Atc ny friday-talk_20080808

•

0 likes•129 views

Title: System Support for Rapid Recovery and Attack Resistance

We propose a system to provide resistance to attack and rapid recovery from viruses,
worms, problematic system updates, and other negative system changes. Our system uses
two key techniques: isolation and intrusion detection. First, for isolation, we collect user
data in a file system virtual machine (FS-VM) so that system corruption does not
automatically compromise it. We also isolate groups of applications from each other by
placing them into virtual machines, called virtual machine appliances (VMAs), so that we
can place stronger limits on their behavior. User data is exported to the VMAs by the FS-VM
as needed. Second, for intrusion detection, we incorporate a standard network intrusion
detection system (NIDS) and firewall into a special network virtual machine (NET-VM) as
well as integrate file system access controls into the FS-VM. To support both isolation and
intrusion detection, we design a VMA contract system that is used to define the acceptable
behavior of each VMA in terms of network and file system access requirements as well as
any device access or system resource limits. The NET-VM enforces the network-based VMA
contract rules and the FS-VM enforces the file system-based VMA contract rules. We add
support for our system into a modern, low overhead, open source virtual machine monitor
(VMM), namely the Xen hypervisor. We discuss the design, implementation, and evaluation
of our proposed system. Evaluation of our system will be both in terms of performance costs
and effectiveness against various real world attacks.

More Related Content

More from Todd Deshane

Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)

Todd Deshane's PhD Proposal

Todd Deshane's PhD Proposal

Todd Deshane's PhD Proposal

Computer Security for Mission Assurance

Computer Security for Mission Assurance

Computer Security for Mission Assurance

S4 xen hypervisor_20080622

S4 xen hypervisor_20080622

S4 xen hypervisor_20080622

S4 xen hypervisor_20080622

S4 xen hypervisor_20080622

S4 xen hypervisor_20080622

Ph d proposal_20070809

Ph d proposal_20070809

Ph d proposal_20070809

Ph d proposal_20070809

Ph d proposal_20070809

Ph d proposal_20070809

Ece seminar 20070927

Ece seminar 20070927

Ece seminar 20070927

Ece seminar 20070927

Ece seminar 20070927

Ece seminar 20070927

Cs seminar 20071207

Cs seminar 20071207

Cs seminar 20071207

Cs seminar 20071207

Cs seminar 20071207

Cs seminar 20071207

Cs seminar 20070426

Cs seminar 20070426

Cs seminar 20070426

Cs seminar 20070426

Cs seminar 20070426

Cs seminar 20070426

Cs seminar 20061207

Cs seminar 20061207

Cs seminar 20061207

Cs seminar 20061207

Cs seminar 20061207

Cs seminar 20061207

Csaw research poster_20071204

Csaw research poster_20071204

Csaw research poster_20071204

Atc ny friday-talk_slides_20080808

Atc ny friday-talk_slides_20080808

Atc ny friday-talk_slides_20080808

Atc ny friday-talk_20080808

Atc ny friday-talk_20080808

Atc ny friday-talk_20080808

2010 xen-lisa

More from Todd Deshane (20)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)

Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)

