Processor Capacity Reserves for Multimedia Operating Systems (2006)
Mercer, Clifford W., Savage, Stefan, Tokuda, Hideyuki
Multimedia applications have timing requirements that cannot generally be satisfied using time-sharing scheduling algorithms and system structures. To effectively support these types of programs,...
Fault-Tolerant Forwarding in the Face of Malicious Routers (2004)
Alper Tugay Mzrak, Keith Marzullo, Stefan Savage
We are interested in a simple, yet increasingly important network security problem: how to detect the existence of compromised routers in a network and then remove them from the routing fabric. The...
Network Telescopes: Technical Report (2004)
David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage
A network telescope is a portion of routed IP address space in which little or no legitimate traffic exists. Monitoring unexpected traffic arriving at a network telescope provides the opportunity to...
Monkey See, Monkey Do: A Tool for TCP Tracing and Replaying (2004)
Yu-chung Cheng, Urs H Olzle, Neal Cardwell, Stefan Savage, Geoffrey M. Voelker
The performance of popular Internet Web services is governed by a complex combination of server behavior, network characteristics and client workload -- all interacting through the actions of the...
Total Recall: System Support for Automated Availability Management (2004)
Ranjita Bhagwan, Kiran Tati, Yu-chung Cheng, Stefan Savage, Geoffrey M. Voelker
Availability is a storage system property that is both highly desired and yet minimally engineered. While many systems provide mechanisms to improve availability -- such as redundancy and failure...
Structured Superpeers: Leveraging Heterogeneity (2003)
Alper Tugay Mzrak, Yuchung Cheng, Vineet Kumar, Stefan Savage
Peer-to-peer (P2P) systems are typically divided into those that centralize lookup functionality in a single location and those that distribute the lookup operation across the set of participating...
In Search of Path Diversity in ISP Networks (2003)
Renata Teixeira, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
Internet Service Providers (ISPs) can exploit path diversity to balance load and improve robustness. Unfortunately, it is difficult to evaluate the potential impact of these approaches without...
Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
this paper, we explore the feasibility of using data redundancy, a model of dependent host vulnerabilities, and distributed storage to tolerate such events. In particular, we motivate the design of a...
In Search of Path Diversity in ISP Networks (2003)
Renata Teixeira, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
Internet Service Providers (ISPs) can exploit path diversity to balance load and improve robustness. Unfortunately, it is difficult to evaluate the potential impact of these approaches without...
Automatically Inferring Patterns of Resource Consumption in Network Traffic (2003)
Cristian Estan, Stefan Savage, George Varghese
The Internet service model emphasizes flexibility -- any node can send any type of tra#c at any time. While this design has allowed new applications and usage models to flourish, it also makes the...
Replication Strategies for Highly Available Peer-to-Peer Storage (2003)
Ranjita Bhagwan, David Moore, Stefan Savage, Geoffrey M. Voelker
Introduction In the past few years, peer-to-peer networks have become an extremely popular mechanism for large-scale content sharing. Unlike traditional client-server applications, which centralize...
Measuring Packet Reordering (2003)
The Internet architecture provides an unsequenced datagram delivery service. Nevertheless, many higher-layer protocols, such as TCP, assume that packets are usually delivered in sequence, and...
Replication Strategies for Highly Available (2003)
Ranjita Bhagwan, Stefan Savage, Geoffrey M. Voelker
Failure is inevitable: disks fail, hosts crash, networks partition, applications stop. Consequently, the principal challenge in designing highly-available systems is to tolerate each failure as it...
The Phoenix Recovery System: (2003)
Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
this paper, we explore the feasibility of using data redundancy, a model of dependent host vulnerabilities, and distributed storage to tolerate such events. In particular, we motivate the design of a...
The Phoenix Recovery System: (2003)
Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
this paper, we explore the feasibility of using data redundancy, a model of dependent host vulnerabilities, and distributed storage to tolerate such events. In particular, we motivate the design of a...
Structured Superpeers: Leveraging Heterogeneity to Provide Constant-Time Lookup (2003)
Alper Tugay Mzrak, Yuchung Cheng, Vineet Kumar, Stefan Savage
Peer-to-peer (P2P) systems are typically divided into those that centralize lookup functionality in a single location and those that distribute the lookup operation across the set of participating...
