Export Citations
2007 Proceeding- General Chair:
- Thomas C. Bressoud,
- Program Chair:
- M. Frans Kaashoek
- Sponsor:
- sigops
Please enjoy the proceedings of the 21st ACM Symposium on Operating Systems Principles--SOSP'07. In the SOSP tradition, the 25 papers herein explore a wide range of computer systems topics, including traditional ones such as concurrency as well as new ones such as "hardening" Web browsers. Collectively these papers report on some of the most creative and thought-provoking ideas in computer systems today and how they work out in practice. The 25 papers were shepherded by PC members to ensure that they are easy to read. We hope you will enjoy learning from these papers.
Selecting 25 papers out of 131 submissions was difficult because so many of the submissions were of high quality. To make the selection process as fair and as consistent as possible the program committee employed a different process than used by previous SOSPs (but used successfully by other conferences such as SIGCOMM). The program committee consisted of 13 "heavy"-load and 13 "light"-load members. The heavy-load members reviewed about 34 submissions each and attended the face-to-face PC meeting in Cambridge, MA USA. The light-load members reviewed about 24 papers each and did not attend the PC meeting. In contrast, recent SOSPs used a small number of PC members (12-15) who read a large fraction of all submissions, sometimes assisted by external reviewers. SOSPs before that required all PC members to read all submissions.
The goal of the new process was to resolve the tension between having high-quality, consistent reviews, a large number of submissions (it has been steadily growing over the years), and a productive face-to-face meeting. With more PC members the PC did not have to rely on external reviews, which can be inconsistent because the external reviewers see only a small sample of the submissions, yet the workload for the individual PC members was manageable, allowing thorough reviewing. By having a subset of the PC members meet in person, the PC was able to have in-depth discussion and reach consensus through discussion (rather than voting). The larger overall PC also allowed a broader group of people to participate in the decisions.
Paper selection was a three round process, with multiple reviews by the PC generated in each round and with reviewers targeted by subject expertise. The first two rounds reduced the pool of considered papers by 50%. The 62 remaining papers produced another two reviews apiece and all 705 reviews were assessed in preparation for the PC meeting. At the PC meeting, the 62 papers were ranked by review scores for discussion order and each assigned a champion to summarize content and strengths and to lead the discussion on individual papers. The PC discussion for each paper followed until consensus was reached. Throughout the process anonymity was maintained and conflicts of interest precluded by removing authors or those with direct association with an author from the discussion. In the final selection, 3 papers were co-authored by heavy-load PC members, and 6 were co-authored by light-load PC members.
Did the PC make good decisions? This question is probably best answered by you after reading the papers! It is interesting to note, however, that a shadow PC chaired and organized by Rebecca Isaacs (Microsoft Research, Cambridge, England) reviewed 101 of the 131 submissions (which included 18 of the 25 papers accepted by the real PC) and accepted 16 papers. Of the 18 papers accepted by the real PC, 9 were accepted by the shadow PC, 4 were discussed by the shadow PC, and 5 didn't make it to the discussion at the shadow PC meeting (the shadow PC discussed 40 submissions). An informal review suggests that the variations in decisions were partially due to the fact that the shadow PC's goals were different from the real PC's. The shadow PC's main goal was to educate participants about how a PC works, how to review papers, etc. and members volunteered to participate; the real PC members were carefully chosen to provide both depth and breadth across a wide range of topics. This difference in focus resulted in a few important modifications to the decision process: the shadow PC members produced 4 reviews per submission and saw fewer submissions, had less time to absorb the reviews before the meeting, and had less expertise in certain areas. A full report will be submitted to SIGOPS Operating Systems Review.
