There has been a flurry of research on leveraging social networks to defend against multiple identity, or Sybil, attacks. A series of recent works does not try to explicitly identify Sybil identities and, instead, bounds the impact that Sybil identities can have. We call these approaches Sybil tolerance; they have shown to be effective in applications including reputation systems, spam protection, online auctions, and content rating systems. All of these approaches use a social network as a credit network, rendering multiple identities ineffective to an attacker without a commensurate increase in social links to honest users (which are assumed to be hard to obtain). Unfortunately, a hurdle to practical adoption is that Sybil tolerance relies on computationally expensive network analysis, thereby limiting widespread deployment.
Online marketplaces are now a popular way for users to buy and sell goods over the Internet. On these sites, user reputations--based on feedback from other users concerning prior transactions--are used to assess the likely trustworthiness of users. However, because accounts are often free to obtain, user reputations are subject to manipulation through white-washing, Sybil attacks, and user collusion. This manipulation leads to wasted time and significant monetary losses for defrauded users, and ultimately undermines the usefulness of the online marketplace.In this paper, we propose Bazaar, a system that addresses the limitations of existing online marketplace reputation systems. Bazaar calculates user reputations using a max-flow-based technique over the network formed from prior successful transactions, thereby limiting reputation manipulation. Unlike existing approaches, Bazaar provides strict bounds on the amount of fraud that malicious users can conduct, regardless of the number of identities they create. An evaluation based on a trace taken froma real-world online marketplace demonstrates that Bazaar is able to bound the amount of fraud in practice, while only rarely impacting non-malicious users.
We describe a model for MapReduce computations that can be used to optimize the increasingly complex choice of resources that cloud customers purchase.
Recently, there has been much excitement in the research community over using social networks to mitigate multiple identity, or Sybil, attacks. A number of schemes have been proposed, but they differ greatly in the algorithms they use and in the networks upon which they are evaluated. As a result, the research community lacks a clear understanding of how these schemes compare against each other, how well they would work on real-world social networks with different structural properties, or whether there exist other (potentially better) ways of Sybil defense.
In today's data processing systems, both the policies protecting stored data and the mechanisms for their enforcement are spread over many software components and configuration files, increasing the risk of policy violation due to bugs, vulnerabilities and misconfigurations. Guardat addresses this problem. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. The semantic gap between the storage layer enforcement and per-file policies is bridged using cryptographic attestations from Guardat. We present the design and prototype implementation of Guardat, enforce example policies in a Web server, and show experimentally that its overhead is low.
Online communication media such as email, instant messaging, bulletin boards, voice-over-IP, and social networking sites allow any sender to reach potentially millions of users at near zero marginal cost. This property enables information to be exchanged freely: anyone with Internet access can publish content. Unfortunately, the same property opens the door to unwanted communication, marketing, and propaganda. Examples include email spam, Web search engine spam, inappropriately labeled content on YouTube, and unwanted contact invitations in Skype. Unwanted communication wastes one of the most valuable resources in the information age: human attention.
In this paper, we explore the use of trust relationships, such as social links, to thwart unwanted communication. Such relationships already exist in many application settings today. Our system, Ostra, bounds the total amount of unwanted communication a user can produce based on the number of trust relationships the user has, and relies on the fact that it is difficult for a user to create arbitrarily many trust relationships.
Ostra is applicable to both messaging systems such as email and content-sharing systems such as YouTube. It does not rely on automatic classification of content, does not require global user authentication, respects each recipient's idea of unwanted communication, and permits legitimate communication among parties who have not had prior contact. An evaluation based on data gathered from an online social networking site shows that Ostra effectively thwarts unwanted communication while not impeding legitimate communication.
Peer-to-peer (p2p) technology can potentially be used to build highly reliable applications without a single point of failure. However, most of the existing applications, such as file sharing or web caching, have only moderate reliability demands. Without a challenging proving ground, it remains unclear whether the full potential of p2p systems can be realized.To provide such a proving ground, we have designed, deployed and operated a p2p-based email system. We chose email because users depend on it for their daily work and therefore place high demands on the availability and reliability of the service, as well as the durability, integrity, authenticity and privacy of their email. Our system, ePOST, has been actively used by a small group of participants for over two years.In this paper, we report the problems and pitfalls we encountered in this process. We were able to address some of them by applying known principles of system design, while others turned out to be novel and fundamental, requiring us to devise new solutions. Our findings can be used to guide the design of future reliable p2p systems and provide interesting new directions for future research.
