Dependable, Adaptive, and Secure Distributed Systems16th DADS Track of the
36th ACM Symposium on Applied Computing
15th DADS 2020
14th DADS 2019
13th DADS 2018
12th DADS 2017
11th DADS 2016
10th DADS 2015
9th DADS 2014
8th DADS 2013
7th DADS 2012
6th DADS 2011
5th DADS 2010
4th DADS 2009
3rd DADS 2008
2nd DADS 2007
1st DADS 2006
March 22 - 26, 2021
The Symposium on Applied Computing has been a primary gathering forum for applied computer scientists, computer engineers, software engineers, and application developers from around the world. SAC 2021 is sponsored by the ACM Special Interest Group on Applied Computing and the SRC Program is sponsored by Microsoft Research.
The track provides a forum for scientists and engineers in academia and industry to present and discuss their latest research findings on selected topics in dependable, adaptive and trustworthy distributed systems and services.
The track is structured in two sessions.
Details see SAC program page.
Trust Assessment in 32 KiB of RAM: Multi-application Trust-based Task Offloading for Resource-constrained IoT Nodes
Matthew Bradbury, Arshad Jhumka and Tim Watson
There is an increasing demand for Internet of Things (IoT) systems comprised of resource-constrained sensor and actuator nodes executing increasingly complex applications, possibly simultaneously. IoT devices will not be able to execute computationally expensive tasks and will require more powerful computing nodes, called edge nodes, for such execution, in a process called computation offloading. When multiple powerful nodes are available, a selection problem arises: which edge node should a task be submitted to? This problem is even more acute when the system is subjected to attacks, such as DoS, or network perturbations such as system overload. In this paper, we present a trust model-based system architecture for computation offloading, based on behavioural evidence. The system architecture provides confidentiality, authentication and non-repudiation of messages in required scenarios and will operate within the resource constraints of embedded IoT nodes. We demonstrate the viability of the architecture with an example deployment of Beta Reputation System trust model on real hardware.
Analysis of VM Migration Scheduling as Moving Target Defense against insider attacks
Matheus Torquato, Paulo Maciel and Marco Vieira
As cybersecurity threats evolve, cloud computing defenses must adapt to face new challenges. Unfortunately, due to resource sharing, cloud computing platforms open the door for insider attacks, which consist of malicious actions from cloud authorized users (e.g., clients of an Infrastructure-as-a-Service (IaaS) cloud) targeting the co-hosted users or the underlying provider environment. Virtual machine (VM) migration is a Moving Target Defense (MTD) technique to mitigate insider attacks effects, as it provides VMs positioning manageability. However, there is a clear demand for studies quantifying the security benefits of VM migration-based MTD considering different system architecture configurations. This paper tries to fill such a gap by presenting a Stochastic Reward Net model for the security evaluation of a VM migration-based MTD. The security metric of interest is the probability of attack success. We consider multiple architectures, ranging from one physical machine pool (without MTD) up to four physical machine pools. The evaluation also considers the unavailability due to VM migration. The key contributions are i) a set of results highlighting the probability of insider attacks success over time in different architectures and VM migration schedules, and ii) suggestions for selecting VMs as candidates for MTD deployment based on the tolerance levels of the attack success probability. The results are validated against simulation results to confirm the accuracy of the model.
Reducing the Subscription Latency in Reliable Causal Publish-Subscribe Systems
Filipa Pedrosa and Luís Rodrigues
Publish-subscribe systems are a powerful abstraction to build distributed applications. This paper addresses the problem of reducing subscription latency in reliable publish-subscribe systems. In most systems that offer reliability guarantees, a subscriber needs to wait until its subscription has been propagated throughout the entire system, and known by all relevant publishers, before starting to receive events. Interestingly, this may happen even when a previously deployed subscription covers a new one. In this paper, we study the properties that need to be satisfied to reduce the subscription latency and propose a new publish-subscribe system that leverages causal order multicast to offer low subscription latency when these conditions are met.
SmartStream: Towards Byzantine Resilient Data Streaming
Johannes Köstler, Hans P. Reiser, Gerhard Habiger and Franz J. Hauck
Data streaming platforms connect heterogeneous services through the publish-subscribe paradigm. Currently available platforms provide protection against crash faults, but are not resistant against Byzantine faults like arbitrary hardware faults and intrusions. State machine replication can provide this protection, but the higher resource requirements and the more elaborated communication primitives usually result in a higher overall complexity and a nonnegligible performance degradation. This is especially true for data streaming if the default textbook approach of integrating the service into a replicated state machine is followed without further adaptions. The standard state management with state logs and snapshots and without any partitioning scheme limits both performance and scalability in a way those systems become unusable in practice. That is why we propose SmartStream, a topic-based Byzantine fault-tolerant data streaming platform that harmonizes the competing concepts of both systems and leverages the specific characteristics of data streaming, namely the append-only semantics of the application state and its partitionable structure.We show its effectiveness in a prototype implementation and evaluate its performance. The evaluation results show a moderate drop in system throughput when compared to state-of-the-art data streaming platforms like Apache Kafka, but reasonable overall performance considering the stronger resilience guarantees.
