee response web server employee OS hypervisor hardware

  4. company Amazon Web Services Alice wiki PHP database request PHP runtime employee response web server employee OS hypervisor hardware • Alice has con fj dence in the wiki's PHP code

  5. company Amazon Web Services Alice wiki PHP database request PHP runtime employee response web server employee OS hypervisor hardware • Alice has con fj dence in the wiki's PHP code • Still, lots of things can go wrong ...

  6. company Amazon Web Services Alice kiwi PHP wiki PHP database request PHP runtime employee response web server employee OS hypervisor hardware • Alice has con fj dence in the wiki's PHP code • Still, lots of things can go wrong ...

  7. company Amazon Web Services Alice wiki PHP database request PHP runtime PCP runtime employee response web server employee OS hypervisor hardware • Alice has con fj dence in the wiki's PHP code • Still, lots of things can go wrong ...

  8. company Amazon Web Services Alice wiki PHP database request PHP runtime employee response web server employee OS OS OS hypervisor hypervisor hardware • Alice has con fj dence in the wiki's PHP code • Still, lots of things can go wrong ...

  9. company Amazon Web Services Alice wiki PHP database request PHP runtime employee response web server web server employee OS hypervisor hardware • Alice has con fj dence in the wiki's PHP code • Still, lots of things can go wrong ...

  10. company Amazon Web Services Alice kiwi PHP wiki PHP database request PHP runtime PCP runtime employee response web server web server employee OS OS OS hypervisor hypervisor hardware • Alice has con fj dence in the wiki's PHP code • Still, lots of things can go wrong ...

  11. company Amazon Web Services Alice kiwi PHP wiki PHP database request PHP runtime PCP runtime employee response web server web server employee OS OS OS hypervisor hypervisor hardware • Alice has con fj dence in the wiki's PHP code • Still, lots of things can go wrong ...

  12. company Amazon Web Services Alice kiwi PHP wiki PHP database request PHP runtime PCP runtime employee response web server web server employee OS OS OS hypervisor hypervisor hardware • Alice has con fj dence in the wiki's PHP code • Still, lots of things can go wrong ... • Ti us, Alice wants to audit the delivered responses – Are they derived from executing the actual application?

  13. Ti e E ffi cient Server Audit Problem server program

  14. Ti e E ffi cient Server Audit Problem online phase server requests program clients responses

  15. Ti e E ffi cient Server Audit Problem online phase server requests program clients responses 1. server is untrusted; can respond arbitrarily 2. server is concurrent

  16. Ti e E ffi cient Server Audit Problem online phase trace server collector requests program clients responses trace 1. server is untrusted; can respond arbitrarily 2. server is concurrent

  17. company Amazon Web Services wiki PHP Alice kiwi PHP wiki PHP database request PHP runtime PCP runtime employee response web server web server employee OS OS OS trace hypervisor hypervisor collector hardware

  18. Ti e E ffi cient Server Audit Problem online phase audit phase trace server collector verifier requests program clients responses trace 1. server is untrusted; can respond arbitrarily 2. server is concurrent

  19. Ti e E ffi cient Server Audit Problem online phase audit phase trace server collector verifier requests program requests program + clients ? responses = responses trace 1. server is untrusted; can respond arbitrarily 2. server is concurrent

  20. Ti e E ffi cient Server Audit Problem online phase audit phase trace server collector verifier requests program requests program + clients ? responses = responses trace 1. server is untrusted; can respond arbitrarily 2. server is concurrent 3. veri fj er is weaker than server 4. server overhead is low; legacy applications supported

  21. 1. server is untrusted… 2. server is concurrent Ti e E ffi cient Server Audit Problem 3. veri fj er is weaker than server 4. server overhead is low... online phase audit phase trace server collector verifier requests program requests program + clients ? responses = responses trace

  22. 1. server is untrusted… 1. server is untrusted… 2. server is concurrent 2. server is concurrent Ti e E ffi cient Server Audit Problem 3. veri fj er is weaker than server 3. veri fj er is weaker than server 4. server overhead is low... 4. server overhead is low... online phase audit phase trace server collector verifier requests program requests program + clients ? responses = responses trace • Combination of these four is a new problem. • Execution integrity is complementary to program veri fj cation.