Personal electronic devices that include a large amount of storage are increasingly common. Already, many households use multiple mobile phones, digital cameras, MP3 players and gaming devices, in addition to desktop and notebook computers. Today, users must individually manage these devices to ensure the durability and availability of the data they store. Ensuring that data is durable, or regularly backed up, is an onerous task even for a single home computer. As the number of devices increases, it is difficult for the user to ensure that no data is lost in the event of a loss or failure of any one device. Even with the help of device-specific maintenance software, the user must keep track of all devices that need to be backed up and perform the appropriate actions on a regular basis. Anecdotal evidence suggests that many users fail to ensure the durability of their data [5, 6]. Thus, users face the risk of data loss as they are increasingly dependent on digital information. Making sure that data is available on the devices where it is needed is equally difficult. A user must regularly connect and synchronize devices to ensure, for instance, that changes to her address book are propagated to all communications devices and additions to her music library eventually is present on all devices capable of playing music. Currently, keeping devices synchronized is an inconvenient and error-prone task. In this paper, we sketch the design of PodBase, a system that automatically manages the data and storage across a household’s personal devices and frees users from the responsibility of manual data management. Data is automatically replicated to ensure both durability of data and availability of the latest data on relevant devices. The system operates transparently and takes advantage of available storage space and incidental connectivity that occurs among the devices. Once a household’s devices are introduced to PodBase, metadata is gossiped whenever devices are connected via a network, Bluetooth or USB. Moreover, during periods of connectivity, each device makes autonomous decisions about data replication. Through pairwise exchanges of data and metadata, the system makes progress towards ensuring availability and durability of data. PodBase is self-managing and requires no oversight or input from the user during normal operation. It is completely decentralized and does not rely on the presence of any single device. Given sufficient storage space, the data stored on any device can be recovered automatically in the case of device loss or storage failure. For example, if a user loses his laptop, a recent snapshot of the data that was stored on it can be recovered. Replicated data stored on a device can also be accessed by the user, which provides additional availability. We present evidence for the feasibility of our design using a storage trace gathered in 11 households, including over 40 storage devices, over a period of several months. The trace captures the interaction of storage devices as well as information such as storage device sizes, available capacity, and rate of data generation. Overall, the trace indicates that, relative to the rate at which new data tends to be generated, the design is feasible. That is, there is sufficient available storage space and devices are connected often enough to allow the transparent and timely replication of new data. The rest of the paper is structured as follows: Related work is discussed in Section 2. Section 3 describes the target environment and states PodBase’s goals. In Section 4, we sketch the design of PodBase. Section 5 studies the feasibility of PodBase using our trace data, and Section 6 concludes.
'/%3e%3c/defs%3e%3cpath fill='%23012169' d='M0 0h10080v5040H0z'/%3e%3cpath stroke='%23fff' stroke-width='.6' d='m0 0 6 3m0-3L0 3' clip-path='url(%23b)' transform='scale(840)'/%3e%3cpath stroke='%23e4002b' stroke-width='.4' d='m0 0 6 3m0-3L0 3' clip-path='url(%23c)' transform='scale(840)'/%3e%3cpath stroke='%23fff' stroke-width='840' d='M2520 0v2520M0 1260h5040'/%3e%3cpath stroke='%23e4002b' stroke-width='504' d='M2520 0v2520M0 1260h5040'/%3e%3cg fill='%23fff'%3e%3cuse xlink:href='%23d' x='2520' y='3780'/%3e%3cuse xlink:href='%23a' x='7560' y='4200'/%3e%3cuse xlink:href='%23a' x='6300' y='2205'/%3e%3cuse xlink:href='%23a' x='7560' y='840'/%3e%3cuse xlink:href='%23a' x='8680' y='1869'/%3e%3cuse xlink:href='%23e' x='8064' y='2730'/%3e%3c/g%3e%3c/svg%3e)