Cumulus: Filesystem Backup to the Cloud (2009)
Michael Vrable, Stefan Savage, Geoffrey M. Voelker
In this paper we describe Cumulus, a system for efficiently implementing filesystem backups over the Internet. Cumulus is specifically designed under a thin cloud assumption—that the remote...
Spamalytics: An Empirical Analysis of Spam Marketing Conversion (2009)
Chris Kanich, Christian Kreibich, Kirill Levchenko Br, On Enright, Geoffrey M. Voelker, Vern Paxson, ...
The “conversion rate ” of spam — the probability that an unsolicited e-mail will ultimately elicit a “sale ” — underlies the entire spam value proposition. However, our understanding of...
Difference Engine: Harnessing Memory Redundancy in Virtual Machines (2009)
Diwaker Gupta, Sangmin Lee, Michael Vrable, Stefan Savage, Alex C. Snoeren, George Varghese, ...
Virtual machine monitors (VMMs) are a popular platform for Internet hosting centers and cloud-based compute services. By multiplexing hardware resources among virtual machines (VMs) running commodity...
Alper T. Mizrak, Stefan Savage, Keith Marzullo
While it is widely understood that criminal miscreants are subverting large numbers of Internet-connected computers (e.g., for bots, spyware, SPAM forwarding), it is less well appreciated that...
When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC ABSTRACT (2009)
Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage
This paper reconsiders the threat posed by Shacham’s “return-oriented programming ” — a technique by which W⊕X-style hardware protections are evaded via carefully crafted stack frames that...
Difference Engine: Harnessing Memory Redundancy in Virtual Machines (2009)
Diwaker Gupta, Sangmin Lee, Michael Vrable, Stefan Savage, Alex C. Snoeren, George Varghese, ...
Virtual machine monitors (VMMs) are a popular platform for Internet hosting centers and cloud-based compute services. By multiplexing hardware resources among virtual machines (VMs) running commodity...
Difference Engine: Harnessing Memory Redundancy in Virtual Machines (2009)
Diwaker Gupta, Sangmin Lee, Michael Vrable, Stefan Savage, Alex C. Snoeren, George Varghese, ...
Virtual machine monitors (VMMs) are a popular platform for Internet hosting centers and cloud-based compute services. By multiplexing hardware resources among virtual machines (VMs) running commodity...
When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC ABSTRACT (2009)
Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage
This paper reconsiders the threat posed by Shacham’s “return-oriented programming ” — a technique by which W⊕X-style hardware protections are evaded via carefully crafted stack frames that...
The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff (2009)
Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Stefan Savage
In this paper we highlight a number of challenges that arise in using crawling to measure the size, topology, and dynamism of distributed botnets. These challenges include traffic due to unrelated...
ABSTRACT Spamalytics: An Empirical Analysis of Spam Marketing Conversion (2009)
Chris Kanich, Christian Kreibich, Kirill Levchenko Br, On Enright, Geoffrey M. Voelker, Vern Paxson, ...
The “conversion rate ” of spam — the probability that an unsolicited e-mail will ultimately elicit a “sale ” — underlies the entire spam value proposition. However, our understanding of...
Detecting Compromised Routers via Packet Forwarding Behavior (2009)
Alper T. Mizrak, Stefan Savage, Keith Marzullo
t is widely understood that the Internet is awash in threats. The mean time for a vulnerable system to be infiltrated once connected to the Internet is typically measured in minutes. Consequently,...
Abstract Extensibility, Safety and Performance in the SPIN Operating System (2008)
Brian N. Bershad, Stefan Savage, Przemysław Pardyak, Emin Gün Sirer, Marc E. Fiuczynski, David Becker, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services,...
Abstract Inferring Internet Denial-of-Service Activity (2008)
David Moore, Geoffrey M. Voelker, Stefan Savage
In this paper, we seek to answer a simple question: “How prevalent are denial-of-service attacks in the Internet today?”. Our motivation is to understand quantitatively the nature of the current...
ABSTRACT Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm (2008)
Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik V, Alex C. Snoeren, ...
The rapid evolution of large-scale worms, viruses and botnets have made Internet malware a pressing concern. Such infections are at the root of modern scourges including DDoS extortion, on-line...
Detecting Compromised Routers via Packet Forwarding Behavior ∗†‡ (2008)
Alper T. Mızrak, Stefan Savage, Keith Marzullo
While it is widely understood that criminal miscreants are subverting large numbers of Internet-connected computers (e.g., for bots, spyware, SPAM forwarding, etc.) it is less well appreciated that...
Abstract Eraser: A Dynamic Data Race Detector for Multi-Threaded Programs (2008)
Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson
Multi-threaded programming is difficult and error prone. It is easy to make a mistake in synchronization that produces a data race, yet it can be extremely hard to locate this mistake during...
Abstract Spamscatter: Characterizing Internet Scam Hosting Infrastructure (2008)
David S. Anderson, Chris Fleizach, Stefan Savage, Geoffrey M. Voelker
Unsolicited bulk e-mail, or SPAM, is a means to an end. For virtually all such messages, the intent is to attract the recipient into entering a commercial transaction — typically via a linked Web...
ABSTRACT In Search of Path Diversity in ISP Networks (2008)
Renata Teixeira, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
Internet Service Providers (ISPs) can exploit path diversity to balance load and improve robustness. Unfortunately, it is difficult to evaluate the potential impact of these approaches without...
