Abstract We present the Measurement Manager Protocol (MGRP), an in-kernel service that schedules ... more Abstract We present the Measurement Manager Protocol (MGRP), an in-kernel service that schedules and transmits probes on behalf of active measurement tools. Unlike prior measurement services, MGRP transparently piggybacks application packets inside the often significant amounts of empty padding contained in typical probes. Using MGRP thus combines the modularity, flexibility, and accuracy of standalone active measurement tools with the lower overhead of passive measurement techniques.
Abstract Mining software repositories at the source code level can provide a greater understandin... more Abstract Mining software repositories at the source code level can provide a greater understanding of how software evolves. We present a tool for quickly comparing the source code of different versions of a C program. The approach is based on partial abstract syntax tree matching, and can track simple changes to global variables, types and functions. These changes can characterize aspects of software evolution useful for answering higher level questions.
PLAN version 3.1 is implemented in OCaml, version 1.07. While this document attempts to be as imp... more PLAN version 3.1 is implemented in OCaml, version 1.07. While this document attempts to be as implementation-independent as possible, certain aspects are implementation dependent, and will refer to OCaml as necessary. An earlier, Java-based version of PLAN (2.2) is also available and has its own documentation suite.
Abstract Dynamic software updates can be used to fix bugs or add features to a running program wi... more Abstract Dynamic software updates can be used to fix bugs or add features to a running program without downtime. Essential for some applications and convenient for others, low-level dynamic updating has been used for many years. Perhaps surprisingly, there is little high-level understanding or language support to help programmers write dynamic updates effectively. To bridge this gap, we present Proteus, a core calculus for dynamic software updating in C-like languages that is flexible, safe, and predictable.
This document should serve as a tutorial and reference for the use of security features of PLAN 3... more This document should serve as a tutorial and reference for the use of security features of PLAN 3.2. More detail on the individual services may be found in the PLAN Programmer's Guide [2]. Details about the technical rationale and the design of the security system may be found in [7]; this paper should be read first, as its knowledge will be assumed herein. Note that the per-packet CPU and memory restrictions described in [1] are not implemented in the present version of PLAN 1.
It was a pleasure and a privilege to serve as the program committee (PC) chair of the 39th Sympos... more It was a pleasure and a privilege to serve as the program committee (PC) chair of the 39th Symposium on the Principles of Programming Languages (POPL). This paper describes the review process we used, why we used it, and an assessment of how it worked out.1 We made some substantial changes to the review process this year, most notably by incorporating a form of doubleblind reviewing.
This document is meant to be a guide to programmers intending to write services to be made availa... more This document is meant to be a guide to programmers intending to write services to be made available to PLAN programs. The document describes the basics of the active router implementation, and the preferred paradigm for extending it with new services and host applications.
Abstract The design objectives and the mechanisms for achieving those objectives are considered f... more Abstract The design objectives and the mechanisms for achieving those objectives are considered for each of three systems, Java, Erlang, and TIL. In particular, I examine the use of types and intermediate representations in the system implementation. In addition, the systems are compared to examine how one system's mechanisms may (or may not) be applied to another.
PLAN version 3.2 is implemented in OCaml, version 2.02. While this document attempts to be as imp... more PLAN version 3.2 is implemented in OCaml, version 2.02. While this document attempts to be as implementation-independent as possible, certain aspects are implementation dependent, and will refer to OCaml as necessary. An earlier, Java-based version of PLAN (2.2) is also available and has its own documentation suite.
Abstract We describe work in progress that uses program analysis to show that security-critical p... more Abstract We describe work in progress that uses program analysis to show that security-critical programs, such as cross-domain guards, correctly enforce cross-domain security policies. We are enhancing existing techniques from the field of Security-oriented Programming Languages to construct a new language for the construction of secure networked applications, SELINKS.
Abstract This paper explores the idea of knowledge-based security policies, which are used to dec... more Abstract This paper explores the idea of knowledge-based security policies, which are used to decide whether to answer queries over secret data based on an estimation of the querier's (possibly increased) knowledge given the results. Limiting knowledge is the goal of existing information release policies that employ mechanisms such as noising, anonymization, and redaction. Knowledge-based policies are more general: they increase flexibility by not fixing the means to restrict information flow.
Abstract. Cyclone is a type-safe language intended for applications requiring control over memory... more Abstract. Cyclone is a type-safe language intended for applications requiring control over memory management. Initial work on Cyclone supported stack allocation, lexical region allocation, and a garbage-collected heap. In this paper, we describe added support for unique pointers (which permit limited use of malloc and free) and reference-counted objects. These idioms are crucial for supporting overlapping, non-nested object lifetimes and safe manual deallocation.
