Search for: All records

SSH (Secure Shell) is widely used for remote access to systems and cloud services. This access comes with the persistent threat of SSH password-guessing brute-force attacks (BFAs) directed at sshd-enabled devices connected to the Internet. In this work, we present a comprehensive study of such attacks on a production facility (CloudLab), offering previously unreported insight. Our study provides a detailed analysis of SSH BFAs occurring on the Internet today through an in-depth analysis of sshd logs collected over a period of four years from over 500 servers. We report several patterns in attacker behavior, present insight on the targets of the attacks, and devise a method for tracking individual attacks over time across sources. Leveraging our insight, we develop a defense mechanism against SSH BFAs that blocks 99.5% of such attacks, significantly outperforming the 66.1% coverage of current state-of-the-art rate-based blocking while also cutting false positives by 83%. We have deployed our defense in production on CloudLab, where it catches four-fifths of SSH BFAs missed by other defense strategies. 

User research for scientific software can inform design and account for the unique concerns of academic researchers. In this study, we explored the user experience on a testbed for cloud computing research, CloudLab. Through 15 semi-structured interviews and observation, we observed the importance of time as a resource to system users. We observed CloudLab users strategically coordinating their time on the platform with other users, navigating the constraints of publication and other academic deadlines. Surprisingly, we found that this coordination may involve altruistic behaviors where users share time on CloudLab that had been allocated for personal use. In light of prior CSCW literature on how actors seek to harness time, we propose concrete opportunities for design interventions. Our strategy across all possible interventions is to increase users' awareness of the rhythms affecting their peers' platform use, allowing coordination based not just on knowledge of CloudLab reservations but also users' progress toward deadlines. The implications of this work inform the design of other similar cyberinfrastructure systems in science where users independently coordinate use of resources. 

It is common for performance studies of computer systems to make the assumption—either explicitly or implicitly—that results from each trial are independent. One place this assumption manifests is in experiment design, specifically in the order in which trials are run: if trials do not affect each other, the order in which they are run is unimportant. If, however, the execution of one trial does affect system state in ways that alter the results of future trials, this assumption does not hold, and ordering must be taken into account in experiment design. In the simplest example, if all trials with system setting A are run before all trials with setting B, this can systematically bias experiment results leading to the incorrect conclusion that “A is better than B” or vice versa. In this paper, we: (a) explore, via a literature and artifact survey, whether experiment ordering is taken in to consideration at top computer systems conferences; (b) devise a methodology for studying the effects of ordering on performance experiments, including statistical tests for order dependence; and (c) conduct the largest-scale empirical study to date on experiment ordering, using a dataset we collected over 9 months comprising nearly 2.3M measurements from over 1,700 servers. Our analysis shows that ordering effects are a hidden but dangerous trap that published performance experiments are not typically designed to avoid. We describe OrderSage, a tool that we have built to help detect and mitigate these effects, and use it on a number of case studies, including finding previously unknown ordering effects in an artifact from a published paper.