Jason Franklin, Adrian Perrig, Vern Paxson, Stefan Savage
This paper studies an active underground economy which specializes in the commoditization of activities such as credit card fraud, identity theft, spamming, phishing, online credential theft, and the...
SUBMITTED TO HOTNETS-II 1 The EarlyBird System for Real-time Detection of Unknown Worms (2008)
Sumeet Singh, Cristian Estan, George Varghese, Stefan Savage
Abstract—Network worms are a major threat to the security of today’s Internet-connected hosts and networks. The combination of unmitigated connectivity and widespread software homogeneity allows...
ABSTRACT Automating Cross-Layer Diagnosis of Enterprise Wireless Networks (2008)
Yu-chung Cheng, Mikhail Afanasyev, Patrick Verkaik, Péter Benkö, Jennifer Chiang, Alex C. Snoeren, ...
Modern enterprise networks are of sufficient complexity that even simple faults can be difficult to diagnose — let alone transient outages or service degradations. Nowhere is this problem more...
Cooperative Association for Internet Data Analysis (2008)
David Moore, Colleen Shannon, Doug Brown, Geoffrey M. Voelker, Stefan Savage
In this paper, we seek to address a simple question: “How prevalent are denial-of-service attacks in the Internet? ” Our motivation is to quantitatively understand the nature of the current...
General Terms Measurement (2008)
Renata Teixeira, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
The use of multiple network paths between a pair of hosts has been proposed for a wide variety of network technologies in order to achieve higher bandwidth in data transfers, to select paths with low...
Maximizing Data Locality in Distributed Systems (2008)
Fan Chung, Ronald Graham, Ranjita Bhagwan, Stefan Savage, Geoffrey M. Voelker
The effectiveness of a distributed system hinges on the manner in which tasks and data are assigned to the underlying system resources. Moreover, today’s large-scale distributed systems must...
Abstract 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions (2008)
The convenience of 802.11-based wireless access networks has led to widespread deployment in the consumer, industrial and military sectors. However, this use is predicated on an implicit assumption...
Detecting and Isolating Malicious Routers (2008)
Student Member, Yu-chung Cheng, Keith Marzullo, Stefan Savage
Abstract—Network routers occupy a unique role in modern distributed systems. They are responsible for cooperatively shuttling packets amongst themselves in order to provide the illusion of a...
ABSTRACT Unexpected Means of Protocol Inference (2008)
Justin Ma, Kirill Levchenko, Christian Kreibich, Stefan Savage, Geoffrey M. Voelker
Network managers are inevitably called upon to associate network traffic with particular applications. Indeed, this operation is critical for a wide range of management functions ranging from...
Structured Superpeers: Leveraging Heterogeneity to Provide Constant-Time Lookup (2008)
Alper Mizrak (presenter, Yuchung Cheng, Vineet Kumar, Stefan Savage
P2P are designed to distribute functionality and resources among a large number of independent hosts
Abstract Eraser: A Dynamic Data Race Detector for Multi-Threaded Programs (2008)
Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson
Multi-threaded programming is difficult and error prone. It is easy to make a mistake in synchronization that produces a data race, yet it can be extremely hard to locate this mistake during...
Cooperative Association for Internet Data Analysis (2008)
David Moore, Colleen Shannon, Doug Brown, Geoffrey M. Voelker, Stefan Savage
In this paper, we seek to address a simple question: “How prevalent are denial-of-service attacks in the Internet? ” Our motivation is to quantitatively understand the nature of the current...
Abstract Sting: a TCP-based Network Measurement Tool (2008)
Understanding wide-area network characteristics is critical for evaluating the performance of Internet applications. Unfortunately, measuring the end-to-end network behavior between two hosts can be...
Detecting Compromised Routers via Packet Forwarding Behavior (2008)
Alper Mizrak, Keith Marzullo, Stefan Savage
While it is widely understood that criminal miscreants are subverting large numbers of Internet-connected computers (e.g., for bots, spyware, SPAM forwarding, etc.) it is less well appreciated that...
Abstract Spamscatter: Characterizing Internet Scam Hosting Infrastructure (2008)
David S. Anderson, Chris Fleizach, Stefan Savage, Geoffrey M. Voelker
Unsolicited bulk e-mail, or SPAM, is a means to an end. For virtually all such messages, the intent is to attract the recipient into entering a commercial transaction — typically via a linked Web...
Detecting Compromised Routers via Packet Forwarding Behavior (2008)
Alper Mizrak, Keith Marzullo, Stefan Savage
While it is widely understood that criminal miscreants are subverting large numbers of Internet-connected computers (e.g., for bots, spyware, SPAM forwarding, etc.) it is less well appreciated that...
Abstract Extensibility, Safety and Performance in the SPIN Operating System (2008)
Brian N. Bershad, Stefan Savage, Przemysław Pardyak, Emin Gün Sirer, Marc E. Fiuczynski, David Becker, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services,...
Abstract 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions (2008)
The convenience of 802.11-based wireless access networks has led to widespread deployment in the consumer, industrial and military sectors. However, this use is predicated on an implicit assumption...
1. Motivation Processor Capacity Reserves: An Abstraction for Managing Processor Usage (2008)
Clifford W. Mercer, Stefan Savage, Hideyuki Tokuda
Multimedia applications require operating systems that support time-constrained data types such as digital audio and video. These continuous media [1] demand timely service from the system, and...