A successful conference goes beyond the accepted papers, building and supporting its community. At SOSP this year, and in celebration of the 20th anniversary of the SYSTERS group, we have introduced two special programs. First, we recognize the importance of increasing the participation of women and underrepresented minorities in systems research. And to be successful, this participation has to reach to undergraduates and show them the excitement and interesting problems in systems. Toward this end, we established an additional scholarship opportunity, supported by industry contributors, that has supported these targeted groups to attend SOSP. Second, the participation by women works best when undergraduates and graduates are shown the way by women already participating in the field. For this, we created a special one-day workshop for women to develop this community as a prelude to the beginning of the SOSP conference. Support from our industry contributors and from NSF and CRA-W has been outstanding. Equally impressive has been the support from the organizing team and all who have made this possible. These initiatives have been embraced enthusiastically.
Proceeding Downloads
Protection and communication abstractions for web browsers in MashupOS
Web browsers have evolved from a single-principal platform on which one site is browsed at a time into a multi-principal platform on which data and code from mutually distrusting sites interact programmatically in a single page at the browser. Today's "...
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
The rise of the software-as-a-service paradigm has led to the development of a new breed of sophisticated, interactive applications often called Web 2.0. While web applications have become larger and more complex, web application developers today have ...
Secure web applications via automatic partitioning
Swift is a new, principled approach to building web applications that are secure by construction. In modern web applications, some application functionality is usually implemented as client-side code written in JavaScript. Moving code and data to the ...
Zyzzyva: speculative byzantine fault tolerance
We present Zyzzyva, a protocol that uses speculation to reduce the cost and simplify the design of Byzantine fault tolerant state machine replication. In Zyzzyva, replicas respond to a client's request without first running an expensive three-phase ...
Tolerating byzantine faults in transaction processing systems using commit barrier scheduling
This paper describes the design, implementation, and evaluation of areplication scheme to handle Byzantine faults in transaction processing database systems. The scheme compares answers from queries and updates on multiple replicas which are unmodified, ...
Low-overhead byzantine fault-tolerant storage
This paper presents an erasure-coded Byzantine fault-tolerant block storage protocol that is nearly as efficient as protocols that tolerate only crashes. Previous Byzantine fault-tolerant block storage protocols have either relied upon replication, ...
TxLinux: using and managing hardware transactional memory in an operating system
- Christopher J. Rossbach,
- Owen S. Hofmann,
- Donald E. Porter,
- Hany E. Ramadan,
- Bhandari Aditya,
- Emmett Witchel
TxLinux is a variant of Linux that is the first operating system to use hardware transactional memory (HTM) as a synchronization primitive, and the first to manage HTM in the scheduler. This paper describes and measures TxLinux and discusses two ...
MUVI: automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs
Software defects significantly reduce system dependability. Among various types of software bugs, semantic and concurrency bugs are two of the most difficult to detect. This paper proposes a novel method, called MUVI, that detects an important class of ...
Bouncer: securing software by blocking bad input
Attackers exploit software vulnerabilities to control or crash programs. Bouncer uses existing software instrumentation techniques to detect attacks and it generates filters automatically to block exploits of the target vulnerabilities. The filters are ...
Triage: diagnosing production run failures at the user's site
Diagnosing production run failures is a challenging yet importanttask. Most previous work focuses on offsite diagnosis, i.e.development site diagnosis with the programmers present. This is insufficient for production-run failures as: (1) it is difficult ...
/*icomment: bugs or bad comments?*/
Commenting source code has long been a common practice in software development. Compared to source code, comments are more direct, descriptive and easy-to-understand. Comments and sourcecode provide relatively redundant and independent information ...
Sinfonia: a new paradigm for building scalable distributed systems
We propose a new paradigm for building scalable distributed systems. Our approach does not require dealing with message-passing protocols -- a major complication in existing distributed systems. Instead, developers just design and manipulate data ...
PeerReview: practical accountability for distributed systems
We describe PeerReview, a system that provides accountability in distributed systems. PeerReview ensures that Byzantine faults whose effects are observed by a correct node are eventually detected and irrefutably linked to a faulty node. At the same time,...
Attested append-only memory: making adversaries stick to their word
Researchers have made great strides in improving the fault tolerance of both centralized and replicated systems against arbitrary (Byzantine) faults. However, there are hard limits to how much can be done with entirely untrusted components; for example, ...