Todd Deshane's PhD Proposal

Todd Deshane's PhD Proposal

Todd Deshane's PhD Proposal

Computer Security for Mission Assurance

Computer Security for Mission Assurance

Computer Security for Mission Assurance

S4 xen hypervisor_20080622

S4 xen hypervisor_20080622

S4 xen hypervisor_20080622

S4 xen hypervisor_20080622

S4 xen hypervisor_20080622

S4 xen hypervisor_20080622

Ph d proposal_20070809

Ph d proposal_20070809

Ph d proposal_20070809

Ph d proposal_20070809

Ph d proposal_20070809

Ph d proposal_20070809

Ece seminar 20070927

Ece seminar 20070927

Ece seminar 20070927

Ece seminar 20070927

Ece seminar 20070927

Ece seminar 20070927

Cs seminar 20071207

Cs seminar 20071207

Cs seminar 20071207

Cs seminar 20071207

Cs seminar 20071207

Cs seminar 20071207

Cs seminar 20070426

Cs seminar 20070426

Cs seminar 20070426

Cs seminar 20070426

Cs seminar 20070426

Cs seminar 20070426

Cs seminar 20061207

Cs seminar 20061207

Cs seminar 20061207

Cs seminar 20061207

Cs seminar 20061207

Cs seminar 20061207

Csaw research poster_20071204

Csaw research poster_20071204

Csaw research poster_20071204

Atc ny friday-talk_slides_20080808

Atc ny friday-talk_slides_20080808

Atc ny friday-talk_slides_20080808

Atc ny friday-talk_20080808

Atc ny friday-talk_20080808

Atc ny friday-talk_20080808

2010 xen-lisa

Recently uploaded

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

Optimizing NoSQL Performance Through Observability

Optimizing NoSQL Performance Through Observability

Join me in this session where I'll share our journey of building a fully serverless application that flawlessly managed check-ins for an event with a staggering 80 thousand registrations. We'll dive into three key strategies that made this possible. Firstly, by harnessing DynamoDB global tables, we ensured global service availability and data replication across regions, boosting performance and disaster recovery. Next, we'll explore how we seamlessly integrated real-time updates into the app using Appsync subscriptions, making the experience dynamic and engaging for users. Finally, I'll discuss how provisioned concurrency not only improved performance but also kept costs in check, highlighting the cost-effectiveness of serverless architectures. Through these strategies and the inherent scalability of serverless technology, our application effortlessly handled massive user loads without manual intervention. This session is a real world example to the power and efficiency of modern cloud-based solutions in enabling seamless scalability and robust performance with Serverless

How we scaled to 80K users by doing nothing!.pdf

How we scaled to 80K users by doing nothing!.pdf

How we scaled to 80K users by doing nothing!.pdf

Srushith Repakula

What's New in Teams Calling, Meetings and Devices April 2024

What's New in Teams Calling, Meetings and Devices April 2024

What's New in Teams Calling, Meetings and Devices April 2024

Stephanie Beckett

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

Intro in Product Management - Коротко про професію продакт менеджера

Intro in Product Management - Коротко про професію продакт менеджера

Intro in Product Management - Коротко про професію продакт менеджера

The presentation underscores the strategic advantage of treating design systems not just as technical assets but as vital business components that require thoughtful management, robust planning, and strategic alignment with organizational goals. Key Points Covered: - Understanding Design Systems as Business Entities: Conceptualizing design systems as internal business entities can streamline their integration and evolution within a company. - Adoption and Expansion: Elaborating on the importance of tactical adoption across organizational structures, enhancing product suites to cater to user needs and broadening scope to mobile and content authoring solutions. - Data-Driven Development: Utilizing data insights for component development ensures that resources are allocated to create valuable, widely used features. - Financial Modeling for Design Systems: Developing sustainable funding models is crucial for long-term support and success of design systems. - Promoting Internal Buy-In: Stressing on strategies for promoting design systems within the organization to increase engagement and investment from internal stakeholders.

A Business-Centric Approach to Design System Strategy

A Business-Centric Approach to Design System Strategy

A Business-Centric Approach to Design System Strategy

PLAI - Acceleration Program for Generative A.I. Startups

PLAI - Acceleration Program for Generative A.I. Startups

PLAI - Acceleration Program for Generative A.I. Startups

When you think of a highly secure meeting environment, do you instantly think 'Microsoft Teams'!? Or do you think about some unknown application, troublesome UI and daunting login process...? If you think the latter - let's change that! In this session Femke will show you how using Teams Premium features can create secure, but also good looking meetings! PRETTY. Make sure your company's brand is represented before, during and after the meeting with Customization policies in place. SECURE. Lets utilize Meeting templates and Sensitivity Labels to protect your meeting and data to prevent sensitive information from being leaked. After this session, you will have a clear understanding of the capabilities of Teams Premium features and how to set up the perfect meeting that suits your organizational requirements!

