Our group is exploring techniques for automatically upgrading software in object-oriented databases and in long-lived distributed systems. My work focuses on the latter problem; in particular I'm interested in how to schedule the upgrades of nodes in a distributed system to avoid interrupting service and how to enable nodes running different versions to interact safely and efficiently.
My annotated bibliography on software upgrade techniques for distributed systems, updated periodically.
Paper presented at ECOOP 20, July 2006 [ ps | pdf ]
My PhD thesis, August 2004 [ ps | pdf ]
Poster presented at SOSP 19, October 2003. [ pdf ]
Workshop paper presented at HotOS IX, May 2003. [ ps | pdf ]
MIT PhD Thesis Proposal, April 2003. [ ps | pdf ]
Andrew Myers' Jif (Java Information Flow) language provides language-based information flow control with mostly-static checking. Programs written in Jif can run on a standard JVM, but the system requires certain runtime components to ensure privacy.
The goal of this project is to design a system that provides authentication, authorization, and channel creation services for Jif programs. These services combine to create a Trusted Execution Platform (TEP). TEP allows two or more mutually-distrusting parties to share classified data in a computation. TEP is provided by a trusted third party and controls the flow of information into, within, and out of the system. For more information, see my Master's thesis [ ps | pdf ].
We have also designed a trusted third-party computation service based on TEP. Details appear in a technical report [ ps | pdf ].
ConChord is a large-scale certificate distribution system built on a peer-to-peer storage network. ConChord is designed to support SPKI/SDSI, an IETF-proposed public key infrastructure that allows individuals to define local names and link namespaces to delegate trust. ConChord uses the Chord distributed lookup protocol to locate data, allowing ConChord to scale to thousands of servers and millions of certificates.
Keywords: public key infrastructure, PKI, certificate directory, SPKI, SDSI, peer-to-peer, Chord
Workshop paper presented at IPTPS, March 2002. [ ps | pdf ]
JSDSI: A Java SPKI/SDSI Implementation
SDSI, the Simple Distributed Security Infrastructure, is a design for decentralized management of naming and authorization information. I have extended and enhanced Alexander Morcos's original Java SDSI implementation. An included graphical tool allows users to create and manage SDSI certificates and implements the certificate chain discovery and verification algorithms described in the Appendix of my thesis. I have since improved these algorithms, as described in this report. The implementation efforts has moved to Sourceforge.