You are here

Best Student Paper

EtE: Passive End-to-End Internet Service Performance Monitoring

June 14, 2002 - 9:00 am-10:30 am
Yun Fu::Duke University
Ludmila Cherkasova::Hewlett-Packard Laboratories
Wenting Tang::Hewlett-Packard Laboratories
Amin Vahdat::Duke University

This paper presents, EtE monitor, a novel approach to measuring web site performance. Our system passively collects packet traces from a server site to determine service performance characteristics. We introduce a two-pass heuristic method and a statistical filtering mechanism to accurately reconstruct different client page accesses and to measure performance characteristics integrated across all client accesses. Relative to existing approaches, EtE monitor offers the following benefits: i) a breakdown between the network and server overhead of retrieving a web page, ii) longitudinal information for all client accesses, not just the subset probed by a third party, iii) characteristics of accesses that are aborted by clients, and iv) quantification of the benefits of network and browser caches on server performance. Our initial implementation and performance analysis across two sample sites confirm the utility of our approach.

SWILL: A Simple Embedded Web Server Library

June 13, 2002 - 11:00 am-12:30 pm
Sotiria Lampoudi::University of Chicago
David M. Beazley::University of Chicago

We present SWILL, a lightweight programming library that adds a simple embedded web server capability to C and C++ programs. Using SWILL, it is possible to add Internet accessibility to programs that are poorly matched to more traditional methods of web programming such as CGI scripting or web server plugin modules. SWILL also makes it easy for programmers to add web-based monitoring, diagnostics, and debugging capabilities to software not normally associated with internet programming. We like to think of SWILL as an attempt to turn the problem on its head: traditionally, the web server came first, the ``programs'' later; in our approach, the application is written first, and the server integrated last. For some types of applications, this approach is far more painless. In this paper, we provide an overview of the SWILL library and describe how we have used it to provide web access to a variety of applications including scientific simulation software, a compiler, and a hardware emulator for teaching operating systems.

MEF, Malicious Email Filter–A UNIX Mail Filter That Detects Malicious Windows Executables

June 30, 2001 - 11:00 am-12:30 pm
Matthew G. Schultz::Columbia University
Eleazar Eskin::Columbia University
Erez Zadok::SUNY Stony Brook
Manasi Bhattacharyya::Columbia University
Salvatore J. Stolfo::Columbia University

We present Malicious Email Filter, MEF, a freely distributed malicious binary filter incorporated into Procmail that can detect malicious Windows attachments by integrating with a UNIX mail server. The system has three capabilities: detection of known and unknown malicious attachments, tracking the propagation of malicious attachments and efficient model update algorithms.

The system filters multiple malicious attachments in an email by using detection models obtained from data mining over known malicious attachments. It leverages preliminary research in data mining applied to malicious executables which allows the detection of previously unseen, malicious attachments. In addition, the system provides a method for monitoring and measurement of the spread of malicious attachments. Finally, the system also allows for the efficient propagation of detection models from a central server. These updated models can be downloaded by a system administrator and easily incorporated into the current model. The system will be released under GPL in June 2001.

Flexibility in ROM: A Stackable Open Source BIOS

June 13, 2003 - 9:00 am-10:30 am
Adam Agnew::University of Maryland at College Park
Adam Sulmicki::University of Maryland at College Park
Ronald Minnich::Los Alamos National Labs
William Arbaugh::University of Maryland at College Park

One of the last vestiges of closed source proprietary software in current PCs is the PC BIOS. The BIOS, most always written in assembler, operates mostly in 16 bit mode, and provides services that few modern 32 bit operating systems require. Recognizing this, the LinuxBIOS founders began an effort to place a Linux kernel in the ROM of current motherboards- completely removing the legacy BIOS. While the LinuxBIOS effort fully supports Linux, other modern operating systems, e.g. *BSD, and Windows 2000/XP, could not be directly supported because of their reliance on a few services provided by those legacy BIOSes. In this paper, we describe how we have combined elements of the LinuxBIOS, the Bochs PC emulator, and additional software to create the first open source firmware for the IBM PC capable of booting most modern operating systems.

Design and Implementation of Netdude, a Framework for Packet Trace Manipulation

July 1, 2004 - 1:30 pm-3:00 pm
Christian Kreibich::University of Cambridge, UK

We present the design and implementation of a framework for inspection, visualization, and modification of tcpdump packet trace files. The system is modularized into components for distinct application purposes, readily extensible, accessible through programmatic and graphical interfaces, and capable of handling trace files of arbitrary size and content. We include experiences of using the system in several real-world scenarios.