Jason Franklin, Adrian Perrig, Vern Paxson, Stefan Savage
This paper studies an active underground economy which specializes in the commoditization of activities such as credit card fraud, identity theft, spamming, phishing, online credential theft, and the...
ABSTRACT Unexpected Means of Protocol Inference (2008)
Justin Ma, Kirill Levchenko, Christian Kreibich, Stefan Savage, Geoffrey M. Voelker
Network managers are inevitably called upon to associate network traffic with particular applications. Indeed, this operation is critical for a wide range of management functions ranging from...
Abstract Extensibility, Safety and Performance in the SPIN Operating System (2008)
Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski, David Becker, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services,...
The Internet's Scalability, Stefan Savage, Thomas Anderson, Amit Aggarwal, David Becker Neal, Cardwell Andy, ...
this article, we describe inefficiencies in routing and transport protocols in the modern Internet. We also attempt to quantify these effects. Although our results are preliminary, they suggest that...
On the Spam Campaign Trail (2008)
Christian Kreibich, Chris Kanich, Kirill Levchenko Br, On Enright, Stefan Savage
Over the last decade, unsolicited bulk email, or spam, has transitioned from a minor nuisance to a major scourge, adversely affecting virtually every Internet user. Industry estimates suggest that...
On the Spam Campaign Trail (2008)
Christian Kreibich, Chris Kanich, Kirill Levchenko Br, On Enright, Stefan Savage
Over the last decade, unsolicited bulk email, or spam, has transitioned from a minor nuisance to a major scourge, adversely affecting virtually every Internet user. Industry estimates suggest that...
On the Spam Campaign Trail (2008)
Christian Kreibich, Chris Kanich, Kirill Levchenko Br, On Enright, Stefan Savage
Over the last decade, unsolicited bulk email, or spam, has transitioned from a minor nuisance to a major scourge, adversely affecting virtually every Internet user. Industry estimates suggest that...
Abstract TCP Congestion Control with a Misbehaving Receiver (2007)
Stefan Savage, Neal Cardwell, David Wetherall, Tom Anderson
In this paper, we explore the operation of TCP congestion control when the receiver can misbehave, as might occur with a greedy Web client. We first demonstrate that there are simple attacks that...
Research Interests My, Stefan Savage
this paper appears in Proceedings of the 16
Real-Time Mach 3.0 User Reference Manual (2007)
Takuro Kitayama, Clifford W. Mercer, Tatsuo Nakajima, Stefan Savage, Hideyuki Tokuda, Jim Zelenka
this document are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of NSF, Bellcore, NOSC, or the U.S. Government. i Contents 1...
ABSTRACT In Search of Path Diversity in ISP Networks (2007)
Renata Teixeira, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
Internet Service Providers (ISPs) can exploit path diversity to balance load and improve robustness. Unfortunately, it is difficult to evaluate the potential impact of these approaches without...
Abstract Replication Strategies for Highly Available Peer-to-Peer Storage (2007)
Ranjita Bhagwan, David Moore, Stefan Savage, Geoffrey M. Voelker
We are investigating strategies for using replication to design and implement highly reliable peer-to-peer systems. In particular, we are comparing the use of whole object and blocking replication,...
Abstract Understanding Availability (2007)
Ranjita Bhagwan, Stefan Savage, Geoffrey M. Voelker
This paper addresses a simple, yet fundamental question in the design of peer-to-peer systems: What does it mean when we say “availability ” and how does this understanding impact the engineering...
Abstract Inferring Internet Denial-of-Service Activity (2007)
David Moore, Geoffrey M. Voelker, Stefan Savage
In this paper, we seek to answer a simple question: “How prevalent are denial-of-service attacks in the Internet today?”. Our motivation is to understand quantitatively the nature of the current...
David Ely, Neil Spring, David Wetherall, Stefan Savage, Tom Anderson
We present an improved Explicit Congestion Notification (ECN) mechanism that enables a router to signal congestion to the sender without trusting the receiver or other network devices along the...
Replication Strategies for Highly Available Peer-to-Peer Storage Systems (2007)
Ranjita Bhagwan, Stefan Savage, Geoffrey M. Voelker
Failure is inevitable: disks fail, hosts crash, networks partition, applications stop. Consequently, the principal challenge in designing highly-available systems is to tolerate each failure as it...
Automating cross-layer diagnosis of enterprise wireless networks (2007)
Yu-chung Cheng, Mikhail Afanasyev, Patrick Verkaik, Péter Benkö, Jennifer Chiang, Alex C. Snoeren, ...
Modern enterprise networks are of sufficient complexity that even simple faults can be difficult to diagnose — let alone transient outages or service degradations. Nowhere is this problem more...
Automating cross-layer diagnosis of enterprise wireless networks (2007)
Yu-chung Cheng, Mikhail Afanasyev, Patrick Verkaik, Péter Benkö, Jennifer Chiang, Alex C. Snoeren, ...
Modern enterprise networks are of sufficient complexity that even simple faults can be difficult to diagnose — let alone transient outages or service degradations. Nowhere is this problem more...
Detecting malicious packet losses (2007)
Alper T. Mızrak, Keith Marzullo, Stefan Savage
In this paper we consider the problem of detecting whether a compromised router is maliciously manipulating its stream of packets. In particular, we are concerned with a simple yet effective attack...
Detecting malicious packet losses (2007)
Alper T. Mızrak, Keith Marzullo, Stefan Savage
In this paper we consider the problem of detecting whether a compromised router is maliciously manipulating its stream of packets. In particular, we are concerned with a simple yet effective attack...
