Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Dealing with server corruption in weakly consistent, replicated data systems
MobiCom '97 Proceedings of the 3rd annual ACM/IEEE international conference on Mobile computing and networking
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
Flexible update propagation for weakly consistent replication
Proceedings of the sixteenth ACM symposium on Operating systems principles
Deciding when to forget in the Elephant file system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Protection and the control of information sharing in multics
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Computer
On the performance, feasibility, and use of forward-secure signatures
Proceedings of the 10th ACM conference on Computer and communications security
ACM Computing Surveys (CSUR)
Ext3cow: a time-shifting file system for regulatory compliance
ACM Transactions on Storage (TOS)
Recovery from "bad" user transactions
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
A fresh look at the reliability of long-term digital storage
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
EnsemBlue: integrating distributed storage and consumer electronics
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Queue - Scalable Web Services
Cimbiosys: a platform for content-based partial replication
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Cimbiosys: a platform for content-based partial replication
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Device transparency: a new model for mobile storage
ACM SIGOPS Operating Systems Review
Policy-based access control for weakly consistent replication
Proceedings of the 5th European conference on Computer systems
Intrusion recovery using selective re-execution
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Verification of semantic commutativity conditions and inverse operations on linked data structures
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Eyo: device-transparent personal storage
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Intrusion recovery for database-backed web applications
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
Asynchronous intrusion recovery for interconnected web services
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Hi-index | 0.00 |
Weakly consistent replication of data has become increasingly important both for loosely-coupled collections of personal devices and for large-scale infrastructure services. Unfortunately, automatic replication mechanisms are agnostic about the quality of the data they replicate. Inappropriate updates, whether malicious or simply the result of misuse, propagate automatically and quickly. The consequences may not be noticed until days later, when the corrupted data has been fully replicated, thereby deleting or overwriting all traces of the valid data. In this sort of situation, it can be hard or impossible to restore an entire distributed system to a clean state without losing data and disrupting users. Polygraph is a software layer that extends the functionality of weakly consistent replication systems to support compromise recovery. Its goal is to undo the direct and indirect effects of updates due to a source known after the fact to have been compromised. In restoring a clean replicated state, Polygraph expunges all data due to a compromise or derived from such data, retains as much uncompromised data as possible, and revives valid versions of subsequently compromised data. Our evaluation demonstrates that Polygraph is both effective, retaining uncompromised data, and efficient, re-replicating data only when necessary.