Structured Superpeers: Leveraging Heterogeneity (2003)
Alper Tugay Mzrak, Yuchung Cheng, Vineet Kumar, Stefan Savage
Peer-to-peer (P2P) systems are typically divided into those that centralize lookup functionality in a single location and those that distribute the lookup operation across the set of participating...
The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe (2003)
Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker
this paper, we explore the feasibility of using data redundancy, a model of dependent host vulnerabilities, and distributed storage to tolerate such events. In particular, we motivate the design of a...
David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage
It has been clear since 1988 that self-propagating code can quickly spread across a network by exploiting homogeneous security vulnerabilities. However, the last few years have seen a dramatic...
Automated Measurement of High Volume Traffic (2003)
Cristian Estan, Stefan Savage, George Varghese
Traffic measurement often focuses on measuring traffic at various granularities. Our paper considers an approach that generalizes previous solutions: we define a traffic cluster to consist of all...
Understanding Availability (2003)
Ranjita Bhagwan, Stefan Savage, Geoffrey M. Voelker
This paper addresses a simple, yet fundamental question in the design of peer-to-peer systems: What does it mean when we say "availability" and how does this understanding impact the engineering of...
Replication Strategies for Highly Available Peer-to-Peer Storage (2003)
Ranjita Bhagwan, David Moore, Stefan Savage, Geoffrey M. Voelker
implement highly reliable peer-to-peer systems. In particular, we are comparing the use of whole object and blocking replication, and pursuing the use of erasure codes with blocking replication as a...
David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage
It has been clear since 1988 that self-propagating code can quickly spread across a network by exploiting homogeneous security vulnerabilities. However, the last few years have seen a dramatic...
Internet Quarantine: Requirements for Containing Self-Propagating Code (2002)
David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage
It has been clear since 1988 that self-propagating code can quickly spread across a network by exploiting homogeneous security vulnerabilities. However, the last few years have seen a dramatic...
Measuring Packet Reordering (2002)
The Internet architecture provides an unsequenced datagram delivery service. Nevertheless, many higher-layer protocols, such as TCP, assume that packets are usually delivered in sequence, and...
Measuring Packet Reordering (2002)
The Internet architecture provides an unsequenced datagram delivery service. Nevertheless, many higher-layer protocols, such as TCP, assume that packets are usually delivered in sequence, and...
Automated Measurement of High Volume Traffic (2002)
Cristian Estan, Stefan Savage, George Varghese
Traffic measurement often focuses on measuring traffic at various granularities. Our paper considers an approach that generalizes previous solutions: we define a traffic cluster to consist of all...
Robust Congestion Signaling (2001)
Neil Spring, David Wetherall, Stefan Savage, Tom Anderson
We present an improved Explicit Congestion Notification (ECN) mechanism that enables a router to signal congestion to the sender without trusting the receiver or other network devices along the...
Robust Congestion Signaling (2001)
David Ely, Neil Spring, David Wetherall, Stefan Savage, Tom Anderson
We present an improved Explicit Congestion Notification (ECN) mechanism that enables a router to signal congestion to the sender without trusting the receiver or other network devices along the...
TCP Congestion Control with a Misbehaving Receiver (2001)
Stefan Savage, Neal Cardwell, David Wetherall, Tom Anderson
In this paper, we explore the operation of TCP congestion control when the receiver can misbehave, as might occur with a greedy Web client. We first demonstrate that there are simple attacks that...
USENIX Security Symposium (2001)
David Moore, Geoffrey M. Voelker, Stefan Savage
In this paper, we seek to answer a simple question: "How prevalent are denial-of-service attacks in the Internet today ?". Our motivation is to understand quantitatively the nature of the current...
Inferring Internet Denial-of-Service Activity (2001)
David Moore, Geoffrey M. Voelker, Stefan Savage
In this paper, we seek to answer a simple question: "How prevalent are denial-of-service attacks in the Internet today ?". Our motivation is to understand quantitatively the nature of the current...
Inferring Internet Denial-of-Service Activity (2001)
David Moore, Geoffrey M. Voelker, Stefan Savage
In this paper, we seek to answer a simple question: "How prevalent are denial-of-service attacks in the Internet today ?". Our motivation is to understand quantitatively the nature of the current...
Alpine: A User-Level Infrastructure for Network Protocol Development (2001)
David Ely, Stefan Savage, David Wetherall
In traditional operating systems, modifying the network protocol code is a tedious and error-prone task, largely because the networking stack resides in the kernel. For this reason, among others,...
Practical Network Support for IP Traceback (2001)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of...
