Will Tracz, our esteemed editor and Used-Program salesman, has written an entertaining, non-technical book dealing with the practice (and lack of) of software reuse. Its a collection of essays, mostly rehashed (reused?) and updated from various columns and papers published over the years.. Its a short (a bit over 200 pages) easy reading and enjoyable book (I read most of it in one sitting). Some of the essays discuss what was printed in the past and a discussion of the current status of the points.

Safeware: System Safety and Computers

TCP Throughput Collapse, also known as Incast, is a pathological behavior of TCP that results in gross under-utilization of link capacity in certain many-to-one communication patterns. This phenomenon has been observed by others in distributed storage, MapReduce and web-search workloads. In this paper we focus on understanding the dynamics of Incast. We use empirical data to reason about the dynamic system of simultaneously communicating TCP entities. We propose an analytical model to account for the observed Incast symptoms, identify contributory factors, and explore the efficacy of solutions proposed by us and by others.

/pdf/understanding-tcp-incast-throughput-collapse-in-datacenter-1mim2srs1b.pdf

Understanding TCP incast throughput collapse in datacenter networks

Web applications have now become so sophisticated that rendering a typical page may require hundreds of intra-datacenter flows. At the same time, web sites must meet strict page creation deadlines of 200-300ms to satisfy user demands for interactivity. Long-tailed flow completion times make it challenging for web sites to meet these constraints. They are forced to choose between rendering a subset of the complex page, or delay its rendering, thus missing deadlines and sacrificing either quality or responsiveness. Either option leads to potential financial loss.In this paper, we present a new cross-layer network stack aimed at reducing the long tail of flow completion times. The approach exploits cross-layer information to reduce packet drops, prioritize latency-sensitive flows, and evenly distribute network load, effectively reducing the long tail of flow completion times. We evaluate our approach through NS-3 based simulation and Click-based implementation demonstrating our ability to consistently reduce the tail across a wide range of workloads. We often achieve reductions of over 50% in 99.9th percentile flow completion times.

/pdf/detail-reducing-the-flow-completion-time-tail-in-datacenter-1zbmc6308a.pdf

DeTail: reducing the flow completion time tail in datacenter networks

A roadmap for security challenges in the Internet of Things

Data centers deploy a variety of middleboxes (e.g., firewalls, load balancers and SSL offloaders) to protect, manage and improve the performance of applications and services they run. Since existing networks provide limited support for middleboxes, administrators typically overload path selection mechanisms to coerce traffic through the desired sequences of middleboxes placed on the network path. These ad-hoc practices result in a data center network that is hard to configure and maintain, wastes middlebox resources, and cannot guarantee middlebox traversal under network churn.To address these issues, we propose the policy-aware switching layer or PLayer, a new layer-2 for data centers consisting of inter-connected policy-aware switches or pswitches. Unmodified middleboxes are placed off the network path by plugging them into pswitches. Based on policies specified by administrators, pswitches explicitly forward different types of traffic through different sequences of middleboxes. Experiments using our prototype software pswitches suggest that the PLayer is flexible, uses middleboxes efficiently, and guarantees correct middlebox traversal under churn.

/pdf/a-policy-aware-switching-layer-for-data-centers-376vwt6hkh.pdf

A policy-aware switching layer for data centers

The DETER testbed is shared infrastructure designed for medium-scale repeatable experiments in computer security, especially those experiments that involve malicious code. The testbed provides unique resources and a focus of activity for an open community of academic, industry, and government researchers working toward better defenses against malicious attacks on our networking infrastructure, especially critical infrastructure. This paper presents our experience with the deployment and operation of the testbed, highlights some of the research conducted on the testbed, and discusses our plans for continued development, expansion, and replication of the testbed facility.

http://bnrg.cs.berkeley.edu/~adj/publications/paper-files/tridentcom2006-deter.pdf

Experience with DETER: a testbed for security research

Since 2004, the DETER Cybersecurity Testbed Project has worked to create the necessary infrastructure — facilities, tools, and processes-to provide a national resource for experimentation in cyber security. The next generation of DETER envisions several conceptual advances in testbed design and experimental research methodology, targeting improved experimental validity, enhanced usability, and increased size, complexity, and diversity of experiments. This paper outlines the DETER project's status and current R&D directions.

The DETER project: Advancing the science of cyber security experimentation and test

Since 2004, the DETER Cyber-security Project has worked to create an evolving infrastructure - facilities, tools, and processes - to provide a national resource for experimentation in cyber security. Building on our insights into requirements for cyber science and on lessons learned through 8 years of operation, we have made several transformative advances towards creating the next generation of DeterLab. These advances in experiment design and research methodology are yielding progressive improvements not only in experiment scale, complexity, diversity, and repeatability, but also in the ability of researchers to leverage prior experimental efforts of other researchers in the DeterLab user community. This paper describes the advances resulting in a new experimentation science and a transformed facility for cybersecurity research development and evaluation.

/pdf/the-science-of-cyber-security-experimentation-the-deter-3edp8c6x6m.pdf

The science of cyber security experimentation: the DETER project

The DETER project aims to advance cybersecurity research and education. Over the past seven years, the project has focused on improving and redefining the methods, technology, and infrastructure for developing cyberdefense technology. The project's research results are put into practice by DeterLab, a public, free-for-use experimental facility available to researchers and educators worldwide. Educators can use DeterLab's exercises to teach cybersecurity technology and practices. This use of DeterLab provides valuable feedback on DETER innovations and helps grow the pool of cybersecurity innovators and cyberdefenders.

/pdf/teaching-cybersecurity-with-deterlab-1l2q11g426.pdf

Teaching Cybersecurity with DeterLab

Creating an experimental infrastructure for developing next-generation information security technologies.

Terry Benzel

Papers

Experience with DETER: a testbed for security research

The DETER project: Advancing the science of cyber security experimentation and test

The science of cyber security experimentation: the DETER project

Teaching Cybersecurity with DeterLab

Cyber defense technology networking and evaluation