  23. 1. server is untrusted… 2. server is concurrent What about naive re-execution? 3. veri fj er is weaker than server 4. server overhead is low... online phase audit phase trace server verifier collector requests program clients responses trace

  24. 1. server is untrusted… 2. server is concurrent What about naive re-execution? 3. veri fj er is weaker than server 4. server overhead is low... online phase audit phase trace server verifier collector requests program clients responses delivered responses trace ? = produced responses

  25. ✔ 1. server is untrusted… ✔ 2. server is concurrent What about naive re-execution? ❌ 3. v 3. veri eri fj fj er is weaker than server er is weaker than server ✔ 4. server overhead is low... online phase audit phase trace server verifier collector requests program clients responses delivered responses trace ? = produced responses • Ti is does not save the veri fj er work.

  26. ✔ ❓ 1. server is untrusted… 1. server is untrusted… 1. server is untrusted… ✔ ❓ 2. server is concurrent 2. server is concurrent 2. server is concurrent What about naive re-execution? ✔ ❌ 3. veri fj er is weaker than server 3. veri 3. veri fj er is weaker than server 3. v eri fj fj er is weaker than server er is weaker than server ❓ ✔ 4. server overhead is low... 4. server overhead is low... 4. server overhead is low... online phase audit phase trace server verifier collector requests program clients responses delivered responses trace ? = produced responses • Ti is does not save the veri fj er work. • Instead, we will accelerate re-execution.

  27. Rest of the talk 1. How does the veri fj er accelerate re-execution? (these two are in tension) 2. Why are shared objects (such as DBs) challenging? 3. Does our implementation for PHP perform well?

  28. Rest of the talk 1. How does the veri fj er accelerate re-execution? 1. How does the veri fj er accelerate re-execution? 2. Why are shared objects (such as DBs) challenging? 3. Does our implementation for PHP perform well?

  29. Accelerating re-execution: a 30,000-foot view server (online) verifier (offline) advice • Deduplicate computation across requests

  30. Poirot’s observation: repeated computation T. Kim, R. Chandra, and N. Zeldovich. Efficient patch-based audi>ng for web applica>ons. OSDI , 2012

  31. Poirot’s observation: repeated computation T. Kim, R. Chandra, and N. Zeldovich. Efficient patch-based audi>ng for web applica>ons. OSDI , 2012

  32. Poirot’s observation: repeated computation req i “My paper” req j “Another paper” T. Kim, R. Chandra, and N. Zeldovich. Efficient patch-based audi>ng for web applica>ons. OSDI , 2012

  33. Poirot’s observation: repeated computation req i “My paper” requires trusting the requires trusting the req j advice advice “Another paper” T. Kim, R. Chandra, and N. Zeldovich. Efficient patch-based audi>ng for web applica>ons. OSDI , 2012

  34. We accelerate re-execution without trusting the server server (online) verifier (offline) C : tag → {set of reqs} for each tag: – execute C (tag) with SIMD-on-demand – conduct unanimity checks

  35. We accelerate re-execution without trusting the server server (online) verifier (offline) C : tag → {set of reqs} for each tag: – execute C (tag) with SIMD-on-demand – conduct unanimity checks SIMD-on-demand re-executes identical instructions once. server verifier req i req i +req j req j

  36. SIMD-on-demand eliminates redundant computation main(a,b): req i: a=1;b=2 c ← a * b req j: a=2;b=1 c ← c + 1

  37. SIMD-on-demand eliminates redundant computation main(a,b): req i: a=1;b=2 c ← a * b req j: a=2;b=1 c ← c + 1 a=[1,2] * b=[2,1] c=[2,2] req i +req j +1 * • Multi-value represents di ff erent values of the same variable.

Recommend

1 Handling Return Traffic Handling Return Traffic URL Switching URL Switching Idea: switch

1 Handling Return Traffic Handling Return Traffic URL Switching URL Switching Idea: switch

The Server Selection Problem The Server Selection Problem server array A server farm B Which server? Server Traffic Management Server Traffic Management not-so-great solutions static client binding manual selection HTTP forwarding Jeff

810 views • 3 slides
Server Traffic Management Server Traffic Management Jeff Chase Duke University, Department of

Server Traffic Management Server Traffic Management Jeff Chase Duke University, Department of

Server Traffic Management Server Traffic Management Jeff Chase Duke University, Department of Computer Science CPS 212: Distributed Information Systems The Server Selection Problem The Server Selection Problem server array A server farm B

430 views • 14 slides
CS 10: Problem solving via Object Oriented Programming Client/Server Agenda 1. Sockets 2.

CS 10: Problem solving via Object Oriented Programming Client/Server Agenda 1. Sockets 2.