Practical Network Support for IP Traceback (2001)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of...
Extensibility, Safety and Performance in the (2000)
Brian N. Bershad, Stefan Savage, Emin Gun Sirer, Marc E. Fiuczynski, David Becker, Craig Chambers, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services,...
Practical Network Support for IP Traceback (2000)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of...
Practical Network Support for IP Traceback (2000)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson
This paper describes a technique for tracing anonymous attacks in the Internet back to their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks...
Processor Capacity Reserves: Operating System Support for Multimedia Applications (2000)
Clifford W. Mercer, Stefan Savage, Hideyuki Tokuda
Multimedia applications have timing requirements that cannot generally be satisfied using the time-sharing scheduling algorithms of general purpose operating systems. Our approach is to provide the...
Eraser: A Dynamic Data Race Detector for Multithreaded Programs (2000)
Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson
This article describes a new tool, called Eraser, for dynamically detecting data races in lock-based multithreaded programs. Eraser uses binary rewriting techniques to monitor every shared-memory...
Processor Capacity Reserves: Operating System Support for Multimedia Applications (1999)
Clifford W. Mercer, Stefan Savage, Hideyuki Tokuda
Multimedia applications have timing requirements that cannot generally be satisfied using the time-sharing scheduling algorithms of general purpose operating systems. Our approach is to provide the...
TCP Congestion Control with a Misbehaving Receiver (1999)
Stefan Savage, Neal Cardwell, David Wetherall, Tom Anderson
In this paper, we explore the operation of TCP congestion control when the receiver can misbehave, as might occur with a greedy Web client. We first demonstrate that there are simple attacks that...
Understanding the Performance of TCP Pacing (1999)
Amit Aggarwal, Stefan Savage, Thomas Anderson
Many researchers have observed that TCP's congestion control mechanisms can lead to bursty traffic flows on modern high-speed networks, with a negative impact on overall network efficiency. A...
TCP Congestion Control with a Misbehaving Receiver (1999)
Stefan Savage, Neal Cardwell, David Wetherall, Tom Anderson
In this paper, we explore the operation of TCP congestion control when the receiver can misbehave, as might occur with a greedy Web client. We first demonstrate that there are simple attacks that...
Eraser: A Dynamic Data Race Detector for Multi-Threaded Programs (1999)
Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson
Multi-threaded programming is difficult and error prone. It is easy to make a mistake in synchronization that produces a data race, yet it can be extremely hard to locate this mistake during...
Extensibility, Safety and Performance in the (1999)
Brian N. Bershad, Stefan Savage, Emin Gun Sirer, Marc E. Fiuczynski, David Becker, Craig Chambers, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services,...
The End-to-End Effects of Internet Path Selection (1999)
Stefan Savage, Andy Collins, Eric Hoffman, John Snell, Thomas Anderson
The path taken by a packet traveling across the Internet depends on a large number of factors, including routing protocols and pernetwork routing policies. The impact of these factors on the endto...
The End-to-End Effects of Internet Path Selection (1999)
Stefan Savage, Andy Collins, Eric Hoffman, John Snell, Thomas Anderson
The path taken by a packet traveling across the Internet depends on a large number of factors, including routing protocols and pernetwork routing policies. The impact of these factors on the...
The Case for Informed Transport Protocols (1999)
Stefan Savage, Neal Cardwell, Tom Anderson
Wide-area distributed applications are frequently limited by the performance of Internet data transfer. We argue that the principle cause of this effect is the poor interaction between host-centric...
The Case for Informed Transport Protocols (1999)
Stefan Savage, Neal Cardwell, Tom Anderson
Wide-area distributed applications are frequently limited by the performance of Internet data transfer. We argue that the principle cause of this effect is the poor interaction between host-centric...
Issues in the Design of an Extensible Operating System (1999)
Stefan Savage, Brian N. Bershad
Extensible operating systems are designed around the principle that a system can be dynamically customized to best serve application needs. However, realizing this goal in a safe and efficient manner...
-- An Extensible Microkernel for Application-specific Operating System Services (1999)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan Mcnamee, Stefan Savage, ...
Application domains, such as multimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide fixed...
Brian N. Bershad, Stefan Savage, David Becker, Marc Fiuczynski, Emin Gun Sirer
moters of these systems imply that their reliability and integrity derive solely from the use of a core set of protected hardware mechanisms, such as address spaces and protected supervisor mode...
