Bibtex file

Nikos Vasilakis

This file can be accessed in both bibtex and markdown forms, from which it gets generated.

General-purpose Distributed Environments

From Lone Dwarfs to Giant Superclusters: Rethinking Operating System Abstractions for the Cloud

@inproceedings{andromeda:hotos:2015,
 author = {Nikos Vasilakis and Ben Karel and Jonathan M. Smith},
 title  = {From Lone Dwarfs to Giant Superclusters: Rethinking Operating System Abstractions for the Cloud},
 booktitle = {15th Workshop on Hot Topics in Operating Systems (HotOS XV)},
 year = {2015},
 month = {May},
 address = {Kartause Ittingen, Switzerland},
 url = {https://www.usenix.org/conference/hotos15/workshop-program/presentation/vasilakis},
 publisher = {USENIX Association},
}

Unix took a rich smorgasbord of operating system features from its predecessors and pared it down to a small but powerful set of abstractions: files, processes, pipes, and the shell to glue the system together. In the intervening forty years, the common-case computational substrate has evolved from a lone PDP-11 minicomputer to vast clouds of virtualized computational resources. Contemporary distributed systems are being built by adding layer upon layer atop the foundation established by Unix’s chosen abstractions. Unfortunately, the resulting mess has lost the “simplicity, elegance, and ease of use” that was a hallmark of the original Unix design. To cope with distribution at astronomic scale, we must take our operating systems back to the drawing board. We are living in a new world, and it is time to be brave.

Distributed Partitioning Data Structures

Query-efficient Partitions for Dynamic Data

@inproceedings{unispace:apsys:2017,
 author = {Vasilakis, Nikos and Palkhiwala, Yash and Smith, Jonathan M.},
 title = {Query-efficient Partitions for Dynamic Data},
 booktitle = {Proceedings of the 8th Asia-Pacific Workshop on Systems},
 series = {APSys '17},
 year = {2017},
 isbn = {978-1-4503-5197-3},
 location = {Mumbai, India},
 pages = {23:1--23:8},
 articleno = {23},
 numpages = {8},
 url = {http://doi.acm.org/10.1145/3124680.3124744},
 doi = {10.1145/3124680.3124744},
 acmid = {3124744},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {Dynamic, Key-Value Store, NoSQL, Partitioning, Queries},
}

Large-scale data storage requirements have led to the development of distributed, non-relational databases (NoSQL). Single-dimension NoSQL achieves scalability by partitioning data over a single key space. Queries on primary (“key”) properties are made efficient at the cost of queries on other properties. Multidimensional NoSQL systems attempt to remedy this inefficiency by creating multiple key spaces. Unfortunately, the structure of data needs to be known a priori and must remain fixed, eliminating many of the original benefits of NoSQL.

This paper presents three techniques that together enable query-efficient partitioning of dynamic data. First, unispace hashing (UH) extends multidimensional hashing to data of unknown structure with the goal of improving queries on secondary properties. Second, compression formulas leverage user insight to address UH’s inefficiencies and further accelerate lookups by certain properties. Third, formula spaces use UH to simplify compression formulas and accelerate queries on the structure of objects. The resulting system supports dynamic data similar to single-dimension NoSQL systems, efficient data queries on secondary properties, and novel intersection, union, and negation queries on the structure of dynamic data.

Security-oriented Compartmentalization

BreakApp: Automated, Flexible Application Compartmentalization

@conference{breakapp:ndss:2018,
 author = {Vasilakis, Nikos and Karel, Ben and Roessler, Nick and Dautenhahn, Nathan and DeHon, Andr{\'e} and Smith, Jonathan M.},
 title = {BreakApp: Automated, Flexible Application Compartmentalization},
 booktitle = {Networked and Distributed Systems Security},
 series = {NDSS'18},
 year = {2018},
 location = {San Diego, California},
 url = {http://dx.doi.org/10.14722/ndss.2018.23131},
 doi = {10.14722/ndss.2018.23131},
 keywords = {Compartmentalization, Least-Privilege Separation, Modules, Packages, Security},
} 

Developers of large-scale software systems may use third-party modules to reduce costs and accelerate release cycles, at some risk to safety and security. BreakApp exploits module boundaries to automate compartmentalization of systems and enforce security policies, enhancing reliability and security. BreakApp transparently spawns modules in protected compartments while preserving their original behavior. Optional high-level policies decouple security assumptions made during development from requirements imposed for module composition and use. These policies allow fine-tuning trade-offs such as security and performance based on changing threat models or load patterns. Evaluation of BreakApp with a prototype implementation for JavaScript demonstrates feasibility by enabling simplified security hardening of existing systems with low performance overhead.