Automating cross-layer diagnosis of enterprise wireless networks (2007)
Yu-chung Cheng, Mikhail Afanasyev, Patrick Verkaik, Péter Benkö, Jennifer Chiang, Alex C. Snoeren, ...
Modern enterprise networks are of sufficient complexity that even simple faults can be difficult to diagnose — let alone transient outages or service degradations. Nowhere is this problem more...
Revised NeTS—FIND: Enabling Defense and Deterrence through Private Attribution (2007)
Alex C. Snoeren, Yoshi Kohno, Stefan Savage, Amin Vahdat
The Internet’s any-to-any, best-effort communication model is widely heralded as one of the main reasons for its success. The absence of strong architectural restrictions has allowed Internet...
Processor Capacity Reserves for Multimedia Operating Systems (2006)
Mercer, Clifford W., Savage, Stefan, Tokuda, Hideyuki
Multimedia applications have timing requirements that cannot generally be satisfied using time-sharing scheduling algorithms and system structures. To effectively support these types of programs,...
Jigsaw: Solving the puzzle of enterprise 802.11 analysis (2006)
Yu-chung Cheng, John Bellardo, Péter Benkö, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage
The combination of unlicensed spectrum, cheap wireless interfaces and the inherent convenience of untethered computing have made 802.11-based networks ubiquitous in the enterprise. Modern...
Jigsaw: Solving the puzzle of enterprise 802.11 analysis (2006)
Yu-chung Cheng, John Bellardo, Péter Benkö, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage
The combination of unlicensed spectrum, cheap wireless interfaces and the inherent convenience of untethered computing has made 802.11-based networks ubiquitous in the enterprise. Modern...
Finding diversity in remote code injection exploits (2006)
Justin Ma, John Dunagan, Helen J. Wang, Stefan Savage, Geoffrey M. Voelker
Remote code injection exploits inflict a significant societal cost, and an active underground economy has grown up around these continually evolving attacks. We present a methodology for inferring...
Finding diversity in remote code injection exploits (2006)
Justin Ma, John Dunagan, Helen J. Wang, Stefan Savage, Geoffrey M. Voelker
Remote code injection exploits inflict a significant societal cost, and an active underground economy has grown up around these continually evolving attacks. We present a methodology for inferring...
Jigsaw: Solving the puzzle of enterprise 802.11 analysis (2006)
Yu-chung Cheng, John Bellardo, Péter Benkö, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage
The combination of unlicensed spectrum, cheap wireless interfaces and the inherent convenience of untethered computing have made 802.11-based networks ubiquitous in the enterprise. Modern...
Jigsaw: Solving the puzzle of enterprise 802.11 analysis (2006)
Yu-chung Cheng, John Bellardo, Péter Benkö, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage
The combination of unlicensed spectrum, cheap wireless interfaces and the inherent convenience of untethered computing have made 802.11-based networks ubiquitous in the enterprise. Modern...
Jigsaw: Solving the puzzle of enterprise 802.11 analysis (2006)
Yu-chung Cheng, John Bellardo, Péter Benkö, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage
The combination of unlicensed spectrum, cheap wireless interfaces and the inherent convenience of untethered computing have made 802.11-based networks ubiquitous in the enterprise. Modern...
Finding diversity in remote code injection exploits (2006)
Justin Ma, John Dunagan, Helen J. Wang, Stefan Savage, Geoffrey M. Voelker
Remote code injection exploits inflict a significant societal cost, and an active underground economy has grown up around these continually evolving attacks. We present a methodology for inferring...
C. Scott Ananian, Krste Asanović, Bradley C. Kuszmaul, Charles E. Leiserson, Sean Lie, M. A. Bender, ...
Unbounded transactional memory. In Proceedings of the 11th International Symposium on High-
Opportunistic Measurement: Extracting Insight from Spurious Traffic (2005)
Martin Casado, Tal Garfinkel, Weidong Cui, Vern Paxson, Stefan Savage
While network measurement techniques are continually improving, representative network measurements are increasingly scarce. The issue is fundamentally one of access: either the points of interest...
Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm (2005)
Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Erik V, ...
The rapid evolution of large-scale worms, viruses and botnets have made Internet malware a pressing concern. Such infections are at the root of modern scourges including DDoS extortion, on-line...
Fatih: Detecting and Isolating Malicious Routers (2005)
Alper Tugay Mizrak, Yu-chung Cheng, Keith Marzullo, Stefan Savage
Network routers occupy a key role in modern data transport and consequently are attractive targets for attackers. By manipulating, diverting or dropping packets arriving at a compromised router, an...
Tolerating Denial-of-Service Attacks (2005)
C. Claffy, Rene L. Cruz, Keith Marzullo, Stefan Savage, Giovanni Vigna, Ju Wang
by
Total recall: System support for automated availability management (2004)
Ranjita Bhagwan, Kiran Tati, Yu-chung Cheng, Stefan Savage, Geoffrey M. Voelker
Availability is a storage system property that is both highly desired and yet minimally engineered. While many systems provide mechanisms to improve availability – such as redundancy and failure...
Monkey See, Monkey Do: A Tool for TCP Tracing and Replaying (2004)
Yu-chung Cheng, Urs Hölzle, Neal Cardwell, Stefan Savage, Geoffrey M. Voelker
The performance of popular Internet Web services is governed by a complex combination of server behavior, network characteristics and client workload – all interacting through the actions of the...