ECS 2024 Teams Premium - Pretty Secure

ECS 2024 Teams Premium - Pretty Secure

ECS 2024 Teams Premium - Pretty Secure

Femke de Vroome

This talk offers actionable insights at an executive level for enhancing productivity and refining your portfolio management approach to propel your organization to greater heights. Key Points Covered: 1. Experience Transformation: - The core challenge remains consistent across organizations: converting budget into user-centric designs. - Strategies for deploying design resources effectively in both startups and large enterprises. 2. Strategic Frameworks: - Introduction to the "Ziggurat of Impact" model, detailing layers from basic system interactions to comprehensive customer experiences. - Practical insights on creating frameworks that scale with organizational complexity. 3. Organizational Impact: - Real-world examples of navigating design in large settings, focusing on the synthesis of consumer products and customer experiences. - Emphasis on the importance of designing systems that directly influence customer interactions. 4. Design Execution: - Detailed walkthrough of organizational layers affecting design execution, from touchpoints and customer activities to shared capabilities. - How to ensure design influences both the micro and macro aspects of customer interactions. 5. Measurement and Adaptation: - Techniques for measuring the impact of design decisions and adapting strategies based on data-driven insights. - The critical role of continuous improvement and feedback in refining customer experiences.

Structuring Teams and Portfolios for Success

Structuring Teams and Portfolios for Success

Structuring Teams and Portfolios for Success

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

marcuskenyatta275

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

The Metaverse: Are We There Yet?

The Metaverse: Are We There Yet?

The Metaverse: Are We There Yet?

Mark Billinghurst

Explore the core of Salesforce success in 'Salesforce Adoption – Metrics, Methods, and Motivation.' We will discuss essential metrics, effective methods to drive adoption, and the driving force behind user engagement and explore strategies for onboarding, training, and continuous support that empower users to navigate the platform seamlessly. By leveraging these tools, you can effectively measure adoption against your company’s goals and create an environment where users not only adopt Salesforce but actively contribute to its ongoing success.

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Webinar Recording: https://www.panagenda.com/webinars/easier-faster-and-more-powerful-notes-document-properties-reimagined/ Have you ever felt frustrated by the small properties dialog in Notes? Had to create an agent or button to quickly change a field? Searched endlessly for the field you wanted to compare each time you selected a new document? Wished you could just make the damned thing bigger? Luckily, there is a solution – and you probably already have it installed! With the free panagenda Document Properties (Pro) you get the properties dialog you always needed. Big, resizable, full-text searchable. View multiple documents at once or compare them with a diff viewer. Modify any field, and finally have an easy way to handle profile documents for all users. Join HCL Lifetime Ambassador Julian Robichaux to discover how Document Properties can simplify your work and assist you daily when using Domino applications – in the client or the designer. You will never look back! Key takeaways from this session - What Document Properties is, which editions there are, and how you can find it in Notes and Domino Designer - How you can search for and edit any field, compare documents, or CSV export all data - How to find, edit, and even delete profile documents - Which configuration settings are available to customize feature

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Designing inclusive products is not only a social responsibility but also a business imperative. This talk delves into the journey of creating accessible hardware products that cater to diverse user needs. Key Topics Covered: 1. Introduction to Inclusive Design - Importance of accessibility in product design - Overview of Comcast's commitment to making products accessible to a wide audience 2. Case Study: Xfinity Large Button Voice Remote - Initial challenges and the evolution of the product - User research and feedback that shaped the design - Key features of the final product and their benefits 3. Designing for Diverse Needs - Understanding human-centered design and its historical context - The impact of designing for people with disabilities on overall product quality - Examples from other industries, such as architecture and industrial design 4. Integrating Accessibility from the Beginning - The cost and efficiency benefits of designing for accessibility from the start - The process of embedding accessibility as a core trait rather than an optional feature 5. Real-World Impact and Continuous Improvement - Insights from in-home studies with users having assistive needs - How continuous feedback and iterative design lead to better products - The role of inclusive research and development practices