Towards Fine-grained, Automated Application Compartmentalization

@inproceedings{breakapp:plos:2017,
 author = {Vasilakis, Nikos and Karel, Ben and Roessler, Nick and Dautenhahn, Nathan and DeHon, Andr{\'e} and Smith, Jonathan M.},
 title = {Towards Fine-grained, Automated Application Compartmentalization},
 booktitle = {Proceedings of the 9th Workshop on Programming Languages and Operating Systems},
 series = {PLOS'17},
 year = {2017},
 isbn = {978-1-4503-5153-9},
 location = {Shanghai, China},
 pages = {43--50},
 numpages = {8},
 url = {http://doi.acm.org/10.1145/3144555.3144563},
 doi = {10.1145/3144555.3144563},
 acmid = {3144563},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {Compartmentalization, Least-Privilege Separation, Modules, Packages, Security},
}

The rise of language-specific, third-party packages simplifies application development. However, relying on untrusted code poses a threat to security and reliability.

In this work, we propose exploiting module boundaries – and the general trend towards many, small modules – to achieve fine-grained compartmentalization. Automated transformations can hide compartment boundaries and minimize developer effort. Optional policy expressions can decouple security assumptions at development time from requirements during composition and runtime. Using JavaScript’s flourishing ecosystem, we discuss a wide range of risks and sketch how the use of language-level solutions coupled with systemic mechanisms can protect against them.

Programmable Metadata Processing

Architectural Support for Software-Defined Metadata Processing

@inproceedings{pump:asplos:2015,
 author = {Dhawan, Udit and Hritcu, Catalin and Rubin, Raphael and Vasilakis, Nikos and Chiricescu, Silviu and Smith, Jonathan M. and Knight,Jr., Thomas F. and Pierce, Benjamin C. and DeHon, Andre},
 title = {Architectural Support for Software-Defined Metadata Processing},
 booktitle = {Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems},
 series = {ASPLOS '15},
 year = {2015},
 isbn = {978-1-4503-2835-7},
 location = {Istanbul, Turkey},
 pages = {487--502},
 numpages = {16},
 url = {http://doi.acm.org/10.1145/2694344.2694383},
 doi = {10.1145/2694344.2694383},
 acmid = {2694383},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {CFI, memory safety, metadata, security, tagged architecture, taint tracking},
}

Optimized hardware for propagating and checking software-programmable metadata tags can achieve low runtime overhead. We generalize prior work on hardware tagging by considering a generic architecture that supports software-defined policies over metadata of arbitrary size and complexity; we introduce several novel microarchitectural optimizations that keep the overhead of this rich processing low. Our model thus achieves the efficiency of previous hardware-based approaches with the flexibility of the software-based ones. We demonstrate this by using it to enforce four diverse safety and security policies—spatial and temporal memory safety, taint tracking, control-flow integrity, and code and data separation—plus a composite policy that enforces all of them simultaneously. Experiments on SPEC CPU2006 benchmarks with a PUMP-enhanced RISC processor show modest impact on runtime (typically under 10%) and power ceiling (less than 10%), in return for some increase in energy usage (typically under 60%) and area for on-chip memory structures (110%).

PUMP: A Programmable Unit for Metadata Processing

@inproceedings{pump:hasp:2014,
 author = {Dhawan, Udit and Vasilakis, Nikos and Rubin, Raphael and Chiricescu, Silviu and Smith, Jonathan M. and Knight,Jr., Thomas F. and Pierce, Benjamin C. and DeHon, Andr{\'e}},
 title = {PUMP: A Programmable Unit for Metadata Processing},
 booktitle = {Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy},
 series = {HASP '14},
 year = {2014},
 isbn = {978-1-4503-2777-0},
 location = {Minneapolis, Minnesota, USA},
 pages = {8:1--8:8},
 articleno = {8},
 numpages = {8},
 url = {http://doi.acm.org/10.1145/2611765.2611773},
 doi = {10.1145/2611765.2611773},
 acmid = {2611773},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {control-flow integrity, memory safety, metadata, security, tagged architecture, taint tracking},
}