Automated worm fingerprinting (2004)
Sumeet Singh, Cristian Estan, George Varghese, Stefan Savage
Network worms are a clear and growing threat to the security of today’s Internet-connected hosts and networks. The combination of the Internet’s unrestricted connectivity and widespread software...
Fault-Tolerant Forwarding in the Face of Malicious Routers (2004)
Alper Tugay Mizrak, Keith Marzullo, Stefan Savage
this paper we have identified several tradeoffs in the design of fault-tolerant forwarding. We are exploring some of these tradeoffs through simulation and analysis based on synthetic and on actual...
Automated Worm Fingerprinting (2004)
Sumeet Singh Cristian, Cristian Estan, George Varghese, Stefan Savage
Network worms are a clear and growing threat to the security of today's Internet-connected hosts and networks. The combination of the Internet's unrestricted connectivity and widespread...
Brief announcement: Detecting malicious routers (2004)
Alper Tugay Mızrak, Keith Marzullo, Stefan Savage
Network routers occupy a unique role in modern distributed systems. They are responsible for cooperatively shuttling packets amongst themselves in order to provide the illusion of a network with...
Brief announcement: Detecting malicious routers (2004)
Alper Tugay Mızrak, Keith Marzullo, Stefan Savage
Network routers occupy a unique role in modern distributed systems. They are responsible for cooperatively shuttling packets amongst themselves in order to provide the illusion of a network with...
Automated worm fingerprinting (2004)
Sumeet Singh, Cristian Estan, George Varghese, Stefan Savage
Network worms are a clear and growing threat to the security of today’s Internet-connected hosts and networks. The combination of the Internet’s unrestricted connectivity and widespread software...
Internet Quarantine: Requirements for Containing Self-Propagating Code (2003)
David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage
code can quickly spread across a network by exploiting homogeneous security vulnerabilities. However, the last few years have seen a dramatic increase in the frequency and virulence of such...
Real Vulnerabilities and Practical Solutions (2003)
Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright...
The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe (2003)
Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
The Internet today is highly vulnerable to Internet catastrophes: events in which an exceptionally successful Internet pathogen, like a worm or email virus, causes data loss on a significant...
Internet Quarantine: Requirements for Containing Self-Propagating Code (2003)
David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage
Abstract — It has been clear since 1988 that self-propagating code can quickly spread across a network by exploiting homogeneous security vulnerabilities. However, the last few years have seen a...
Internet Quarantine: Requirements for Containing Self-Propagating Code (2003)
David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage
Abstract — It has been clear since 1988 that self-propagating code can quickly spread across a network by exploiting homogeneous security vulnerabilities. However, the last few years have seen a...
Bucking FreeRiders: Distributed Accounting and Settlement in Peer-toPeer Networks (2003)
Abhishek Agrawal, Douglas J. Brown, Aditya Ojha, Stefan Savage
The practice of free-riding – consuming service without
Structured superpeers: Leveraging heterogeneity to provide constant-time lookup (2003)
Alper Tugay Mızrak, Yuchung Cheng, Vineet Kumar, Stefan Savage
Peer-to-peer (P2P) systems are typically divided into those that centralize lookup functionality in a single location and those that distribute the lookup operation across the set of participating...
In Search of Path Diversity in ISP Networks (2003)
Renata Teixeira, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
Internet Service Providers (ISPs) can exploit path diversity to balance load and improve robustness. Unfortunately, it is difficult to evaluate the potential impact of these approaches without...
Structured Superpeers: Leveraging Heterogeneity (2003)
Alper Tugay Mızrak, Yuchung Cheng, Vineet Kumar, Stefan Savage
Peer-to-peer (P2P) systems are typically divided into those that centralize lookup functionality in a single location and those that distribute the lookup operation across the set of participating...
Understanding Availability (2003)
Ranjita Bhagwan Stefan, Stefan Savage, Geoffrey M. Voelker
This paper addresses a simple, yet fundamental question in the design of peer-to-peer systems: What does it mean when we say "availability" and how does this understanding impact the...
Internet Quarantine: Requirements for Containing Self-Propagating Code (2003)
David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage
Abstract — It has been clear since 1988 that self-propagating code can quickly spread across a network by exploiting homogeneous security vulnerabilities. However, the last few years have seen a...
The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe (2003)
Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
The Internet today is highly vulnerable to Internet catastrophes: events in which an exceptionally successful Internet pathogen, like a worm or email virus, causes data loss on a significant...
Automatically Inferring Patterns of Resource Consumption in Network Traffic (2003)
Cristian Estan, Stefan Savage, George Varghese
The Internet service model emphasizes flexibility -- any node can send any type of tra#c at any time. While this design has allowed new applications and usage models to flourish, it also makes the...
Replication strategies for highly available peer-to-peer storage (2002)
Ranjita Bhagwan, David Moore, Stefan Savage, Geoffrey M. Voelker
In the past few years, peer-to-peer networks have become an extremely popular mechanism for large-scale content sharing. Unlike traditional client-server applications,
Measuring Packet Reordering (2002)
The Internet architecture provides an unsequenced datagram delivery service. Nevertheless, many higher-layer protocols, such as TCP, assume that packets are usually delivered in sequence, and...
Robust congestion signaling (2001)
David Ely, Neil Spring, David Wetherall, Stefan Savage, Tom Anderson
We present an improved Explicit Congestion Notification (ECN) mechanism that enables a router to signal congestion to the sender without trusting the receiver or other network devices along the...