Designing for Hardware Accessibility at Comcast

Designing for Hardware Accessibility at Comcast

Designing for Hardware Accessibility at Comcast

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

Google I/O Extended 2024 Warsaw

Google I/O Extended 2024 Warsaw

Google I/O Extended 2024 Warsaw

IESVE for Early Stage Design and Planning

IESVE for Early Stage Design and Planning

IESVE for Early Stage Design and Planning

Recently uploaded (20)

Optimizing NoSQL Performance Through Observability

Optimizing NoSQL Performance Through Observability

Optimizing NoSQL Performance Through Observability

How we scaled to 80K users by doing nothing!.pdf

How we scaled to 80K users by doing nothing!.pdf

How we scaled to 80K users by doing nothing!.pdf

What's New in Teams Calling, Meetings and Devices April 2024

What's New in Teams Calling, Meetings and Devices April 2024

What's New in Teams Calling, Meetings and Devices April 2024

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

Intro in Product Management - Коротко про професію продакт менеджера

Intro in Product Management - Коротко про професію продакт менеджера

Intro in Product Management - Коротко про професію продакт менеджера

A Business-Centric Approach to Design System Strategy

A Business-Centric Approach to Design System Strategy

A Business-Centric Approach to Design System Strategy

PLAI - Acceleration Program for Generative A.I. Startups

PLAI - Acceleration Program for Generative A.I. Startups

PLAI - Acceleration Program for Generative A.I. Startups

ECS 2024 Teams Premium - Pretty Secure

ECS 2024 Teams Premium - Pretty Secure

ECS 2024 Teams Premium - Pretty Secure

Structuring Teams and Portfolios for Success

Structuring Teams and Portfolios for Success

Structuring Teams and Portfolios for Success

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

The Metaverse: Are We There Yet?

The Metaverse: Are We There Yet?

The Metaverse: Are We There Yet?

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Designing for Hardware Accessibility at Comcast

Designing for Hardware Accessibility at Comcast

Designing for Hardware Accessibility at Comcast

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

Google I/O Extended 2024 Warsaw

Google I/O Extended 2024 Warsaw

Google I/O Extended 2024 Warsaw

IESVE for Early Stage Design and Planning

IESVE for Early Stage Design and Planning

IESVE for Early Stage Design and Planning

Atc ny friday-talk_20080808

1. Title: System Support for Rapid Recovery and Attack Resistance We propose a system to provide resistance to attack and rapid recovery from viruses, worms, problematic system updates, and other negative system changes. Our system uses two key techniques: isolation and intrusion detection. First, for isolation, we collect user data in a file system virtual machine (FS-VM) so that system corruption does not automatically compromise it. We also isolate groups of applications from each other by placing them into virtual machines, called virtual machine appliances (VMAs), so that we can place stronger limits on their behavior. User data is exported to the VMAs by the FS-VM as needed. Second, for intrusion detection, we incorporate a standard network intrusion detection system (NIDS) and firewall into a special network virtual machine (NET-VM) as well as integrate file system access controls into the FS-VM. To support both isolation and intrusion detection, we design a VMA contract system that is used to define the acceptable behavior of each VMA in terms of network and file system access requirements as well as any device access or system resource limits. The NET-VM enforces the network-based VMA contract rules and the FS-VM enforces the file system-based VMA contract rules. We add support for our system into a modern, low overhead, open source virtual machine monitor (VMM), namely the Xen hypervisor. We discuss the design, implementation, and evaluation of our proposed system. Evaluation of our system will be both in terms of performance costs and effectiveness against various real world attacks.