We introduce the Programmable Unit for Metadata Processing (PUMP), a novel software-hardware element that allows flexible computation with uninterpreted metadata alongside the main computation with modest impact on runtime performance (typically 10–40% for single policies, compared to metadata-free computation on 28 SPEC CPU2006 C, C++, and Fortran programs). While a host of prior work has illustrated the value of ad hoc metadata processing for specific policies, we introduce an architectural model for extensible, programmable metadata processing that can handle arbitrary metadata and arbitrary sets of software-defined rules in the spirit of the time-honored 0-1-∞ rule. Our results show that we can match or exceed the performance of dedicated hardware solutions that use metadata to enforce a single policy, while adding the ability to enforce multiple policies simultaneously and achieving flexibility comparable to software solutions for metadata processing. We demonstrate the PUMP by using it to support four diverse safety and security policies—spatial and temporal memory safety, code and data taint tracking, control-flow integrity including return-oriented-programming protection, and instruction/data separation—and quantify the performance they achieve, both singly and in combination.

Internet of Things

Developing Multiplayer Pervasive Games and Networked Interactive Installations Using Ad Hoc Mobile Sensor Nets

@inproceedings{finn:ace:2009,
 author = {Akribopoulos, Orestis and Logaras, Marios and Vasilakis, Nikos and Kokkinos, Panagiotis and Mylonas, Georgios and Chatzigiannakis, Ioannis and Spirakis, Paul},
 title = {Developing Multiplayer Pervasive Games and Networked Interactive Installations Using Ad Hoc Mobile Sensor Nets},
 booktitle = {Proceedings of the International Conference on Advances in Computer Enterntainment Technology},
 series = {ACE '09},
 year = {2009},
 isbn = {978-1-60558-864-3},
 location = {Athens, Greece},
 pages = {174--181},
 numpages = {8},
 url = {http://doi.acm.org/10.1145/1690388.1690418},
 doi = {10.1145/1690388.1690418},
 acmid = {1690418},
 publisher = {ACM},
 address = {New York, NY, USA},
}

We present here Fun in Numbers (FinN, http://finn.cti.gr), a framework for developing pervasive applications and interactive installations for entertainment and educational purposes. Using ad hoc mobile wireless sensor network nodes as the enabling devices, FinN allows for the quick prototyping of applications that utilize input from multiple physical sources (sensors and other means of interfacing), by offering a set of programming templates and services, such as topology discovery, localization and synchronization, that hide the underlying complexity. We present the target application domains of FinN, along with a set of multiplayer games and interactive installations. We describe the overall architecture of our platform and discuss some key implementation issues of the application domains. Finally, we present the experience gained by deploying the applications developed with our platform.

Demo: Multiplayer Pervasive Games and Networked Interactive Installations Using Ad Hoc Mobile Sensor Networks

@inproceedings{Akribopoulos:2009:MPG:1690388.1690500,
 author = {Akribopoulos, Orestis and Logaras, Marios and Vasilakis, Nikos and Kokkinos, Panagiotis and Mylonas, Georgios and Chatzigiannakis, Ioannis and Spirakis, Paul},
 title = {Multiplayer Pervasive Games and Networked Interactive Installations Using Ad Hoc Mobile Sensor Networks},
 booktitle = {Proceedings of the International Conference on Advances in Computer Enterntainment Technology},
 series = {ACE '09},
 year = {2009},
 isbn = {978-1-60558-864-3},
 location = {Athens, Greece},
 pages = {453--453},
 numpages = {1},
 url = {http://doi.acm.org/10.1145/1690388.1690500},
 doi = {10.1145/1690388.1690500},
 acmid = {1690500},
 publisher = {ACM},
 address = {New York, NY, USA},
} 

In this work, we showcase a set of implemented multiplayer games and interactive installations based on Fun in Numbers (FinN). FinN allows the quick prototyping of applications that utilize input from multiple physical sources (sensors and other means of interfacing), by offering a set of programming templates and services, such as proximity, localization and synchronization, that hide the underlying complexity.