CS 10: Problem solving via Object Oriented Programming Client/Server Agenda 1. Sockets 2. Server 3. Multithreaded server 4. Chat server 2 Sockets are a way for computers to communicate Client 1 makes connection over socket IP:

503 views • 35 slides
A Walk Around the SQL Server 2012 Audit Feature Timothy P. McAliley Microsoft Premier Field

A Walk Around the SQL Server 2012 Audit Feature Timothy P. McAliley Microsoft Premier Field

A Walk Around the SQL Server 2012 Audit Feature Timothy P. McAliley Microsoft Premier Field Engineer | SQL Server www.NetComLearning.com Speaker Introduction: Timothy P. McAliley 14+ years in IT Currently work for Microsoft Premier

937 views • 54 slides
GTUG Why using Deduplicated-storage Fernand Lussier VP Research and Development Nonstop File

GTUG Why using Deduplicated-storage Fernand Lussier VP Research and Development Nonstop File

GTUG Why using Deduplicated-storage Fernand Lussier VP Research and Development Nonstop File type Hypothesis of simulation 1. Dynamic file : 1 or 2 % of dynamic file change every day. And represented 50% of the data. Ex Cardholder master

599 views • 15 slides
HOMELESSNESS: AN OLD PROBLEM WITH NEW FACES? Matthew Wilkins, lead author UK National Audit

HOMELESSNESS: AN OLD PROBLEM WITH NEW FACES? Matthew Wilkins, lead author UK National Audit

HOMELESSNESS: AN OLD PROBLEM WITH NEW FACES? Matthew Wilkins, lead author UK National Audit Office of Homelessness, September 2017 Ab About t the UK Na K Nation onal al Au Audit t Offic fice e (NAO AO) The National Audit

398 views • 13 slides
Immutability, or Putting the Dream Machine to Work The trie memory scheme is ine ffi cient for

Immutability, or Putting the Dream Machine to Work The trie memory scheme is ine ffi cient for

Immutability, or Putting the Dream Machine to Work The trie memory scheme is ine ffi cient for small memories, but it be- comes increasingly e ffi cient in using available storage space as memory size increases. The attractive features of the

867 views • 62 slides
Immutability, or Putting the Dream Machine to Work The trie memory scheme is ine ffi cient for

Immutability, or Putting the Dream Machine to Work The trie memory scheme is ine ffi cient for

Immutability, or Putting the Dream Machine to Work The trie memory scheme is ine ffi cient for small memories, but it be- comes increasingly e ffi cient in using available storage space as memory size increases. The attractive features of the

940 views • 60 slides
Deduplicated Storage Danny Harnik, Moshik Hershcovitch, Yosef Shatsky, Amir Epstein, Ronen Kat

Deduplicated Storage Danny Harnik, Moshik Hershcovitch, Yosef Shatsky, Amir Epstein, Ronen Kat

IBM Research - Haifa Sketching Volume Capacities in Deduplicated Storage Danny Harnik, Moshik Hershcovitch, Yosef Shatsky, Amir Epstein, Ronen Kat Previous Works on Estimating Data Reduction Plenty of previous works on data reduction

352 views • 17 slides
Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

E LIOM Tierless Web programming from the ground up Gabriel R ADANNE Jrme V OUILLON Vincent B ALAT Vasilis P APAVASILEIOU Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server DOM 2 2 / 22 1

778 views • 42 slides
Lecture 3. Su ffi ciency Lecture 3. Su ffi ciency 1 (114) 3. Su ffi ciency 3.1. Su ffi cient

Lecture 3. Su ffi ciency Lecture 3. Su ffi ciency 1 (114) 3. Su ffi ciency 3.1. Su ffi cient

0. Lecture 3. Su ffi ciency Lecture 3. Su ffi ciency 1 (114) 3. Su ffi ciency 3.1. Su ffi cient statistics Su ffi cient statistics The concept of su ffi ciency addresses the question Is there a statistic T ( X ) that in some sense contains

303 views • 14 slides
Server Server Server Server Server Datacenter Network (e.g., Ethernet, InfiniBand,

Server Server Server Server Server Datacenter Network (e.g., Ethernet, InfiniBand,

Chanwoo Chung , Jinhyung Koo, Junsu Im, Arvind , and Sungjin Lee DGIST and MIT NVRAMOS 19 2019.10.24 DATA -INTENSIVE COMPUTING SYSTEMS LAB ORATORY Computation Application Application Application Application Application

597 views • 48 slides
The Network Operation Centre of a RREN: The Network Operation Centre of a RREN: Anella Cient

The Network Operation Centre of a RREN: The Network Operation Centre of a RREN: Anella Cient

The Network Operation Centre of a RREN: The Network Operation Centre of a RREN: Anella Cient Anella Cient fica fica Maria Isabel Ganda Carriedo Communications Area, Systems & Networks Department, CESCA TF-NOC Preparation Meeting

