List of Papers

• Upgrading Transport Protocols using Mobile Code
• Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted R Applications
• ****The Google File System
• Preserving Peer Replicas By Rate-Limited Sampled Voting
• Decentralized User Authentication in a Global File System
• ****Performance Debugging for Distributed Systems of Black Boxes
• Transforming Policies into Mechanisms with Infokernel
• User-level Internet Path Diagnosis
• **Samsara: Honor Among Thieves in Peer-to-Peer Storage
• SHARP: An Architecture for Secure Resource Peering
• Energy-Efficient Soft Real-Time CPU Scheduling for Mobile Multimedia Systems
• **Xen and the Art of Virtualization
• ***Implementing an Untrusted Operating System on Trusted Hardware
• Terra: A Virtual-Machine Based Platform for Trusted Computing
• Improving the Reliability of Commodity Operating Systems
• ***Backtracking Intrusions
• ***RacerX: Effective, Static Detection of Race Conditions and Deadlocks
• Separating Agreement from Execution for Byzantine Fault Tolerant Services
• Capriccio: Scalable Threads for Internet Services
• **Bullet: High Bandwidth Data Dissemination Using an Overlay Mesh
• SplitStream: High-Bandwidth Multicast in Cooperative Environments
• Measurement, Modeling, and Analysis of a Peer-to-Peer File-Sharing Workload

• Reverse-Engineering the Internet
• The Measurement Manifesto
• Sophia: An Information Plane for Networked Systems
• The Cutting EDGE of IP Router Configuration
• Enabling Large-scale Wireless Broadband: The Case for TAPs
• Turning 802.11 Inside-Out
• Preventing Internet Denial-of-Service with Capabilities
• Taming IP Packet Flooding Attacks
• Honeycomb - Creating Intrusion Detection Signatures Using Honeypots
• The Dark Side of the Web: An Open Proxy's View
• Repeatable and Realistic Wireless Experimentation through Physical Emulation
• Opportunistic Routing in Multi-Hop Wireless Networks
• MAC-Layer Anycasting in Wireless Ad Hoc Networks
• Decoupling Policy from Mechanism in Internet Routing
• Practical Verification Techniques for Wide-Area Routing
• Unmanaged Internet Protocol
• Unveiling the Transport
• A Case for Run-time Adaptation in Packet Processing Systems
• Practical, Distributed Network Coordinates
• Exposing Resource Tradeoffs in Region-Based Communication Abstractions for Sensor Networks
• Coping with irregular spatio-temporal sampling in sensor networks
• Should we build Gnutella on a structured overlay?
• A Case for Testbed Embedding Services

• *****Remote Timing Attacks Are Practical
• 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions
• ***Denial of Service via Algorithmic Complexity Attacks
• Plug-and-Play PKI: A PKI Your Mother Can Use
• Analyzing Integrity Protection in the SELinux Example Policy
• PointGuard?: Protecting Pointers from Buffer Overflow Vulnerabilities
• Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
• High Coverage Detection of Input-Related Security Faults
• ***Storage-based Intrusion Detection: Watching Storage Activity for Suspicious Behavior
• Detecting Malicious Java Code Using Virtual Machine Auditing
• Static Analysis of Executables to Detect Malicious Patterns
• SSL Splitting: Securely Serving Data from Untrusted Caches
• A New Two-Server Approach for Authentication with Short Secrets
• Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC
• Preventing Privilege Escalation
• Dynamic Detection and Prevention of Race Conditions in File Accesses
• Improving Host Security with System Call Policies
• Scrash: A System for Generating Secure Crash Information
• ***Implementing and Testing a Virus Throttle
• ****Establishing the Genuinity of Remote Computer Systems

• ****Undo for Operators: Building an Undoable E-mail Store
• Role Classification of Hosts Within Enterprise Networks
• ***A Cooperative Internet Backup Scheme
• ***Currentcy: A Unifying Abstraction for Expressing Energy
• Design and Implementation of Power-Aware Virtual Memory
• Operating System Support for Virtual Machines
• A Multi-User Virtual Machine
• ***In-Place Rsync: File Synchronization for Mobile and Wireless Devices
• A Logic File System
• Application-Specific Delta-Encoding via Resemblance Detection
• **Opportunistic Use of Content Addressable Storage for Distributed File Systems
• System Support for Online Reconfiguration
• Checkpoints of GUI-based Applications
• CUP: Controlled Update Propagation in Peer-to-Peer Networks
• The Design of the OpenBSD Cryptographic Framework
• NCryptfs: A Secure and Convenient Cryptographic File System
• **A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks
• Kernel Support for Faster Web Proxies

