SOSP'03 Proceedings of the 19Th ACM Symposium on Operating Systems Principles

SOSP'03 Proceedings of the 19th ACM Symposium on Operating Systems Principles

The Sagamore Bolton Landing (Lake George), New York, USA October 19-22, 2003

Sponsored by: ACM SIGOPS (Association for Computing Machinery Special Interest Group on Operating Systems)

and supported by

Goo~gle ~,earch invent

IBM Research intel. ,¢'/~:.~/~ OUALCO'WW"~ w nware The Association for Computing Machinery 1515 Broadway New York, New York 10036

Copyright © 2003 by the Association for Computing Machinery, Inc. (ACM). Permission to make digital or hard copies of portions of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permission to republish from: Publications Dept., ACM, Inc. Fax +1 (212) 869-0481 or .

For other copying of articles that carry a code at the bottom of the first or last page, copying is permitted provided that the per-copy fee indicated in the code is paid through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923.

Notice to Past Authors of ACM-Published Articles ACM intends to create a complete electronic archive of all articles and/or other material previously published by ACM. If you have written a work that has been previously published by ACM in any journal or conference proceedings prior to 1978, or any SIG Newsletter at any time, and you do NOT want this work to appear in the ACM Digital Library, please inform [email protected], stating the title of the work, the author(s), and where and when published.

ISBN: 1-58113-757-5

Additional copies may be ordered prepaid from:

ACM Order Department PO Box 11405 New York, NY 10286-1405

Phone: 1-800-342-6626 (US and Canada) + 1-212 -626-0500 (all other countries) Fax: +1-212-944-1318 E-mail: [email protected]

ACM Order Number 534030 Printed in the USA

ii Message from the General Chair

Welcome to the 19th SOSP, and to the beautiful Adirondack mountains of New York State! Larry Peterson and his committee have put together a strong and varied technical program, showcasing the most significant and influential work in operating systems today. Other program highlights include the poster and work-in-progress sessions, the Anita Borg luncheon and the evening banquet on Monday, and the SIGOPS business meeting Tuesday evening. The banquet will include presentation of the third annual Mark Weiser award, and eulogies for Roger Needham and Anita Borg, both of whom were lost to us this year. The business meeting will include presentation of awards in the first-ever SIGOPS division of the ACM Student Research Competition (SRC).

Entrants in the SRC include all the regular papers and posters on which a student is principal author. To help to put the competition on an equal footing, four poster finalists will be making formal presentations during the session on Monday afternoon. Many thanks to Kevin Jeffay and his subcommittee for organizing the poster session and judging the submissions, and to Ann Sobel for her help in bringing SIGOPS into the SRC.

Continuing the tradition of past SOSPs, we have encouraged student attendance through reduced registration fees and a strong program of financial scholarships. Generous support for this program has come from Microsoft via the SRC, from the National Science Foundation (CISE CCR), from Hewlett-Packard Labs, and from SIGOPS itself. Thanks to Cary Gray and his scholarship committee (John Carter, Norm Hutchinson, Marc Shapiro, and Bob Wisniewski) for their outstanding work under very tight time constraints.

Other corporate supporters have made an enormous difference in the financial health of the conference. Google is underwriting the Monday banquet, IBM Research the poster/SRC session, and VMware the work-in-progress session. Microsoft Research, Intel, Mercury, and Qualcomm all made generous unrestricted gifts.

Last, and most important, I am indebted to the many volunteers who made SOSP possible. Leonidas Kontothanassis handled local arrangements with his trademark infectious good cheer. Galen Hunt worked miracles in shielding the rest of us from budgetary details. Amy Murphy kept publicity not only timely and informative, but artistically pleasing as well; Kai Shen carried registration off without a hitch; and Chris Small went above the call of duty in assembling historical materials for our two-disc CD set. Thanks also to Alan Cox and Lisa Tolles for assembling the proceedings; to Cindy Sullivan, Mike Ryan, and the entire Sagamore staff; to David Kotz, Keith Marzullo, and the rest of the SIGOPS leadership; and to Donna Baglio, Irene Frawley, Maritza Nichols, and Jessica Wilmers of the ACM for their oversight and assistance.

