Learn More
This paper presents the design and implementation of Shirako, a system for on-demand leasing of shared net-worked resources. Shirako is a prototype of a service-oriented architecture for resource providers and consumers to negotiate access to resources over time, arbitrated by brokers. It is based on a general lease abstraction: a lease represents a(More)
Access control misconfigurations are widespread and can result in damaging breaches of confidentiality. This paper presents TightLip, a privacy management system that helps users define what data is sensitive and who is trusted to see it rather than forcing them to understand or predict how the interactions of their software packages can leak data. The key(More)
Singularity is a research project in Microsoft Research that started with the question: what would a software platform look like if it was designed from scratch with the primary goal of dependability? Singularity is working to answer this question by building on advances in programming languages and tools to develop a new system architecture and operating(More)
Virtualization technology offers powerful resource management mechanisms, including performance-isolating resource schedulers, live migration, and suspend/resume. But how should networked virtual computing systems use these mechanisms? A grand challenge is to devise practical policies to drive these mechanisms in a self-managing or " au-tonomic " system,(More)
Grid computing environments need secure resource control and predictable service quality in order to be sustainable. We propose a grid hosting model in which independent, self-contained grid deployments run within isolated containers on shared resource provider sites. Sites and hosted grids interact via an underlying resource control plane to manage a(More)
This paper promotes <i>accountability</i> as a central design goal for dependable networked systems. We define three properties for accountable systems that extend beyond the basic security properties of authentication, privacy, and integrity. These accountability properties reduce the vulnerability of network services to subversion, tampering, corruption,(More)
—In this work, we have designed and implemented new algorithms and mechanisms that allow Hadoop-based applications to request and provision Hadoop clusters across multiple cloud domains and link them via bandwidth-provisioned network pipes – " on-demand " provisioning of Hadoop clusters on multi-domain networked clouds. Our prototype implementation used an(More)
This paper summarizes recent research on networked virtual computing in the NICL lab at Duke. Over the past few years, we have constructed a service-oriented substrate for networked sharing and adaptive middleware environments based on a virtual on-demand computing. The goal of the project is to develop protocols and tools that can link together virtual(More)