• High Availability, Scalable Storage, Dynamic Peer Networks: Pick Two
• **One Hop Lookups for Peer-to-Peer Overlays
• An Analysis of Compare-by-hash
• **Why Events Are a Bad Idea (for High-Concurrency Servers)
• TCP Offload Is a Dumb Idea Whose Time Has Come
• TCP Meets Mobile Code
• Exploiting the Synergy between Peer-to-Peer and Mobile Ad Hoc Networks
• Scheduling and Simulation: How to Upgrade Distributed Systems
• Development Tools for Distributed Applications
• Virtual Appliances in the Collective: A Road to Hassle-Free Computing
• POST: A Secure, Resilient, Cooperative Messaging System
• Cosy: Develop in User-Land, Run in Kernel-Mode
• ***Why Can't I Find My Files? New Methods for Automating Attribute Assignment
• Secure Data Replication over Untrusted Hosts
• Palimpsest: Soft-Capacity Storage for Planetary-Scale Services
• Certifying Program Execution with Secure Processors
• Hardware Works, Software Doesn't: Enforcing Modularity with Mondriaan Memory Protection
• Flexible OS Support and Applications for Trusted Computing
• Sensing User Intention and Context for Energy Management
• Access Control to Information in Pervasive Computing Environments
• Privacy-Aware Location Sensor Networks
• FAB: Enterprise Storage Systems on a Shoestring
• The Case for a Session State Storage Layer
• Towards a Semantic-Aware File Store

• ***Pond: The OceanStore Prototype
• Data Staging on Untrusted Surrogates
• Plutus: Scalable Secure File Sharing on Untrusted Storage
• Metadata Efficiency in Versioning File Systems
• yFS: A Journaling File System Design for Handling Large Data Sets with Reduced Seeking
• ***Semantically-Smart Disk Systems
• ****Using MEMS-Based Storage in Disk Arrays
• Optimizing Probe-Based Storage
• ARC: A Self-Tuning, Low Overhead Replacement Cache
• Fa?ade: Virtual Storage Devices with Performance Guarantees
• Design and Implementation of Semi-preemptible IO
• Block-Level Security for Network-Attached Disks
• ***The Direct Access File System
• Making the Most Out of Direct-Access Network Attached Storage
• Passive NFS Tracing of Email and Research Workloads
• Modeling Hard-Disk Power Consumption
• Storage Over IP: When Does Hardware Support Help?
• More Than an Interface?SCSI vs. ATA

• FARSITE: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment
• Taming Aggressive Replication in the Pangaea Wide-Area File System
• Ivy: A Read/Write Peer-to-Peer File System
• ***Defensive Programming: Using an Annotation Toolkit to Build DoS-Resistant Software
• Using Model Checking to Debug Device Firmware
• CMC: A Pragmatic Approach to Model Checking Real Code
• ***Practical, Transparent Operating System Support for Superpages
• Vertigo: Automatic Performance-Setting for Linux
• Cooperative I/O: A Novel I/O Semantics for Energy-Aware Applications Andreas
• ***TAG: A Tiny AGgregation Service for Ad-Hoc Sensor Networks
• ***Fine-Grained Network Time Synchronization Using Reference Broadcasts
• Supporting Time-Sensitive Applications on a Commodity OS
• ***Memory Resource Management in VMware ESX Server
• Scale and Performance in the Denali Isolation Kernel
• ***ReVirt: Enabling Intrusion Analysis Through Virtual-Machine Logging and Replay
• Integrated Resource Management for Cluster-based Internet Services
• Resource Overbooking and Application Profiling in Shared Hosting Platforms
• An Integrated Experimental Environment for Distributed Systems and Networks
• ***Scalability and Accuracy in a Large-Scale Network Emulator
• Pastiche: Making Backup Cheap and Easy
• Secure Routing for Structured Peer-to-Peer Overlay Networks
• ***An Analysis of Internet Content Delivery Systems
• TCP Nice: A Mechanism for Background Transfers
• The Effectiveness of Request Redirection on CDN Robustness
• The Design and Implementation of Zap: A System for Migrating Computing Environments
• Optimizing the Migration of Virtual Computers
• Luna: A Flexible Java Protection System