This is an overview of work on the SwitchWare active network project, which began two years ago b... more This is an overview of work on the SwitchWare active network project, which began two years ago based on ideas about how to improve the flexibility of networks by making the network programmable. The original ideas for active networks as a whole and some comparative analysis of possible architectures are surveyed in 33.
In this paper, we propose a simple idea we call trusted declassification in which special declass... more In this paper, we propose a simple idea we call trusted declassification in which special declassifier functions are specified as part of the global policy. In particular, individual principals declaratively specify which declassifiers they trust so all information flows implied by the policy can be reasoned about in absence of a particular program. We formalize our approach for a Javalike language and prove a modified form of noninterference which we call noninterference modulo trusted methods.
Abstract We present SNAP (safe and nimble active packets), a new scheme for programmable (or acti... more Abstract We present SNAP (safe and nimble active packets), a new scheme for programmable (or active) packets centered around a new low-level packet language. Unlike previous active packet approaches, SNAP is practical: namely, adding significant flexibility over IP without compromising safety and security or efficiency.
Abstract Transient network stalls that degrade application performance are frustrating to users a... more Abstract Transient network stalls that degrade application performance are frustrating to users and developers alike. Software bugs, network congestion, and intermittent connectivity all have the same symptoms���low throughput, high latency, and user-level timeouts. In this paper, we show how an end host can identify the sources of network stalls using only simple counters from its local network stack.
Abstract Combining monadic computations may induce a significant syntactic overhead. To allow mon... more Abstract Combining monadic computations may induce a significant syntactic overhead. To allow monadic programming in direct style, we have developed Coco, a type-based tool that automatically rewrites ML code inserting necessary binds, unit, and morphisms between monads. This tool demonstration will show how to take advantage of Coco to facilitate using monadic libraries in practice, and will discuss possible future development of Coco to fit the actual needs of programmers.
The tasks of measurement and data transport are often treated independently, but we believe there... more The tasks of measurement and data transport are often treated independently, but we believe there are benefits to bringing them together. This paper proposes the simple idea of a transport agent to encapsulate useful data within probe packets in place of useless padding.
Abstract Dynamic Software Updating (DSU) has been an active topic of research for at least the la... more Abstract Dynamic Software Updating (DSU) has been an active topic of research for at least the last 30 years. However, despite many recent advances, DSU has yet to see widespread adoption and deployment in practice. In this paper, we review a slice of the history of DSU research to study how DSU for C has evolved over the last two decades. We examine the ways DSU systems are evaluated in the research literature.
Abstract We present the Measurement Manager Protocol (MGRP), an in-kernel service that schedules ... more Abstract We present the Measurement Manager Protocol (MGRP), an in-kernel service that schedules and transmits probes on behalf of active measurement tools. Unlike prior measurement services, MGRP transparently piggybacks application packets inside the often significant amounts of empty padding contained in typical probes. Using MGRP thus combines the modularity, flexibility, and accuracy of standalone active measurement tools with the lower overhead of passive measurement techniques.
Abstract Mining software repositories at the source code level can provide a greater understandin... more Abstract Mining software repositories at the source code level can provide a greater understanding of how software evolves. We present a tool for quickly comparing the source code of different versions of a C program. The approach is based on partial abstract syntax tree matching, and can track simple changes to global variables, types and functions. These changes can characterize aspects of software evolution useful for answering higher level questions.
PLAN version 3.1 is implemented in OCaml, version 1.07. While this document attempts to be as imp... more PLAN version 3.1 is implemented in OCaml, version 1.07. While this document attempts to be as implementation-independent as possible, certain aspects are implementation dependent, and will refer to OCaml as necessary. An earlier, Java-based version of PLAN (2.2) is also available and has its own documentation suite.
Abstract Dynamic software updates can be used to fix bugs or add features to a running program wi... more Abstract Dynamic software updates can be used to fix bugs or add features to a running program without downtime. Essential for some applications and convenient for others, low-level dynamic updating has been used for many years. Perhaps surprisingly, there is little high-level understanding or language support to help programmers write dynamic updates effectively. To bridge this gap, we present Proteus, a core calculus for dynamic software updating in C-like languages that is flexible, safe, and predictable.
This document should serve as a tutorial and reference for the use of security features of PLAN 3... more This document should serve as a tutorial and reference for the use of security features of PLAN 3.2. More detail on the individual services may be found in the PLAN Programmer's Guide [2]. Details about the technical rationale and the design of the security system may be found in [7]; this paper should be read first, as its knowledge will be assumed herein. Note that the per-packet CPU and memory restrictions described in [1] are not implemented in the present version of PLAN 1.
It was a pleasure and a privilege to serve as the program committee (PC) chair of the 39th Sympos... more It was a pleasure and a privilege to serve as the program committee (PC) chair of the 39th Symposium on the Principles of Programming Languages (POPL). This paper describes the review process we used, why we used it, and an assessment of how it worked out.1 We made some substantial changes to the review process this year, most notably by incorporating a form of doubleblind reviewing.
