Aydan R. Yumerefendi

Learn More
Access control misconfigurations are widespread and can result in damaging breaches of confidentiality. This paper presents TightLip, a privacy management system that helps users define what data is sensitive and who is trusted to see it rather than forcing them to understand or predict how the interactions of their software packages can leak data. The key(More)
This paper presents the design and implementation of Shirako, a system for on-demand leasing of shared net-worked resources. Shirako is a prototype of a service-oriented architecture for resource providers and consumers to negotiate access to resources over time, arbitrated by brokers. It is based on a general lease abstraction: a lease represents a(More)
Virtualization technology offers powerful resource management mechanisms, including performance-isolating resource schedulers, live migration, and suspend/resume. But how should networked virtual computing systems use these mechanisms? A grand challenge is to devise practical policies to drive these mechanisms in a self-managing or " au-tonomic " system,(More)
This paper promotes <i>accountability</i> as a central design goal for dependable networked systems. We define three properties for accountable systems that extend beyond the basic security properties of authentication, privacy, and integrity. These accountability properties reduce the vulnerability of network services to subversion, tampering, corruption,(More)
—In this work, we have designed and implemented new algorithms and mechanisms that allow Hadoop-based applications to request and provision Hadoop clusters across multiple cloud domains and link them via bandwidth-provisioned network pipes – " on-demand " provisioning of Hadoop clusters on multi-domain networked clouds. Our prototype implementation used an(More)
Embedding virtual topologies in physical network infrastructure has been an area of active research for the future Internet and network testbeds. Virtual network embedding is also useful for linking virtual compute clusters allocated from cloud providers. Using advanced networking technologies to interconnect distributed cloud sites is a promising way to(More)
We describe a new design for authorization in operating systems in which applications are first-class entities. In this design, principals reflect application identities. Access control lists are patterns that recognize principals. We present a security model that embodies this design in an experimental operating system, and we describe the implementation(More)
Utility computing delivers compute and storage resources to applications as an 'on-demand utility', much like electricity, from a distributed collection of computing resources. There is great interest in running database applications on utility resources (e.g., Oracle's Grid initiative) due to reduced infrastructure and management costs, higher resource(More)