2009 IEEE/IFIP International Conference on Dependable Systems & Networks

Recently, a new attack for poisoning the cache of Recursive DNS (RDNS) resolvers was discovered and revealed to the public. In response, major DNS vendors released a patch to their software. However, the released patch does not completely protect DNS servers from cache poisoning attacks in a number of practical scenarios. DNSSEC seems to offer a definitive solution to the vulnerabilities of the DN... View full abstract»

Security protocols are not as secure as we assumed. In this paper, we identified a practical way to launch DoS attacks on security protocols by triggering exceptions. Through experiments, we show that even the latest strongly authenticated protocols such as PEAP, EAP-TLS and EAP-TTLS are vulnerable to these attacks. Real attacks have been implemented and tested against TLS-based EAP protocols, the... View full abstract»

The border gateway protocol (BGP) is a fundamental building block of the Internet infrastructure. However, due to the implicit trust assumption among networks, Internet routing remains quite vulnerable to various types of misconfiguration and attacks. Prefix hijacking is one such misbehavior where an attacker AS injects false routes to the Internet routing system that misleads victim's traffic to ... View full abstract»

This work explores the principles and practice of isolating low-level device drivers in order to improve OS dependability. In particular, we explore the operations drivers can perform and how fault propagation in the event a bug is triggered can be prevented. We have prototyped our ideas in an open-source multiserver OS (MINIX 3) that isolates drivers by strictly enforcing least authority and iter... View full abstract»

Eliminating OS bugs is essential to ensuring the reliability of infrastructures ranging from embedded systems to servers. Several tools based on static analysis have been proposed for finding bugs in OS code. They have, however, emphasized scalability over usability, making it difficult to focus the tools on specific kinds of bugs and to relate the results to patterns in the source code. We propos... View full abstract»

In previous work, we introduced Echo, a new approach to the formal verification of the functional correctness of software. Part of what makes Echo practical is a technique called verification refactoring. The program to be verified is mechanically refactored specifically to facilitate verification. After refactoring, the program is documented with low-level annotations, and a specification is extr... View full abstract»

The use of mobile devices is limited by the battery lifetime. Some devices have the option to connect an extra battery, or to use smart battery packs with multiple cells to extend the lifetime. In these cases, scheduling the batteries over the load to exploit recovery properties usually extends the system lifetime. Straightforward scheduling schemes, like round robin or choosing the best battery a... View full abstract»

This paper addresses safety modeling and evaluation of automated highway systems, based on the use of platoons of vehicles driven by automated agents. We analyze the impact on safety of the strategy used to coordinate the vehicles' operations, inside each platoon and between platoons, when vehicles enter or exit the highway, or when maneuvers are carried out to recover from failures affecting the ... View full abstract»

Despite the reliability of modern disks, recent studies have made it clear that a new class of faults, UndetectedDisk Errors (UDEs) also known as silent data corruption events, become a real challenge as storage capacity scales. While RAID systems have proven effective in protecting data from traditional disk failures, silent data corruption events remain a significant problem unaddressed by RAID.... View full abstract»