Details see SAC program page.
Blockchain-Based Root of Trust Management in Security Credential Management System for Vehicular Communications
Arijet Sarker, SangHyun Byun, Wenjun Fan and Sang-Yoon Chang
Security Credential Management System (SCMS) provides the Public Key Infrastructure (PKI) for vehicular networking. SCMS builds the state-of-the-art distributed PKI to protect the vehicular networking privacy against an honest-but-curious authority (by the use of multiple PKI authorities) and to decentralize the PKI root of trust (by the Elector-Based Root Management or EBRM, having the distributed electors manage the Root Certificate Authority or RCA).We build on the EBRM architecture and construct a Blockchain-Based Root Management (BBRM) to provide even greater decentralization and security. More specifically, BBRM uses blockchain to i) replace the existing RCA and have the electors directly involved in the root certificate generation, ii) control the elector network membership including elector addition and revocation, and iii) provide greater accountability and transparency on the aforementioned functionalities. We implement BBRM on Hyperledger Fabric using smart contract for system experimentation and analyses. Our experiments show that BBRM is lightweight in processing, efficient in ledger size, and supports a bandwidth of multiple transactions per second. Our results show that the BBRM blockchain is appropriate for the root certificate generation and the elector membership control for EBRM within SCMS, which are significantly smaller in number and occurrences than the SCMS outputs of vehicle certificates. We also experiment to analyze how the BBRM distributed consensus protocol parameters, such as the number of electors and the number of required votes, affect the overall scheme’s performances.
Details see SAC program page.
Understanding the Properness of Incorporating Machine Learning Algorithms in Safety-Critical Systems
Mohamad Gharib, Tommaso Zoppi and Andrea Bondavalli
Nowadays, Machine Learning (ML) algorithms are being incorporated into many systems since they can learn and solve complex problems. Some of these systems can be considered as Safety- Critical Systems (SCS), therefore, the performance of ML algorithms should be sufficiently safe concerning the safety requirements of the incorporating SCS. However, the performance analysis of ML algorithms, usually, relies on metrics that were not developed with safety in mind. Accordingly, they may not be appropriate for assessing the performance of ML algorithms concerning safety. This paper debates on accounting for the distribution – not just the amount - of False Negatives as an additional element to be used when assessing ML algorithms to be integrated into SCS. We empirically try to assess the properness of incorporating ML-based components (anomaly-based intrusion detectors) into SCS using both traditional and novel SSPr and NPr metrics that focus on the numbers as well as the distribution of False Negatives. Results obtained by our experiment allow discussing the potential of ML-based components to be incorporated into SCS.
Automation and Prioritization of Replica Balancing in HDFS
Rhauani Fazul and Patrícia Pitthan
The Hadoop Distributed File System (HDFS) is a reliable storage engine designed to run over commodity hardware. To provide reliability and read performance, HDFS has a storage model based on data replication and works best when the file blocks are evenly spread across the cluster. HDFS Balancer is an Apache Hadoop daemon created for replica balancing on the file system. However, the tool is not optimized to meet potential usage demands of reliability and availability during data redistribution, besides requiring to be manually configured and triggered. In this work, we present a solution for replica balancing that takes advantage of the combined use of a proactive and a reactive approach. The former is addressed through the active monitoring of the computational environment by an agent-server structure. The latter is based on the customization of the default operation policy of the HDFS Balancer. As shown by the evaluation results, the solution automates the use of the HDFS Balancer and allows it to execute according to the reliability of the racks and the availability of the data stored in the cluster.
Karl M. Göschka (Main contact chair)
University of Applied Sciences Technikum Wien
Embedded Systems Institute
A-1200 Vienna, Austria
phone: +43 664 180 6946
goeschka (at) technikum-wien dot at
AT&T Shannon Laboratory
1 AT&T Way, Bedminster, NJ 07921
hiltunen (the at sign goes here) research (dot) att (dot) com
Universidade do Minho
Computer Science Department
Campus de Gualtar
4710-057 Braga, Portugal
phone: +351 253 604 452 / Internal: 4452
rco (at) di dot uminho dot pt
University of Auckland
Department of Computer Science
Private Bag 92019
Auckland 1142, New Zealand
phone: +64 9 373 7599 ext. 86137
g dot russello at auckland dot ac dot nz
|September 28, 2020 (11:59PM UTC) - extended||Paper submission|
|November 24, 2020||Author notification|
|December 21, 2020||Camera-ready papers|
For general information about SAC, please visit: http://www.sigapp.org/sac/sac2021/
If you have further questions, please do not hesitate to contact us: email@example.com