Automated measurement of high volume traffic clusters (2001)
Cristian Estan, Stefan Savage, George Varghese
Abstract--- Traffic measurement often focuses on measuring traffic at various granularities. Our paper considers an approach that generalizes previous solutions: we define a traffic cluster to...
Inferring internet Denial-of-Service activity (2001)
David Moore, Geoffrey M. Voelker, Stefan Savage
In this paper, we seek to answer a simple question: "How prevalent are denial-of-service attacks in the Internet today?". Our motivation is to understand quantitatively the nature...
Inferring internet Denial-of-Service activity (2001)
David Moore, Geoffrey M. Voelker, Stefan Savage
Symposium
Robust Congestion Signaling (2001)
David Ely Neil, Neil Spring, David Wetherall, Stefan Savage, Tom Anderson
We present an improved Explicit Congestion Notification (ECN) mechanism that enables a router to signal congestion to the sender without trusting the receiver or other network devices along the...
Inferring internet Denial-of-Service activity (2001)
David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage
In this article, we seek to address a simple question: “How prevalent are denial-of-service attacks in the Internet? ” Our motivation is to quantitatively understand the nature of the current...
Practical network support for IP traceback (2000)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of...
Practical network support for IP traceback (2000)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of...
Practical network support for IP traceback (2000)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of...
Practical network support for IP traceback (2000)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
Abstract—This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back toward their source. This work is motivated by the increased frequency and...
Practical network support for IP traceback (2000)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of...
Practical network support for IP traceback (2000)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of...
Practical Network Support for IP Traceback (2000)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of...
Understanding the Performance of TCP Pacing (2000)
Amit Aggarwal, Stefan Savage, Thomas Anderson
Many researchers have observed that TCP's congestion control mechanisms can lead to bursty traffic flows on modern high-speed networks, with a negative impact on overall network efficiency. A...
Neal Cardwell, Stefan Savage, Thomas Anderson
Several analytic models describe the steady-state throughput of bulk transfer TCP flows as a function of round trip time and packet loss rate. These models describe flows based on the assumption that...
Practical Network Support for IP Traceback (2000)
Stefan Savage, Stefan Savage, David Wetherall, David Wetherall, Anna Karlin, Anna Karlin, ...
This paper describes a technique for tracing anonymous attacks in the Internet back to their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks...
Neal Cardwell, Stefan Savage, Thomas Anderson
Several analytic models describe the steady-state throughput of bulk transfer TCP flows as a function of round trip time and packet loss rate. These models describe flows based on the assumption that...
Practical network support for IP traceback (2000)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
Abstract--This paper describes a technique for tracing anony-mous packet flooding attacks in the Internet back toward their source. This work is motivated by the increased frequency and...
Practical network support for IP traceback (2000)
Stefan Savage, Stefan Savage, David Wetherall, David Wetherall, Anna Karlin, Anna Karlin, ...
This paper describes a technique for tracing anonymous attacks in the Internet back to their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks...
Examining web latency: Performance analysis of a wide-area distributed system (2000)
Stefan Savage, Neal Cardwell, Geoff Voelker, Alec Wolman, Tom Anderson, Hank Levy
In this paper, we develop a methodology for determining where the time goes between when a user clicks on a Web page and when the page appears on the display. Our methodology uses only client-based...
Neal Cardwell, Stefan Savage, Thomas Anderson
Abstract—Several analytic models describe the steady-state throughput of bulk transfer TCP flows as a function of round trip time and packet loss rate. These models describe flows based on the...
TCP congestion control with a misbehaving receiver (1999)
Stefan Savage, Neal Cardwell, David Wetherall, Tom Anderson
In this paper, we explore the operation of TCP congestion control when the receiver can misbehave, as might occur with a greedy Web client. We first demonstrate that there are simple attacks that...
The Case for Informed Transport Protocols (1999)
Stefan Savage, Neal Cardwell, Tom Anderson
Wide-area distributed applications are frequently limited by the performance of Internet data transfer. We argue that the principle cause of this effect is the poor interaction between host-centric...
Detour: a Case for Informed Internet Routing and Transport (1999)
Stefan Savage, Tom Anderson; Amit Aggarawl, Tom Anderson, Amit Aggarwal, David Becker, Neal Cardwell, ...
Despite its obvious success, robustness, and scalability, the Internet suffers from a number of end-to-end performance and availability problems. In this paper, we attempt to quantify the...
TCP Congestion Control with a Misbehaving Receiver (1999)
Stefan Savage, Neal Cardwell, David Wetherall, Tom Anderson
In this paper, we explore the operation of TCP congestion control when the receiver can misbehave, as might occur with a greedy Web client. We first demonstrate that there are simple attacks that...
The End-to-End Effects of Internet Path Selection (1999)
Stefan Savage, Andy Collins, Eric Hoffman, John Snell, Thomas Anderson
The path taken by a packet traveling across the Internet depends on a large number of factors, including routing protocols and pernetwork routing policies. The impact of these factors on the...
The End-to-End Effects of Internet Path Selection (1999)
Stefan Savage, Andy Collins, Eric Hoffman, John Snell, Tom Anderson
The path taken by a packet traveling across the Internet depends on a large number of factors, including routing protocols and per-network routing policies. The impact of these factors on the...
