Dr. Cristiano Giuffrida wins SIGOPS award

On the evening of October 5, during the banquet of the SOSP conference (the most important symposium for computer systems research) Cristiano Giuffrida received the prestigious SIGOPS Dennis M. Ritchie award. Earlier this year he had already won the Roger Needham award for best Ph.D. in computer systems in Europe. The Dennis M. Ritchie award is a similar prize, but for the entire world. It was created in 2013 by ACM SIGOPS to recognise research in software systems.

10/05/2015 | 2:01 PM

The department of computer science of Vrije Universiteit Amsterdam has now won 4 Roger Needham awards and one Dennis M. Ritchie award, making it in terms of such prizes the most successful computer systems lab in Europe.

Below, I will sumarise the content of the thesis.

"Safe and Automatic Live Update"

Updating operating systems on modern computers is a nightmare, especially when such computers are doing important work. For instance, many of such systems should (a) never go down for updates, and (b) keep working flawlessly after the update. Unfortunately, neither of these conditions are met by today's solutions. Updating your OS typically requires a reboot, making the system unavailable for at least some time. Moreover, it is not uncommon that the update introduces new problems that makes the system instable. Small wonder that, say, the administrators of industrial control systems often do not apply even the simplest and most security critical of patches for a long time—the risk of the patch creating irreversible stability issues is simply too great.

This is bad enough today, but the unstoppable drive toward a smarter world, where everything is connected in an Internet of Things, will catapult the updatability and maintainability of systems to one of the grand challenges for computer systems. We will have tens of billions of devices running all sorts of systems. From smart meters to traffic lights, and from smart cars to elevators: many of these systems have to be operational for decades and since they are mostly out of physical reach of system administrators, we cannot easily reset them or repair them in case of problems. Phrased differently, it is essential that we be able to update the core components of such systems automatically and seamlessly.

Cristiano's thesis represents a huge step in providing dynamic updates. More than any prior work, he looked into what is the core problem of a complex updates: the preservation and transfer of the state of the old version to the new version. State transfer is exceedingly hard, but he found a solution that is both elegant and practical. When the new version has initialised all of its internal state, it is ready to take over. Moreover, the thesis explicitly addresses the issue of the stability of the update. The state transfer execution occurs in a sandbox, so that in case of errors (e.g., crashes, panics or time-outs), the system can automatically roll back to the previous version. As a result, dynamic updates are no longer risky, but even attractive to systems that cannot go down.

Christiano further shows that the ability to update on the fly is good for security too. By constantly re-randomising a program while it is running, it becomes very hard for attackers to exploit the system. Code that is at address X one moment will be at address Y the next. As a result, attacks become much harder, as modern attackers rely on the fact that they know where code snippets are in memory. Without such knowledge, the attack fails.

This brings me to another important point: the thesis covers many aspects of computer systems research. From operating system design to compilers, from middleware to system administration, and from fault injection to security, this thesis has it all. While the author really explores the issue of live updates in depth, he uses (and contributes to) a variety of other techniques. This makes it a complete systems thesis.

Finally, the work described in the thesis has received ample recognition from the research community also. With publications in top venues like USENIX Security, ASPLOS, Middleware, DSN, and LISA (in addition to long list of others), the author has had significant impact—especially for a Ph.D. in Europe which typically does not last as long as in, say, the US. Most tellingly, Cristiano already won the prestigious Roger Needham Ph.D. prize, awarded yearly for best the best Ph.D. in computer systems in the EU.

Now he has won the even more prestigious Dennis M. Ritchie award. On behalf of the entire Systems and Network Security group, I congratulate Cristiano and his advisor prof. Tanenbaum with this remarkable result.