Michael L. Scott General Chair, SOSP-19 August 2003

iii Message from the Program Chair

I am pleased to introduce this collection of 22 papers selected for inclusion in the 19th Symposium on Operating System Principles. We received 128 papers, a 50% increase over two years ago, and as far as I can determine, a record number of submissions for SOSP. It seems that the systems research community has returned from its dot-corn adventures, and is back to producing high-quality research results.

Due to the relatively high number of submissions, the reviewing process was a slight modification of ones used in past years. Each paper was initially assigned to three committee members, each of whom wrote their own review and solicited an external review. We used these reviews to cull the set of papers under consideration by half. The remaining papers were assigned to a fourth committee member, who again wrote a review and solicited an external review. Also, all committee members read the remaining 64 papers and produced a quartile ranking, ensuring that the entire committee was familiar with all the papers discussed at the PC meeting.

Selecting the final set of papers for SOSP is always a balancing act between preserving the tradition of accepting only the highest quality work in the field, and taking a chance on innovative but less mature work. I hope you'll agree that we struck the right balance. As you'll see throughout the course of the program, the topics covered by the papers are as wide-ranging as ever, but all the papers are in the mold that defines this community-- they give the "systems perspective" of whatever problem area is being addressed.

I am greatly indebted to the members of the program committee. They were diligent and conscientious in their reviews and deliberations, and without exception, a wonderful group of people to work with. Thank you! I would also like to acknowledge all the hard work and care General Chair Michael Scott, and the rest of the organizing committee, put into the conference, especially Michael's efforts to make the Student Research Competition a reality. Finally, a special thanks to Publicity Chair, Amy Murphy, for keeping the conference's web presence accurate and complete.

Larry Peterson Program Chair, SOSP-19 August 2003

iv Table of Contents

SOSP'03 Organization ...... vii

Referees ...... ix

Safely Executing Untrusted Code Chair: K. Birman

• Upgrading Transport Protocols using Untrusted Mobile Code ...... 1 P. Patel (University of Utah), A. Whitaker, D. Wetherall (University of Washington), J. Lepreau, T. Stack (University of Utah) • Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications ...... 15 R. Sekar, V. N. Venkatakrishnan, S. Basu, S. Bhatkar, D. C. DuVarney (Stony Brook University)

File and Storage Systems Chair: T. Wobber

• The Google File System ...... 29 s. Ghemawat, H. Gobioff, S.-T. Leung (Google) • Preserving Peer Replicas By Rate-Limited Sampled Voting ...... 44 P. Maniatis, M. Roussopoulos, TJ Giuli, D. S. H. Rosenthal, M. Baker, Y. Muliadi (Stanford University) • Decentralized User Authentication in a Global File System ...... 60 M. Kaminsky (Massachusetts Institute of Technology), G. Savvides (McGill University), D. Mazi6res (New York University), M. F. Kaashoek (Massachusetts Institute of Technology)

Probing The Black Box Chair: D. Engler

• Performance Debugging for Distributed Systems of Black Boxes ...... 74 M. K. Aguilera, J. C. Mogul, J. L. Wiener (Hewlett Packard Laboratories), P. Reynolds (Duke University), A. Muthitacharoen (Massachusetts Institute of Technology)

• Transforming Policies into Mechanisms with Infokernel ...... 90 A. C. Arpaci-Dusseau, R. H. Arpaci-Dusseau, N. C. Burnett, T. E. Denehy, T. J. Engle, H. S. Gunawi, J. A. Nugent, F. I. Popovici (University of Wisconsin at Madison) • User-level Internet Path Diagnosis ...... 106 R. Mahajan, N. Spring, D. Wetherall, T. Anderson (University of Washington)

Scheduling and Resource Allocation Chair: I. Pratt

• Samsara: Honor Among Thieves in Peer-to-Peer Storage ...... 120 L. P. Cox, B, D. Noble (University of Michigan)

• SHARP: An Architecture for Secure Resource Peering ...... 133 Y. Fu, J. Chase (Duke University), B. Chun (Intel Research Berkeley), S. Schwab (Network Associates Laboratories), A. Vahdat (Duke University) • Energy-Efficient Soft Real-Time CPU Scheduling for Mobile Multimedia Systems ...... 149 W. Yuan, K. Nahrstedt (University of lllinois at Urbana-Champaign) Virtual Machine Monitors Chair: B. Bershad