Sting: a TCP-based Network Measurement Tool (1999)
Understanding wide-area network characteristics is critical for evaluating the performance of Internet applications. Unfortunately, measuring the end-to-end network behavior between two hosts can be...
The Case for Informed Transport Protocols (1999)
Stefan Savage, Neal Cardwell, Tom Anderson
Wide-area distributed applications are frequently limited by the performance of Internet data transfer. We argue that the principle cause of this effect is the poor interaction between host-centric...
Proceedings of USITS' 99: The 2 (1999)
Nd Usenix Symposium, Stefan Savage
Understanding wide-area network characteristics is critical for evaluating the performance of Internet applications. Unfortunately, measuring the end-to-end network behavior between two hosts can be...
Detour: a case for informed internet routing and transport (1999)
Stefan Savage, Tom Anderson, Amit Aggarwal, David Becker, Neal Cardwell, Andy Collins, ...
Despite its obvious success, robustness, and scalability, the Internet suffers from a number of end-to-end performance and availability problems. In this paper, we attempt to quantify the...
Inferring Internet Denial-of-Service Activity (1998)
Moore, David, Voelker, Geoffrey M., Savage, Stefan
In this paper, we seek to answer a simple question: "How prevalent are denial-of-service attacks in the Internet today?". Our motivation is to understand quantitatively the nature of the current...
Modeling the Performance of Short TCP Connections (1998)
Neal Cardwell, Stefan Savage, Tom Anderson
Recently researchers have proposed several analytic models of TCP performance. Several of these models accurately describe the steady-state behavior of long TCP connections transferring megabytes of...
Eraser: A Dynamic Data Race Detector for Multithreaded Programs (1997)
Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson
Multi-threaded programming is difficult and error prone. It is easy to make a mistake in synchronization that produces a data race, yet it can be extremely hard to locate this mistake during...
Eraser: A Dynamic Data Race Detector for Multithreaded Programs (1997)
Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson
This article describes a new tool, called Eraser, for dynamically detecting data races in lock-based multithreaded programs. Eraser uses binary rewriting techniques to monitor every shared-memory...
Eraser: A Dynamic Data Race Detector for Multi-Threaded Programs (1997)
Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson
Multi-threaded programming is difficult and error prone. It is easy to make a mistake in synchronization that produces a data race, yet it can be extremely hard to locate this mistake during...
AFRAID - A Frequently Redundant Array of Independent Disks (1996)
Disk arrays are commonly designed to ensure that stored data will always be able to withstand a disk failure, but meeting this goal comes at a significant cost in performance. We show that this is...
Language Support for Extensible Operating Systems (1996)
Wilson Hsieh, Marc Fiuczynski, Charles Garrett, Stefan Savage, David Becker, Brian Bershad
We have identified three areas where language support for operating system extensibility is important: performance, safety, and expressive power. First, an extension language should support...
Writing an Operating System with Modula-3 (1996)
Emin Gün Sirer, Stefan Savage, Przemyslaw Pardyak, Emin Gun, Sirer Stefan, Pardyak Greg, ...
this paper is to help clear up some confusion about developing software with Modula-3. In particular, we will concentrate on using Modula-3 to write an operating system, which is where our primary...
Writing an Operating System with Modula-3 (1996)
Emin Gün Sirer, Stefan Savage, Przemyslaw Pardyak, Emin Gun, Sirer Stefan, Savage Przemys/law Pardyak, ...
this paper is to help clear up some confusion about developing software with Modula-3. In particular, we will concentrate on using Modula-3 to write an operating system, which is where our primary...
The Following Paper Was Originally Published in the (1996)
San Diego California, Stefan Savage, John Wilkes, Hewlett-packard Laboratories
Disk arrays are commonly designed to ensure that stored data will always be able to withstand a disk failure, but meeting this goal comes at a significant cost in performance. We show that this is...
Language Support for Extensible Operating Systems (1996)
Wilson C. Hsieh, Marc E. Fiuczynski, Charles Garrett, Stefan Savage, David Becker, Brian N. Bershad
We have identified three areas where language support for operating system extensibility is important: performance, safety, and expressive power. First, an extension language should support...
AFRAID — A frequently redundant array of independent disks (1996)
Stefan Savage, John Wilkes, Hewlett-packard Laboratories
Disk arrays are commonly designed to ensure that stored data will always be able to withstand a disk failure, but meeting this goal comes at a significant cost in performance. We show that this is...
Extensibility, safety and performance in the SPIN operating system (1995)
Brian N. Bershad, Stefan Savage, Przemys Pardyak, Emin Gun Sirer, Marc E. Fiuczynski, David Becker, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services,...
Extensibility, safety and performance in the SPIN operating system (1995)
Brian N. Bershad, Stefan Savage, Przemys Pardyak, Emin Gun Sirer, Marc E. Fiuczynski, David Becker, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services,...
Extensibility, safety and performance in the SPIN operating system (1995)
Brian N. Bershad, Stefan Savage, Emin Gun Sirer, Marc E. Fiuczynski, David Becker, Craig Chambers, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services,...
Extensibility, safety and performance in the SPIN operating system (1995)
Brian N. Bershad, Stefan Savage, Emin Gun Sirer, Marc E. Fiuczynski, David Becker, Craig Chambers, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services,...
Extensibility, Safety and Performance in the SPIN Operating System (1995)
Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gün Sirer, Emin Gun Sirer, Marc Fiuczynski, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure together with a core set of extensible services...