Using wireless sensor networks to develop pervasive multi-player games

@inproceedings{finn:sensys:2008,
 author = {Orestis Akribopoulos and Marios Logaras and Nikos Vasilakis and Panagiotis C. Kokkinos and Georgios Mylonas and Ioannis Chatzigiannakis},
 title = {Using wireless sensor networks to develop pervasive multi-player games},
 booktitle = {Proceedings of the 6th International Conference on Embedded Networked Sensor Systems},
 series = {SenSys 2008},
 pages = {375--376},
 location = {Raleigh, NC, USA},
 year = {2008},
 month = {November},
 url = {http://doi.acm.org/10.1145/1460412.1460459},
 doi = {10.1145/1460412.1460459}
}

In this work we present two mobile, locative and collaborative distributed games that are played using wireless sensor devices. We briefly present the architecture of the two games and demonstrate their capabilities. The key characteristic of these games is that players interact with each other and their surrounding environment by moving, running and gesturing as a means to perform game related actions, using sensor devices. We demonstrate our system’s implementation, which uses a combination of JAVA Standard and Mobile editions.

A software platform for developing multi-player pervasive games using small programmable object technologies

@inproceedings{finn:mass:2008, 
 author = {Orestis Akribopoulos and Dimitrios Bousis and Dionysios Efstathiou and Haris Koutsouridis and Marios Logaras and Andreas Loukas and Alexandros Nafas and Georgios Oikonomou and Irini Thireou and Nikos Vasilakis and Panagiotis C. Kokkinos and Georgios Mylonas and Ioannis Chatzigiannakis}, 
 booktitle = {2008 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems}, 
 title = {A software platform for developing multi-player pervasive games using small programmable object technologies}, 
 year = {2008}, 
 pages = {544-546}, 
 doi = {10.1109/MAHSS.2008.4660084}, 
 ISSN = {2155-6806}, 
 month = {Sept}
}

As of 2008, the total number of mobile phone subscribers has well surpassed the number of 3 billion. Along with the increase in the number of subscribers, there has been an increase of the capabilities of such devices. The vast majority of the current generation of mobile phones are capable of executing J2ME applications. Moreover, manufacturers have started integrating various kinds of sensors into their handsets, e.g., accelerometers or thermistors. Therefore, there is already an existing user base using such devices, that is continually growing. It is our belief that there is great potential in combining sensors and mobile devices to produce exciting entertainment applications. Games have been a major part of the computer industry for the last decades, and are generally recognized as a means of pushing the technological boundaries, both in hardware and software. We expect that pervasive games will transform into a major application field for wireless sensor networks.

Theses

A Novel Application of Ubiquitous Computing Using Interactive Installations

@mastersthesis{,
 document_type = {Bachelor's Thesis},
 author = {Nikos Vasilakis},
 title = {A Novel Application of Ubiquitous Computing Using Interactive Installations},
 school = {Computer Engineering and Informatics -- University of Patras},
 year = {2009},
 type = {Bachelor Thesis},
 pdf = {http://nikos.vasilak.is/pubs/thesis.pdf}
}

Other

Network Function Virtualization: Don’t Give up on Least Privilege!

@unpublished{kameleon:hotnets:2015,
 author = {Nikos Vasilakis and Ben Karel and Andr{\'e} DeHon and Jonathan M. Smith},
 title = {Network Function Virtualization: Don't Give up on Least Privilege!},
 booktitle = {14th ACM Workshop on Hot Topics in Networks (Submitted)},
 series = {HotNets-XIV},
 year = {2015},
 location = {Philadelphia, PA, USA},
 numpages = {7},
 keywords = {Least Privilege, Security, Decomposition}
}

HandsFree: Next Generation Sequence Processing, Mapping and Analysis Made Easy

@inbook{handsfree:dils:2013,
 author = {Loher, Phillipe and Vasilakis, Nikos and Malamon, John  and Chen, Huang-Wen and Rigoutsos, Isidore},
 title = {HandsFree: Next Generation Sequence Processing, Mapping and Analysis Made Easy},
 bookTitle = {Data Integration in the Life Sciences: 9th International Conference},
 series = {DILS'13},
 location = {Montreal, QC, Canada},
 year = {2013},
 keywords = {DNA analysis, RNA analysis, genomic pipeline, mapping service}
}