Boris Dragovic

Bio: Boris Dragovic is an academic researcher from University of Cambridge. The author has contributed to research in topics: Security information and event management & Information security management. The author has an hindex of 7, co-authored 9 publications receiving 6443 citations.

Xen and the art of virtualization

Abstract: Numerous systems have been designed which use virtualization to subdivide the ample resources of a modern computer. Some require specialized hardware, or cannot support commodity operating systems. Some target 100% binary compatibility at the expense of performance. Others sacrifice security or functionality for speed. Few offer resource isolation or performance guarantees; most provide only best-effort provisioning, risking denial of service.This paper presents Xen, an x86 virtual machine monitor which allows multiple commodity operating systems to share conventional hardware in a safe and resource managed fashion, but without sacrificing either performance or functionality. This is achieved by providing an idealized virtual machine abstraction to which operating systems such as Linux, BSD and Windows XP, can be ported with minimal effort.Our design is targeted at hosting up to 100 virtual machine instances simultaneously on a modern server. The virtualization approach taken by Xen is extremely efficient: we allow operating systems such as Linux and Windows XP to be hosted simultaneously for a negligible performance overhead --- at most a few percent compared with the unvirtualized case. We considerably outperform competing commercial and freely available solutions in a range of microbenchmarks and system-wide tests.

Pinocchio: Incentives for Honest Participation in Distributed Trust Management

Abstract: In this paper, we introduce a framework for providing incentives for honest participation in global-scale distributed trust management infrastructures. Our system can improve the quality of information supplied by these systems by reducing free-riding and encouraging honesty. Our approach is twofold: (1) we provide rewards for participants that advertise their experiences to others, and (2) impose the credible threat of halting the rewards, for a substantial amount of time, for participants who consistently provide suspicious feedback. For this purpose we develop an honesty metric which can indicate the accuracy of feedback.

XenoTrust: event-based distributed trust management

Abstract: This paper describes XenoTrust, the trust management architecture used in the XenoServer Open Platform: a public infrastructure for wide-area computing, capable of hosting tasks that span the full spectrum of distributed paradigms. We suggest that using an event-based publish /subscribe methodology for the storage, retrieval and aggregation of reputation information can help exploiting asynchrony and simplicity, as well as improving scalability.

Managing trust and reputation in the XenoServer open platform

Abstract: Participants in public distributed computing do not find it easy to trust each other. The massive number of parties involved, their heterogeneous backgrounds, disparate goals and independent nature are not a good basis for the development of relationships through purely social mechanisms. This paper discusses the trust management issues that arise in the context of the XenoServer Open Platform: a public infrastructure for wide-area computing, capable of hosting tasks that span the full spectrum of distributed paradigms. We examine the meaning and necessity of trust in our platform, and present our trust management architecture, named XenoTrust. Our system allows participants of our platform to express their beliefs and advertise them, by submitting them to the system. It provides aggregate information about other participants' beliefs, by supporting the deployment of rule-sets, defining how beliefs can be combined. XenoTrust follows the same design principles that we are using throughout the XenoServer project: it provides a flexible platform over which many of the interesting distributed trust management algorithms presented in the literature can be evaluated in a large-scale wide-area setting.

Information exposure control through data manipulation for ubiquitous computing

Abstract: The vision of Ubiquitous Computing [22] creates the world in which information is omnipresent, migrating seamlessly through the environment to be accessible whenever and wherever needed. Such a vision poses substantial challenges to information security and privacy protection.Unlike in traditional, static, execution environments, information in the Ubiquitous world is exposed, throughout its lifetime, to constantly varying security and privacy threats caused by the inherent dynamicity and unpredictability of the new computing environment and its mobility. Existing data protection mechanisms, built for non- or predictably slowly-changing environments, are unable to strike the balance in the information availability vs. security and privacy threat trade-off in the Ubiquitous world thus hindering the feasibility of the overall vision.In this paper, we present our initial work on a novel paradigm for information security and privacy protection in the ubiquitous world. We model security and privacy threats through sets of contextual attributes and mitigate the projected risks through proactive and reactive data format transformations, subsetting and forced migrations while trying to maximize information availability. We also try to make the approach flexible, scalable and infrastructure independent, as required by the very vision of the Ubiquitous Computing.

Live migration of virtual machines

Abstract: Migrating operating system instances across distinct physical hosts is a useful tool for administrators of data centers and clusters: It allows a clean separation between hard-ware and software, and facilitates fault management, load balancing, and low-level system maintenance.By carrying out the majority of migration while OSes continue to run, we achieve impressive performance with minimal service downtimes; we demonstrate the migration of entire OS instances on a commodity cluster, recording service downtimes as low as 60ms. We show that that our performance is sufficient to make live migration a practical tool even for servers running interactive loads.In this paper we consider the design options for migrating OSes running services with liveness constraints, focusing on data center and cluster environments. We introduce and analyze the concept of writable working set, and present the design, implementation and evaluation of high-performance OS migration built on top of the Xen VMM.

A Survey on Mobile Edge Computing: The Communication Perspective

Abstract: Driven by the visions of Internet of Things and 5G communications, recent years have seen a paradigm shift in mobile computing, from the centralized mobile cloud computing toward mobile edge computing (MEC). The main feature of MEC is to push mobile computing, network control and storage to the network edges (e.g., base stations and access points) so as to enable computation-intensive and latency-critical applications at the resource-limited mobile devices. MEC promises dramatic reduction in latency and mobile energy consumption, tackling the key challenges for materializing 5G vision. The promised gains of MEC have motivated extensive efforts in both academia and industry on developing the technology. A main thrust of MEC research is to seamlessly merge the two disciplines of wireless communications and mobile computing, resulting in a wide-range of new designs ranging from techniques for computation offloading to network architectures. This paper provides a comprehensive survey of the state-of-the-art MEC research with a focus on joint radio-and-computational resource management. We also discuss a set of issues, challenges, and future research directions for MEC research, including MEC system deployment, cache-enabled MEC, mobility management for MEC, green MEC, as well as privacy-aware MEC. Advancements in these directions will facilitate the transformation of MEC from theory to practice. Finally, we introduce recent standardization efforts on MEC as well as some typical MEC application scenarios.

A Survey on Mobile Edge Computing: The Communication Perspective

Abstract: Driven by the visions of Internet of Things and 5G communications, recent years have seen a paradigm shift in mobile computing, from the centralized Mobile Cloud Computing towards Mobile Edge Computing (MEC). The main feature of MEC is to push mobile computing, network control and storage to the network edges (e.g., base stations and access points) so as to enable computation-intensive and latency-critical applications at the resource-limited mobile devices. MEC promises dramatic reduction in latency and mobile energy consumption, tackling the key challenges for materializing 5G vision. The promised gains of MEC have motivated extensive efforts in both academia and industry on developing the technology. A main thrust of MEC research is to seamlessly merge the two disciplines of wireless communications and mobile computing, resulting in a wide-range of new designs ranging from techniques for computation offloading to network architectures. This paper provides a comprehensive survey of the state-of-the-art MEC research with a focus on joint radio-and-computational resource management. We also present a research outlook consisting of a set of promising directions for MEC research, including MEC system deployment, cache-enabled MEC, mobility management for MEC, green MEC, as well as privacy-aware MEC. Advancements in these directions will facilitate the transformation of MEC from theory to practice. Finally, we introduce recent standardization efforts on MEC as well as some typical MEC application scenarios.