There is an increasing trend towards federated distributed systems, i.e., systems that are operated jointly by multiple different organizations or individuals. The interests of the participants in such a system are often highly diverse and/or in conflict with one another; for example, participants may be business competitors or based in hostile nations. Thus, federated systems are inherently vulnerable to insider attacks: the participants can try to subvert the system, exploit it for their own benefit, or attack other participants.

However, the participants in a federated system are typically connected in the 'offline world' as well, e.g., through social networks or business relationships. This context can be leveraged to handle misbehavior through well-known, time-tested techniques like accountability and transparency. For example, if one participant can detect and prove that another participant has misbehaved, she can sue that participant for breach of contract.

The goal of this project is to develop a key technology for enabling this approach, namely a reliable and general way to generate and verify evidence of misbehavior in federated systems. We study the fundamental tradeoffs, requirements, and inherent costs of creating evidence, we develop new algorithms for efficiently supporting different kinds of evidence, and we evaluate these algorithms in the context of practical systems.

PeerReview library: v1.1.2

• Private and Verifiable Interdomain Routing Decisions
  Mingchen Zhao, Wenchao Zhou, Alexander J. T. Gurney, Andreas Haeberlen, Micah Sherr, and Boon Thau Loo
  Proceedings of ACM SIGCOMM 2012, Helsinki, Finland, August 2012
  [PDF] [BibTex] [Technical report]
  
  
• Reliable Client Accounting for Hybrid Content-Distribution Networks
  Paarijaat Aditya, Mingchen Zhao, Yin Lin, Andreas Haeberlen, Peter Druschel, Bruce Maggs, Bill Wishon
  9th USENIX Symposium on Networked Systems Design and Implementation (NSDI' 12), San Jose, CA, April 2012
  [PDF] [BibTex]
  
  
• Having your Cake and Eating it too: Routing Security with Privacy Protections
  Alexander J. T. Gurney, Andreas Haeberlen, Wenchao Zhou, Micah Sherr, and Boon Thau Loo
  10th ACM Workshop on Hot Topics in Networks (HotNets-X), Cambridge, MA, November 2011.
  [PDF] [BibTex] [Slides]
  
  
• Secure Network Provenance
  Wenchao Zhou, Qiong Fei, Arjun Narayan, Andreas Haeberlen, Boon Thau Loo, and Micah Sherr
  23rd ACM Symposium on Operating Systems Principles (SOSP '11), Cascais, Portugal, October 2011.
  [PDF] [BibTex] [Technical report]
  
  
• Differential Privacy Under Fire
  Andreas Haeberlen, Benjamin C. Pierce, and Arjun Narayan
  20th USENIX Security Symposium, San Francisco, CA, August 2011.
  [PDF] [BibTex] [Slides] [Software]
  
  
• Challenges in Experimenting with Botnet Detection Systems
  Adam J. Aviv and Andreas Haeberlen
  4th USENIX Workshop on Cyber Security Experimentation and Test (CSET '11), San Francisco, CA, August 2011.
  [PDF] [BibTex]
  
  
• TAP: Time-aware Provenance for Distributed Systems
  Wenchao Zhou, Ling Ding, Andreas Haeberlen, Zachary Ives, and Boon Thau Loo
  3rd USENIX Workshop on the Theory and Practice of Provenance (TaPP '11), Heraklion, Greece, June 2011.
  [PDF] [BibTex]
  
  
• NetTrails: A Declarative Platform for Maintaining and Querying Provenance in Distributed Systems
  Wenchao Zhou, Qiong Fei, Shengzhi Sun, Tao Tao, Andreas Haeberlen, Zachary Ives, Boon Thau Loo, and Micah Sherr
  Demo. ACM SIGMOD International Conference on Management of Data (SIGMOD '11 demo), Athens, Greece, June 2011.
  [PDF] [BibTex]
  
  

Faculty:
Andreas Haeberlen

Students:
Mingchen Zhao
Arjun Narayan

Alumni:
Prakashkumar Thiagarajan

This work is funded by the National Science Foundation under the Trustworthy Computing program (grant number CNS-1054229). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.