1. TRUST Self-Organizing Systems Emin G ü n Sirer, Cornell University

2. TRUST 2 Focus Area Self-organizing systems –Future systems will be increasingly networked, increasingly complex, and increasingly difficult to manage manually Beehive / CoDoNS –A secure peer-to-peer overlay to supplant and replace DNS MagnetOS –A distributed operating system for ad hoc networks Herbivore –A peer-to-peer anonymous communication system

3. TRUST 3 Beehive Domain –Critical infrastructure, DNS –Structured peer-to-peer overlays Problem –DNS is open to denial-of-service attacks –Structured P2P systems do not provide low-latency lookups Approach

4. TRUST 4 Beehive Approach general replication framework suitable for structured DHTs –decentralization, self-organization, resilience properties –high performance: O(1) average lookup time –scalable: minimize number of replicas and reduce storage, bandwidth, and network load –adaptive: promptly respond to changes in popularity – flash crowds

5. TRUST 5 Beehive Intuition tunable latency –adjust extent of replication for each object fundamental space- time tradeoff 2012 0021 0112 0122

6. TRUST 6 Optimal Closed-form Solution d i (K’ – C) 1 + d + … + d K’-1 1 1 -  [ ] x* i =, 0  i  K’ – 1 where d = b (1-  ) / , K’  i  K K’ is determined by setting x* K’-1  1  d K’-1 (K’ – C) / (1 + d + … + d K’-1 )  1 1

7. TRUST 7 Beehive Results Built and deployed a replacement for DNS based on the Beehive result –50-100 PlanetLab nodes + additional ISPs, CNNIC (.cn registrar) high performance –low lookup latency –median latency of 7 ms for codons (planet-lab), 39 ms for legacy DNS secure –resilient against denial of service attacks –load balances around hotspots –self configures around host and network failures fast, coherent updates –no TTLs, updates can be propagated at any time

8. TRUST 8 MagnetOS Domain –Ad hoc networks of mobile nodes Problem –No programming model –Hard to develop applications –Need an arbiter Approach –An adaptive single system image operating system

9. TRUST 9 Approach Provide a unifying single-system image abstraction –The entire network looks like a single machine MagnetOS performs automatic partitioning –Converts applications into distributed components that communicate over a network MagnetOS provides transparent component migration –Moves application components within the network to improve performance metrics

10. TRUST 10 Automatic Partitioning Provide a unifying single-system image abstraction –The entire network looks like a single machine MagnetOS performs automatic partitioning –Converts applications into distributed components that communicate over a network MagnetOS provides transparent component migration –Moves application components within the network to improve performance metrics JVM App MagnetOS Rewriter

11. TRUST 11 MagnetOS Results and Open Issues Power-efficient –Extends system lifetime by a factor of four to five over the standard approaches Open issues –Fault-tolerance for application components –Power-efficient routing and placement techniques –Software techniques for large-scale network simulations

12. TRUST 12 Herbivore Domain –Wide area networks, e.g. Internet Problem –Communication protocols do not provide privacy Approach –A scalable, efficient, provably anonymous communication system

13. TRUST 13 Herbivore Approach Provably anonymous –Dining cryptographer networks Scalable –Divide and conquer the network into cliques Efficient –Wire-level protocol sends only two bits per client

14. TRUST 14 Herbivore Results and Open Issues First practical anonymous communication system –Anonymous unicast and broadcast primitives layered on top of the insecure Internet Prototype deployed to 50 sites across the Internet –Achieves 200 Kbits/second, 500ms latency! Design of anonymous applications still an open issue –Messaging, Filesharing, Web-browsing, Voting, …

15. TRUST 15 Further Information E. Gün Sirer egs@cs.cornell.edu http://www.cs.cornell.edu/People/egs/