Protection is a Software Issue (1995)
Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, David Becker, Marc Fiuczynski, Emin Gün Sirer, ...
moters of these systems imply that their reliability and integrity derive solely from the use of a core set of protected hardware mechanisms, such as address spaces and protected supervisor mode...
Extensibility, safety and performance in the SPIN operating system (1995)
Brian N. Bershad, Stefan Savage, Przemys Pardyak, Emin Gun Sirer, Marc E. Fiuczynski, David Becker, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services,...
SPIN - an extensible microkernel for application-specific operating system services (1994)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan Mcnamee, Przemyslaw Pardyak, ...
Application domains such as multimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide fixed...
Processor capacity reserves: Operating system support for multimedia applications (1994)
Clifford W. Mercer, Stefan Savage, Hideyuki Tokuda
Multimedia applications have timing requirements that cannot generally be satisfied using the time-sharing scheduling algorithms of general purpose operating systems. Our approach is to provide the...
Processor Capacity Reserves: Operating System Support for Multimedia Applications (1994)
Clifford Mercer, Stefan Savage, Hideyuki Tokuda
Multimedia applications have timing requirements that cannot generally be satisfied using the time-sharing scheduling algorithms of general purpose operating systems. Our approach is to provide the...
SPIN - An Extensible Microkernel for Application-specific Operating System Services (1994)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan McNamee, Przemyslaw Pardyak, ...
Application domains such as multimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide fixed...
Processor Capacity Reserves for Multimedia Operating Systems (1994)
Clifford Mercer Stefan, Stefan Savage, Hideyuki Tokuda
Multimedia applications have timing requirements that cannot generally be satisfied using time-sharing scheduling algorithms and system structures. To effectively support these types of programs,...
Issues in the Design of an Extensible Operating System (1994)
Stefan Savage, Brian N. Bershad
Extensible operating systems are designed around the principle that a system can be dynamically customized to best serve application needs. However, realizing this goal in a safe and efficient manner...
SPIN - An Extensible Microkernel for Application-specific Operating System Services (1994)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan McNamee, Przemyslaw Pardyak, ...
Application domains, such as multimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide fixed...
-- An Extensible Microkernel for Application-specific Operating System Services (1994)
Brian Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan Mcnamee, Stefan Savage, ...
Application domains such as multimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide fixed...
Processor Capacity Reserves for Multimedia Operating Systems (1994)
Clifford Mercer, Stefan Savage, Hideyuki Tokuda
Multimedia applications have timing requirements that cannot generally be satisfied using time-sharing scheduling algorithms and system structures. To effectively support these types of programs,...
Issues in the Design of an Extensible Operating System (1994)
Stefan Savage, Brian N. Bershad
Extensible operating systems are designed around the principle that a system can be dynamically customized to best serve application needs. However, realizing this goal in a safe and e cient manner...
Abstract SPIN –AnExtensibleMicrokernel for Application-specific Operating System Services (1994)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan Mcnamee, Przemysław Pardyak, ...
Application domains, such as multimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide fixed...
Processor capacity reserves: Operating system support for multimedia applications (1994)
Clifford W. Mercer, Stefan Savage, Hideyuki Tokuda
Multimedia applications have timing requirements that cannot generally be satisfied using the time-sharing scheduling algorithms of general purpose operating systems. Our approach is to provide the...
Processor capacity reserves for multimedia operating systems (1994)
Clifford W. Mercer, Stefan Savage, Hideyuki Tokuda
Multimedia applications have timing requirements that cannot generally be satisfied using time-sharing scheduling algorithms and system structures. To effectively support these types of programs,...
SPIN - An extensible microkernel for application-specific operating system services (1994)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan Mcnamee, Przemys Pardyak, ...
Application domains such asmultimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide xed...
SPIN - An extensible microkernel for application-specific operating system services (1994)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan Mcnamee, Przemys Pardyak, ...
Application domains such asmultimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide xed...
Processor Capacity Reserves: An Abstraction for Managing Processor Usage (1993)
Clifford W. Mercer, Stefan Savage, Hideyuki Tokuda
Multimedia applications require operating systems that support time-constrained data types such as digital audio and video. These continuous media [1] demand timely service from the system, and...
Real-Time Mach Timers: Exporting Time to the User (1993)
Stefan Savage And, Stefan Savage, Hideyuki Tokuda
The current CMU Mach 3.0 microkernel exports simple timestamp and delay abstractions through host get time() and a timeout parameter to mach msg(). While this is sufficient for many purposes, it does...
Real-Time Mach Timers: Exporting Time to the User (1993)
Stefan Savage, Hideyuki Tokuda
The current CMU Mach 3.0 microkernel exports simple timestamp and delay abstractions through host get time() and a timeout parameter to mach msg(). While this is sufficient for many purposes, it does...
Real-Time Mach Timers: Exporting Time to the User (1993)
Stefan Savage, Hideyuki Tokuda
The current CMU Mach 3.0 microkernel exports simple timestamp and delay abstractions throughhost get time() and a timeout parameter tomach msg(). While this is sufficient for many purposes, it does...
Research Interests My research interests span several areas of experimental systems, with a focus on wide-area networking and operating systems. I am also interested in automated testing and fault...
Language and Runtime Support for Dynamic Interposition of System Code
Przemyslaw Pardyak, Stefan Savage, Brian N. Bershad
Extensible operating systems require an efficient means to dynamically bind extensions to existing code. The SPIN operating system provides this functionality via an event-based invocation mechanism....