liveblogging osdi 2012 tuesday

There are four main sessions today. Looking forward to the Google talk on Spanner.

Distributed Systems and Networking

DJoin: Differentially Private Join Queries over Distributed Databases

Lots of data accumulated everywhere - social networks, hospitals, airlines..

Idea 1: give all data to a trusted party - but this may not exist. Idea 2: use secure multiparty computation but may talk long Idea 3: Use Differential Privacy.

Security

Improving Integer Security for Systems with KINT

Because the integers in C don’t have unlimited precision, it is possible for them overflow. For example 2³⁰ * 2² = 0. This can be exploited by attackers. One of the famous examples is that of the iPhone jailbreak. Another is the example of logical bugs in linux kernel. There is an OOM killer which assigns scores to processes based on memory usage and then kills the processes with the highest score. This can be exploited by malicious code that can take a lot of memory but still not be detected (because by overflow their scores can get evaluated to 0).

It is in fact hard to prevent integer overflows, even if you have unlimited precision (there could be other bugs or it is difficult).

Contributions of KINT:

• a case study of 114 bugs in the linux kernel


• KINT: a static analysis tool for C programs used to find the 114 bugs.

Case study: Linux kernel. The 114 bugs have been confirmed and fixed by developers. Most are memory and logical bugs.

Writing correct checks is non-trivial.

KINT has the following modules:

• Bound check insertion


• Taint analysis


• Range analysis

Advocates the use of NaN (instead of 0 when overflow occurs).

Details at http://pdos.csail.mit.edu/kint/

Dissent in Numbers: Making Strong Anonymity Scale

via MIND. IS BLOWN http://mindisblown.com/blog/2012/10/09/liveblogging-osdi-2012-tuesday/