-- An Extensible Microkernel for Application-specific Operating System Services (1999)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan Mcnamee, Stefan Savage, ...
Application domains such as multimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide fixed...
The End-to-End Effects of Internet Path Selection (1999)
Stefan Savage, Andy Collins, Eric Hoffman, John Snell, Thomas Anderson
The path taken by a packet traveling across the Internet depends on a large number of factors, including routing protocols and per-network routing policies. The impact of these factors on the...
Detour: a Case for Informed Internet Routing and Transport (1999)
Stefan Savage, Tom Anderson, Amit Aggarwal, David Becker, Neal Cardwell, Andy Collins, ...
Despite its obvious success, robustness, and scalability, the Internet suffers from a number of end-to-end performance and availability problems. In this paper, we attempt to quantify the Internet's...
Detour: a Case for Informed Internet Routing and Transport (1999)
Stefan Savage, Tom Anderson, Amit Aggarwal, David Becker, Neal Cardwell, Andy Collins, ...
Despite its obvious success, robustness, and scalability, the Internet suffers from a number of end-to-end performance and availability problems. In this paper, we attempt to quantify the Internet's...
Extensibility, Safety and Performance in the SPIN Operating System (1999)
Brian N. Bershad, Stefan Savage, Emin Gun Sirer, Marc Fiuczynski, David Becker, Susan Eggers, ...
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure together with a core set of extensible services...
Detour: a Case for Informed Internet Routing and Transport (1998)
Stefan Savage, Tom Anderson, Amit Aggarwal, David Becker, Neal Cardwell, Andy Collins, ...
Despite its obvious success, robustness, and scalability, the Internet suffers from a number of end-to-end performance and availability problems. In this paper, we attempt to quantify the Internet's...
Modeling the Performance of Short TCP Connections (1998)
Neal Cardwell, Stefan Savage, Tom Anderson
Recently researchers have proposed several analytic models of TCP performance. Several of these models accurately describe the steady-state behavior of long TCP connections transferring megabytes of...
Detour: a Case for Informed Internet Routing and Transport (1998)
Stefan Savage, Tom Anderson, Amit Aggarwal, David Becker, Neal Cardwell, Andy Collins, ...
Despite its obvious success, robustness, and scalability, the Internet suffers from a number of end-to-end performance and availability problems. In this paper, we attempt to quantify the Internet's...
Inferring Internet Denial-of-Service Activity (1998)
Moore, David, Voelker, Geoffrey M., Savage, Stefan
In this paper, we seek to answer a simple question: "How prevalent are denial-of-service attacks in the Internet today?". Our motivation is to understand quantitatively the nature of the current...
Detour: a Case for Informed Internet Routing and Transport (1998)
Stefan Savage, Tom Anderson, Amit Aggarwal, David Becker, Neal Cardwell, Andy Collins, ...
Despite its obvious success, robustness, and scalability, the Internet suffers from a number of end-to-end performance and availability problems. In this paper, we attempt to quantify the Internet's...
-- An Extensible Microkernel for Application-specific Operating System Services (1998)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan Mcnamee, Stefan Savage, ...
Application domains, such as multimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide fixed...
-- An Extensible Microkernel for Application-specific Operating System Services (1998)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan Mcnamee, Stefan Savage, ...
Application domains such as multimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide fixed...
-- An Extensible Microkernel for Application-specific Operating System Services (1998)
Brian N. Bershad, Craig Chambers, Susan Eggers, Chris Maeda, Dylan Mcnamee, Stefan Savage, ...
Application domains, such as multimedia, databases, and parallel computing, require operating system services with high performance and high functionality. Existing operating systems provide fixed...
Brian N. Bershad, Stefan Savage, David Becker, Marc Fiuczynski, Emin Gun Sirer
moters of these systems imply that their reliability and integrity derive solely from the use of a core set of protected hardware mechanisms, such as address spaces and protected supervisor mode...
Language and Runtime Support for Dynamic Interposition of System Code (1998)
Stefan Savage, Brian N. Bershad
Extensible operating systems require an efficient means to dynamically bind extensions to existing code. The SPIN operating system provides this functionality via an event-based invocation mechanism....
Issues in the Design of an Extensible Operating System (1998)
Stefan Savage, Brian N. Bershad
Extensible operating systems are designed around the principle that a system can be dynamically customized to best serve application needs. However, realizing this goal in a safe and efficient manner...