Overlay networks are used today in a variety of distributed systems ranging from file-sharing and storage systems to communication infrastructures. However, designing, building and adapting these overlays to the intended application and the target environment is a di#cult and time consuming process.

This article presents the design, implementation, and evaluation of CATS, a network storage service with strong accountability properties. CATS offers a simple web services interface that allows clients to read and write opaque objects of variable size. This interface is similar to the one offered by existing commercial Internet storage services. CATS extends the functionality of commercial Internet storage services by offering support for strong accountability. A CATS server annotates read and write responses with evidence of correct execution, and offers audit and challenge interfaces that enable clients to verify that the server is faithful. A faulty server cannot conceal its misbehavior, and evidence of misbehavior is independently verifiable by any participant. CATS clients are also accountable for their actions on the service. A client cannot deny its actions, and the server can prove the impact of those actions on the state views it presented to other clients. Experiments with a CATS prototype evaluate the cost of accountability under a range of conditions and expose the primary factors influencing the level of assurance and the performance of a strongly accountable storage server. The results show that strong accountability is practical for network storage systems in settings with strong identity and modest degrees of write-sharing. We discuss

Abstract: We describe the design, implementation, and evaluation of Depot, a cloud storage system that minimizes trust assumptions. Depot assumes less than any prior system about the correct operation of participating hosts—Depot tolerates Byzantine failures, including malicious or buggy behavior, by any number of clients or servers—yet provides safety and availability guarantees (on consistency, staleness, durability, and recovery) that are useful. The key to safeguarding safety without sacrificing availability (and vice versa) in this environment is to join forks: participants (clients and servers) that observe inconsistent behaviors by other participants can join their forked view into a single view that is consistent with what each individually observed. Our experimental evaluation suggests that the costs of protecting the system are modest. Depot adds a few hundred bytes of metadata to each update and each stored object, and requires hashing and signing each update. 1

to secure shared untrusted memory.

We address the problem of using an untrusted server with a trusted platform module (TPM) to provide trusted storage for a large number of clients, where each client may own and use several different devices that may be offline at different times and may not be able to communicate with each other except through the untrusted server (over an untrusted network). The clients only trust the server’s TPM; the server’s BIOS, CPU, and OS are not assumed to be trusted. We show how the currently available TPM 1.2 technology can be used to implement tamper-evident storage, where clients are guaranteed to at least detect illegitimate modifications to their data (including replay attacks) whenever they wish to perform a critical operation that relies on the freshness and validity of the data. In particular, we introduce and analyze a log-based scheme in which the built-in monotonic counter of a TPM 1.2 chip is used to securely implement a large number of virtual monotonic counters, which can then be used to time-stamp data and provide tamper-evident storage. Tamper-tolerant storage, which guarantees that a client can continue to retrieve its original data even after a malicious attack, is provided by using data replication on top of the tamper-evident storage system. As a separate application of our log-based scheme, we also show how these virtual monotonic counters can be used to implement one-time certificates, which are certificates that can be spent at most once. One-time certificates can be used for one-time authentication and authorization, and can be useful in applications such as DRM, offline payments, and others. Finally, we implement these ideas using an actual PC with a TPM 1.2 chip and present preliminary performance results.

evaluation of CATS, a toolkit for indexed state storage for network services. CATS is based on a new implementation of a persistent authenticated dictionary, which integrates signed action records and cryptographic state digests into an index. This storage abstraction enables a CATS-based network service to certify its operations: any client with sufficient knowledge of the service semantics can verify that it behaves consistently and correctly. CATS is a fundamental building block for accountable network systems that can detect, isolate, and prove misbehavior or tampering.

data sharing service for mobile computing environments. ASTRO is the first system to support disconnected operation and opportunistic data sharing among potentially Byzantine nodes while continuing to provide precise and useful consistency guarantees to correct nodes. Specifically, ASTRO supports fork-causal consistency, a new consistency semantics that adapts the notion of forklinearizability introduced in SUNDR to weakly consistent distributed systems like Bayou. Fork-causal consistency, though weaker than causal consistency, guarantees that Byzantine nodes cannot alter the causal ordering of updates that have been generated by correct nodes. 1

plosion of interest in tools for intelligent data analysis: information retrieval, automatic similarity comparison and categorization of Web pages, information extraction and question-answering. Statistical text analysis has proved to be a powerful tool for many of these tasks. The mathematical approach and its a#nity to physics --- in statistical text analysis documents are represented as points in a highly dimensional vector space, where each dimension corresponds to a unique term occurring in the documents --- was what drew me to Computer Science in the first place. From there, I went on to investigate more sophisticated mathematical techniques such as Singular Value Decomposition, Principal Component Analysis and matrix envelope minimization for finding groups of related texts and themes in a collection of documents. Experience with these techniques led to a job in the software industry, first at a start-up company that created one of the first Web meta-search engines, and then at

Overlay networks are used today in a variety of distributed systems ranging from file-sharing and storage systems to communication infrastructures. However, designing, building and adapting these overlays to the intended application and the target environment is a difficult and time consuming process. To ease the development and the deployment of such overlay networks we have implemented P2, a system that uses a declarative logic language to express overlay networks in a highly compact and reusable form. P2 can express a Naradastyle mesh network in 16 rules, and the Chord structured overlay in only 47 rules. P2 directly parses and executes such specifications using a dataflow architecture to construct and maintain overlay networks. We describe the P2 approach, how our implementation works, and show by experiment its promising trade-off point between specification complexity and performance.