• Nan and the Art of Virtualization ...... 164 P. Barham (Microsoft Research.), B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho (University of Cambridge), R. Neugebauer (Intel Research Cambridge), I. Pratt, A. Warfield (University of Cambridge) • Implementing an Untrusted Operating System on Trusted Hardware ...... 178 D. Lie (University of Toronto), C.A. Thekkath (Microsoft Research), M. Horowitz (Stanford University)

• Terra: A Virtual Machine-Based Platform for Trusted Computing ...... 193 T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, D. Boneh (Stanford University)

Making Operating Systems More Robust Chair: F. Kaashoek • Improving the Reliability of Commodity Operating Systems ...... 207 M. M. Swim, B. N. Bershad, H. M. Levy (University of Washington) • Backtracking Intrusions ...... 223 S. T. King, P. M. Chert (University of Michigan)

• RacerX: Effective, Static Detection of Race Conditions and Deadlocks ...... 237 D. Engler, K. Ashcraf~ (Stanford University)

Revising Old Friends Chair: J. Heidemann

• Separating Agreement from Execution for Byzantine Fault Tolerant Services ...... 253 J. Yin, J.-P. Martin, A. Venkataramani, L. Alvisi, M. Dahlin (The University of Texas atAustin)

• Capriccio: Sealable Threads for Internet Services ...... 268 R. von Behren, J. Condit, F. Zhou, G. C. Necula, E. Brewer (University of California at Berkeley)

Overlay & Peer-to-Peer Networks Chair: J. Wilkes • Bullet: High Bandwidth Data Dissemination Using an Overlay Mesh ...... 282 D. Kosti6, A. Rodriguez, J. Albrecht. A. Vahdat (Duke University) • SplitStream:High-Bandwidth Multicast in Cooperative Environments ...... 298 M. Castro (Microsoft Research), P. Druschel (Rice University), A.-M. Kermarrec (Microsoft Research), A. Nandi (Rice University), A. Rowstron (Microsoft Research), A. Singh (Rice University) • Measurement, Modeling, and Analysis of a Peer-to-Peer File-Sharing Workload ...... 314 K. P. Gummadi, R. J. Dunn, S. Saroiu, S. D. Gribble, H. M. Levy, J. Zahorjan (University of Washington)

Author Index ...... 33o

vi SOSP'03 Organization

General Chair: Michael L. Scott, University of Rochester

Program Chair: Larry Peterson, Princeton University

Local Arrangements: Leonidas Kontothanassis, HP Cambridge Research Lab

Treasurer: Galen Hunt, Microsoft Research

Publicity: Amy Murphy, University of Rochester

Registration: Kai Shen, University of Rochester

CD-ROM Production: Christopher Small, Sun Microsystems Labs

Conference Proceedings: Alan Cox, Rice University

Student Travel Scholarships: Cary G. Gray, Wheaton College

Program Committee: Brian Bershad, University of Washington Ken Birman, Cornell University Peter Druschel, Rice University Dawson Engler, Stanford University John Heidemann, USC/ISI Kevin Jeffay, University of North Carolina, Chapel Hill Frans Kaashoek, Massachusetts Institute of Technology Barbara Liskov, Massachusetts Institute of Technology Larry Peterson, Princeton University Ian Pratt, Cambridge University Stefan Savage, University of California, San Diego Amin Vahdat, Duke University John Wilkes, HP Labs Ted Wobber, Microsoft Research

