About

I work on storage and distributed systems providing data protections mechanisms. For example our Guardat project describes a novel storage architecture allowing to associate data protection policies with stored files and thus proctect data integrity and confidentiality from risks such as bugs, misconfigurations and security vulnerabilities. I mainly collaborate with my co-advisors Peter Druschel and Deepak Garg as well as fellow students Eslam Elnikety and Aastha Mehta. I worked with Ronald Aigner at MSR Redmond during my summer internship in 2014 on possible usages of Trusted Plattform Modules (TPM) and Intel's Software Guard Extensions (SGX).

Projects

Thoth: Practical data flow protection in a search engine

Online data retrieval services like commercial search engines, online social networking, and trading and sharing sites process large volumes of data of different origins and types. Each data item indexed by a search engine, such as, online social network (OSN) data, personal email, corporate documents, public web documents, has its own usage policy. For example, email is private, OSN data and blogs may be limited to friends, and corporate documents may be restricted to employees. Furthermore, providers may have to filter certain data items in order to comply with local laws and court orders. Ensuring compliance with applicable policies in such a complex system, however, is a labor-intensive and error prone challenge. In Thoth we explore the problem of providing a practical safety net for policy compliance in a search engine.

Guardat: Enforcing data policies at the storage layer

In today’s systems, policies protecting stored data and mechanisms for their enforcement are spread across many software components, increasing the risk of violation due to bugs, vulnerabilities and misconfigurations. Guardat addresses this problem. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Thus, policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. The semantic gap between the storage layer enforcement and per-file policies is bridged using cryptographic attestations from Guardat. We show experimentally that the overhead is low.

Top

Dependable Wireless Safety-Critical Hard-Real-Time Design

Design, implementation and verification of a wireless electric bicycle brake using Chess's MyriaNed nodes and Modest. Assumptions: 250 ms total reaction time (100 ms mechanical reaction time, 150 ms for communication), no fail-safe, ~60% message loss rate. This video demonstrates the wireless bicycle brake.
Press: Video (DRS 3 - Digital filming our demo at CeBit), CNN, ZDNet, CNET, GIZMODO, Engadget, Slashdot

Storage lease

A storage leases is a storage primitive preventing to overwrite stored data for a pre-determined period (lease period). During the lease period, online data is protected from corruption due to security breaches, software errors, or accidental data deletion. Storage leases fill an important gap in the spectrum of data protection options because they combine strong integrity for online data with the ability to eventually reclaim storage. A simulation-based evaluation indicates that storage leases have a modest performance cost for most workloads on magnetic disks. Using a small amount of flash memory, this overhead can be reduced to near zero.

Top

Publications

DBLP | Google Scholar

Top

Posters

Top

Education

My detailed Resume PDF

Top

Teaching

Top

Contact

Email: vahldiek@mpi-sws.org
Tel: +49 681 9303 9124
Mailing address:
Campus E1.5, Room 414
D-66123 Saarbuecken

Top