731 views • 48 slides
Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit

Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit

Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit Manager June 26, 2018 1 OVERVIEW OF THE AUDIT PROCESS Audit Planning and Risk Assessment Audit Standards The audit was performed in

425 views • 13 slides
Section 3 Risk ASJ Stages of an Audit Audit Approaches ASJ In this approach, audit

Section 3 Risk ASJ Stages of an Audit Audit Approaches ASJ In this approach, audit

ASJ Section 3 Risk ASJ Stages of an Audit Audit Approaches ASJ In this approach, audit resources are targeted on testing large volumes of transactions and account balances without any particular focus on specified Substantive areas of

271 views • 16 slides
Parquet in Practice & Detail What is Parquet? How is it so e ffi cient? Why should I actually

Parquet in Practice & Detail What is Parquet? How is it so e ffi cient? Why should I actually

Parquet in Practice & Detail What is Parquet? How is it so e ffi cient? Why should I actually use it? About me Data Scientist at Blue Yonder (@BlueYonderTech) Committer to Apache {Arrow, Parquet} Work in Python, Cython, C++11 and

512 views • 22 slides
The ellipsoid method We have learned that the Markowitz mean-variance optimization problem is a

The ellipsoid method We have learned that the Markowitz mean-variance optimization problem is a

The ellipsoid method We have learned that the Markowitz mean-variance optimization problem is a convex programming problem. The good news is that there are effi- cient methods to solve such convex programming problems and in particu- lar

264 views • 10 slides
Presentation on Bank Audit Audit Procedures, LFAR, Tax Audit, Certification , Demonetization etc.

Presentation on Bank Audit Audit Procedures, LFAR, Tax Audit, Certification , Demonetization etc.

Presentation on Bank Audit Audit Procedures, LFAR, Tax Audit, Certification , Demonetization etc. VIP Chartered Accountants Study Circle By Rishi Khator FCA, CPA(US), CIFRS March 26, 2017 Traditional banking to high level financial

868 views • 64 slides
CompSci 514: Computer Networks Lecture 21-2: From BitTorrent to BitTyrant Problem Statement

CompSci 514: Computer Networks Lecture 21-2: From BitTorrent to BitTyrant Problem Statement

CompSci 514: Computer Networks Lecture 21-2: From BitTorrent to BitTyrant Problem Statement ... Server One-to-many content distribution Millions of clients downloading from the same server Evolving Solutions Observation:

737 views • 35 slides
Proving who you are Passwords and TLS Basic, fundamental problem Client Server (user)

Proving who you are Passwords and TLS Basic, fundamental problem Client Server (user)

Proving who you are Passwords and TLS Basic, fundamental problem Client Server (user) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers prove themselves in

702 views • 44 slides
Striving Towards a Better PRESENTATION HERE> Audit in 2017 Who we are At Audit Solutions

Striving Towards a Better PRESENTATION HERE> Audit in 2017 Who we are At Audit Solutions

<INSERT TITLE OF Striving Towards a Better PRESENTATION HERE> Audit in 2017 Who we are At Audit Solutions Queensland, our focus is on providing a comprehensive, independent and efficient audit process. Our difference is our personal

606 views • 59 slides
Task: Draw up an audit programme Please take the following facts and instructions as a basis: The

Task: Draw up an audit programme Please take the following facts and instructions as a basis: The

Audit Case Workshop about applying the checklist on Financial Audit of Public Procurement Task: Draw up an audit programme Please take the following facts and instructions as a basis: The audit plan for the next six months includes an audit of

229 views • 5 slides
Audit Partner Characteristics, Audit Quality and Audit Pricing in the U.S. Ally Zimmerman,

Audit Partner Characteristics, Audit Quality and Audit Pricing in the U.S. Ally Zimmerman,

Audit Partner Characteristics, Audit Quality and Audit Pricing in the U.S. Ally Zimmerman, Northern Illinois University, azimmerman5@niu.edu Al Nagy, John Carroll University, alnagy@jcu.edu 2016 Deloitte/KU Audit Symposium, May 20 8/16/2016 1

553 views • 17 slides
Audit Committee denvergov.org/Auditor Timothy M. O'Brien, CPA, Auditor 2 Audit Committee

Audit Committee denvergov.org/Auditor Timothy M. O'Brien, CPA, Auditor 2 Audit Committee

1 Audit Committee denvergov.org/Auditor Timothy M. O'Brien, CPA, Auditor 2 Audit Committee Affordable Housing Audit December 2018 Jared Miller, Audit Supervisor Pat Schafer, Audit Supervisor Shaun Wysong, Senior Auditor Chris Wilson,

485 views • 47 slides

More recommend