vii Referees

Martin Abadi Abhishek Chandra Johannes Gehrke Scott Karlin Atul Adya JeffChase Sanj ay Ghemawat Magnus Karlsson Dan Aguayo Benjie Chen Thomer Gil Dina Katabi Marcos Aguilera Brad Chen Omprakash Gnawali Jasleen Kaur Jay Aikat Peter Chen Steve Goddard Kimberly Keeton Guillermo Alvarez Xuan Chen Ashvin Goel Pete Keleher Kostas Anagnostakis Lucy Cherkasova Andrew Goldberg Terence Kelly David Andersen Andy Chou Richard Golding Anne-Marie Kermarrec Eric Anderson Tom Christian Ramesh Govindan Gregor Kiczales Andrea Arpaci-Dusseau Brent Chun Michael Greenwald Bjorn Knutsson Remzi Arpaci-Dusseau George Coulouris Steve Gribble Eddie Kohler Behjamin Atkin Russ Cox Robert Grimm Lakshman Godmar Back Alan Cox Pankaj Gupta Krishnamurthy Haft Balakrishnan Frank Dabek Shashi Guruprasad Bala Krishnamurthy Gerco Ballintijn Mike Dahlin Richard Guy Maxwell Krohn Paul Barham Saumya Debray Hermann Haertig John Kubiatowicz Andy Bavier Douglas De Couto Mary Hall Geoff Kuenning John Bennett John DeTreville Steven Hand Markus Kuhn Yolanta Beres John Douceur Dave Hanson Oivind Kure Ranjita Bhagwan Fred Douglis Tim Harris Chris Laas Bobby Bhattacharj ee Lars Eggert John Hartman Butler Lampson Saleem Bhatti Carla Ellis Mark Hayden Kun-chan Lan Sumeer Bhola Wolfgang Emmerich Xinming He Long Le John Bicket Ulfar Erlingsson Joe Hellerstein Jay Lepreau Andrew Birrell Ted Faber Ahmed Helmy Hank Levy Sanjit Biswas Nick Feamster Philip Holman Josh Levy Richard Black Mike Feeley Wilson Hsieh Jinyang Li Chuck Blake Cormac Flanagan Charlie Hu Kai Li Ras Bodik Jason Flinn David Ingram Darrell Long Bill Bolosky Bryan Ford Rebecca Isaacs Dave Lowell Dan Boneh Brian Fomey Sitaram Iyer Sam Madden Philippe Bonnet Cedric Fournet Trent Jaeger Tara Madhyastha Gaetano Borriello Keir Fraser John Jannotti Umesh Maheshwari Mic Bowman Michael Freedman Kirk Johnson Dahlia Malkhi Angela Brown Vincent Freeh Michael Jones Mark Manasse Mike Burrows Stephen Freund Mahesh Kallahalla Rahul Mangharam Andrew Campbell Svend Frolund Michael Kaminsky Rajit Manohar Pei Cao Shelby Funk Christos Karamanolis Jean-Philippe Martin Miguel Castro Greg Ganger David Karger Keith Marzullo Josh Cates Paul Gauthier Paul Karger Jeanna Matthews

ix Referees (continued) Li-Shiuan Peh Scott Shenker Alistair Veitch Calicrates Policroniades Liuba Shrira Harrick Vin Roy Maxion Vijayan Prabhakaran Fabio Silva GeoffVoelker David Mazieres Jan Prins Dan Simon Wemer Vogels Derek McAuley Shaz Qadeer Emin Gun Sirer Carl Waldspurger Kirk McKusick Xiaohu Qie Emil Sit Dan Wallach Afif Merchant Mohan Raj agopalan Don Smith Jonathan Walpole Michael Merritt Sriram Ramabhadran Jonathan Smith Kevin Walsh Wesley Miaw Sylvia Ratnasamy Alex Snoeren Jia Wang Mafija Mikic-Rakic John Regehr Daniel Sorin Helen Wang Barton Miller Peter Reiher Anand Srinivasan Randy Wang Greg Minshall Martin Rinard Mani Srivastava Matt Welsh Yaron Minsky Ohad Rodeh Peter Steenkiste Andrew Whitaker Ken Moody Thomas Rodeheffer Mirco Stem Janet Wiener Robert Morris Timothy Roscoe Ion Stoica Alec Wolman Daniel Mosse Mendel Rosenblum Daniel Sturman Theodore Wong Athicha Muthitacharoen Ant Rowstron Jeremy Sugerman John Wroclawski Andrew Myers Dan Rubenstein Ram Swaminathan Mark Yarvis Erich Nahum Tatyana Ryutov Michael Swift Wei Ye George Necula Saowanee Saewong Doug Terry Bennet Yee Clifford Neuman Yasushi Saito Chuck Thacker Alex Yip Jason Nieh Constantine Sapuntzakis Marvin Theimer Victor Yodaiken Brian Noble M. Satyanarayanan Chandu Thekkath Haifeng Yu David Oppenheimer Rick Schlichting Brian Tung Yuan Yu David Ott Fred Schneider Bhuvan Urgaonkar John Zahorjan Venkat Padmanabhan Mike Schroeder Mustafa Uysal Steve Zdancewic Vivek Pai Stephen Schwab Leendert van Doom Ellen Zegura Ruoming Pang Margo Seltzer Rod Van Meter Ben Zhao Erin Parker Jonathan Shapiro Robbert van Renesse Lidong Zhou Joe Pasquale Richard Sharp George Varghese