Dynamo: amazon's highly available key-value store
- Giuseppe DeCandia,
- Deniz Hastorun,
- Madan Jampani,
- Gunavardhan Kakulapati,
- Avinash Lakshman,
- Alex Pilchin,
- Swaminathan Sivasubramanian,
- Peter Vosshall,
- Werner Vogels
Reliability at massive scale is one of the biggest challenges we face at Amazon.com, one of the largest e-commerce operations in the world; even the slightest outage has significant financial consequences and impacts customer trust. The Amazon.com ...
Staged deployment in mirage, an integrated software upgrade testing and distribution system
Despite major advances in the engineering of maintainable and robust software over the years, upgrading software remains a primitive and error-prone activity. In this paper, we argue that several problems with upgrading software are caused by a poor ...
AutoBash: improving configuration management with operating system causality analysis
AutoBash is a set of interactive tools that helps users and system administrators manage configurations. AutoBash leverages causal tracking support implemented within our modified Linux kernel to understand the inputs (causal dependencies) and outputs (...
Integrating concurrency control and energy management in device drivers
Energy management is a critical concern in wireless sensornets. Despite its importance, sensor network operating systems today provide minimal energy management support, requiring applications to explicitly manage system power states. To address this ...
VirtualPower: coordinated power management in virtualized enterprise systems
Power management has become increasingly necessary in large-scale datacenters to address costs and limitations in cooling or power delivery. This paper explores how to integrate power management mechanisms and policies with the virtualization ...
DejaView: a personal virtual computer recorder
As users interact with the world and their peers through their computers, it is becoming important to archive and later search the information that they have viewed. We present DejaView, a personal virtual computer recorder that provides a complete ...
Improving file system reliability with I/O shepherding
- Haryadi S. Gunawi,
- Vijayan Prabhakaran,
- Swetha Krishnan,
- Andrea C. Arpaci-Dusseau,
- Remzi H. Arpaci-Dusseau
We introduce a new reliability infrastructure for file systems called I/O shepherding. I/O shepherding allows a file system developer to craft nuanced reliability policies to detect and recover from a wide range of storage system failures. We ...
Generalized file system dependencies
- Christopher Frost,
- Mike Mammarella,
- Eddie Kohler,
- Andrew de los Reyes,
- Shant Hovsepian,
- Andrew Matsuoka,
- Lei Zhang
Reliable storage systems depend in part on "write-before" relationships where some changes to stable storage are delayed until other changes commit. A journaled file system, for example, must commit a journal transaction before applying that transaction'...
Information flow control for standard OS abstractions
- Maxwell Krohn,
- Alexander Yip,
- Micah Brodsky,
- Natan Cliffer,
- M. Frans Kaashoek,
- Eddie Kohler,
- Robert Morris
Decentralized Information Flow Control (DIFC) is an approach to security that allows application writers to control how data flows between the pieces of an application and the outside world. As applied to privacy, DIFC allows untrusted software to ...
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
We propose SecVisor, a tiny hypervisor that ensures code integrity for commodity OS kernels. In particular, SecVisor ensures that only user-approved code can execute in kernel mode over the entire system lifetime. This protects the kernel against code ...
Secure virtual architecture: a safe execution environment for commodity operating systems
This paper describes an efficient and robust approach to provide a safe execution environment for an entire operating system, such as Linux, and all its applications. The approach, which we call Secure Virtual Architecture (SVA), defines a virtual, low-...
Cited By
-
Romaniuk R, Linczuk M and Zbierski M (2017). Towards scalable Byzantine fault-tolerant replication Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2017, 10.1117/12.2280929, , (1044520), Online publication date: 7-Aug-2017.
-
Romaniuk R and Zbierski M (2016). BFT replication resistant to MAC attacks Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2016, 10.1117/12.2248741, , (1003149), Online publication date: 28-Sep-2016.
-
Romaniuk R and Zbierski M (2015). Reducing the agreement cost of BFT replication XXXVI Symposium on Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments (Wilga 2015), 10.1117/12.2205493, , (96623H), Online publication date: 11-Sep-2015.