This document is meant to be a guide to programmers intending to write services to be made availa... more This document is meant to be a guide to programmers intending to write services to be made available to PLAN programs. The document describes the basics of the active router implementation, and the preferred paradigm for extending it with new services and host applications.
Abstract The design objectives and the mechanisms for achieving those objectives are considered f... more Abstract The design objectives and the mechanisms for achieving those objectives are considered for each of three systems, Java, Erlang, and TIL. In particular, I examine the use of types and intermediate representations in the system implementation. In addition, the systems are compared to examine how one system's mechanisms may (or may not) be applied to another.
PLAN version 3.2 is implemented in OCaml, version 2.02. While this document attempts to be as imp... more PLAN version 3.2 is implemented in OCaml, version 2.02. While this document attempts to be as implementation-independent as possible, certain aspects are implementation dependent, and will refer to OCaml as necessary. An earlier, Java-based version of PLAN (2.2) is also available and has its own documentation suite.
Abstract We describe work in progress that uses program analysis to show that security-critical p... more Abstract We describe work in progress that uses program analysis to show that security-critical programs, such as cross-domain guards, correctly enforce cross-domain security policies. We are enhancing existing techniques from the field of Security-oriented Programming Languages to construct a new language for the construction of secure networked applications, SELINKS.
Abstract This paper explores the idea of knowledge-based security policies, which are used to dec... more Abstract This paper explores the idea of knowledge-based security policies, which are used to decide whether to answer queries over secret data based on an estimation of the querier's (possibly increased) knowledge given the results. Limiting knowledge is the goal of existing information release policies that employ mechanisms such as noising, anonymization, and redaction. Knowledge-based policies are more general: they increase flexibility by not fixing the means to restrict information flow.
Abstract. Cyclone is a type-safe language intended for applications requiring control over memory... more Abstract. Cyclone is a type-safe language intended for applications requiring control over memory management. Initial work on Cyclone supported stack allocation, lexical region allocation, and a garbage-collected heap. In this paper, we describe added support for unique pointers (which permit limited use of malloc and free) and reference-counted objects. These idioms are crucial for supporting overlapping, non-nested object lifetimes and safe manual deallocation.
This is an overview of work on the SwitchWare active network project, which began two years ago b... more This is an overview of work on the SwitchWare active network project, which began two years ago based on ideas about how to improve the flexibility of networks by making the network programmable. The original ideas for active networks as a whole and some comparative analysis of possible architectures are surveyed in 33.
In this paper, we propose a simple idea we call trusted declassification in which special declass... more In this paper, we propose a simple idea we call trusted declassification in which special declassifier functions are specified as part of the global policy. In particular, individual principals declaratively specify which declassifiers they trust so all information flows implied by the policy can be reasoned about in absence of a particular program. We formalize our approach for a Javalike language and prove a modified form of noninterference which we call noninterference modulo trusted methods.
Abstract We present SNAP (safe and nimble active packets), a new scheme for programmable (or acti... more Abstract We present SNAP (safe and nimble active packets), a new scheme for programmable (or active) packets centered around a new low-level packet language. Unlike previous active packet approaches, SNAP is practical: namely, adding significant flexibility over IP without compromising safety and security or efficiency.
Abstract Transient network stalls that degrade application performance are frustrating to users a... more Abstract Transient network stalls that degrade application performance are frustrating to users and developers alike. Software bugs, network congestion, and intermittent connectivity all have the same symptoms���low throughput, high latency, and user-level timeouts. In this paper, we show how an end host can identify the sources of network stalls using only simple counters from its local network stack.
Abstract Combining monadic computations may induce a significant syntactic overhead. To allow mon... more Abstract Combining monadic computations may induce a significant syntactic overhead. To allow monadic programming in direct style, we have developed Coco, a type-based tool that automatically rewrites ML code inserting necessary binds, unit, and morphisms between monads. This tool demonstration will show how to take advantage of Coco to facilitate using monadic libraries in practice, and will discuss possible future development of Coco to fit the actual needs of programmers.
The tasks of measurement and data transport are often treated independently, but we believe there... more The tasks of measurement and data transport are often treated independently, but we believe there are benefits to bringing them together. This paper proposes the simple idea of a transport agent to encapsulate useful data within probe packets in place of useless padding.
Abstract Dynamic Software Updating (DSU) has been an active topic of research for at least the la... more Abstract Dynamic Software Updating (DSU) has been an active topic of research for at least the last 30 years. However, despite many recent advances, DSU has yet to see widespread adoption and deployment in practice. In this paper, we review a slice of the history of DSU research to study how DSU for C has evolved over the last two decades. We examine the ways DSU systems are evaluated in the research literature.
Uploads
Papers by Michael Hicks