The traditional wisdom for building DBMSs is to:
1) organize blocks of data on disk, with a main memory block cache. 
2) implement an Aries-style write-ahead log.
3) use record level locking.
4) utilize a multi-threaded architecture.
5) Use an active-passive architecture for replication
6) use multi-threading
This traditional wisdom is exemplified in all the major DBMS products, including DB2, MySQL, Postgres, SQL Server, and Oracle.  In a paper in ICDE 2005, we argued that “one size does not fit all” and that a variety of data management solutions should be considered for deployment.  Nine years later, we make an even stronger statement; namely the traditional wisdom is all wrong, and systems architected according to it are not good at anything.
Unless you squint, the DBMS market is divided into thirds, namely On-Line Transaction Processing (OLTP), data warehousing (DW) and everything else.  The “everything else” market is a mix of No_SQL, hadoop, graph DBMSs bases, array DBMSs, etc.  None of these relate to the traditional wisdom; hence, we deal with the other two markets.
In the DW market, it is clear that the world is moving to column stores, and the only successful vendors will be selling that technology.  We explain the architecture that implements systems column stores like Vertica, Hana and Paraccel.  As will be crystal clear, column stores have no relationship to the traditional wisdom.
Then, we turn to OLTP DBMSs and argue, using performance numbers, that a main memory orientation with anti-caching of main memory objects when space is exhausted is a far better alternative than a disk based system with caching.  Similarly, a transaction log dominates a data log, such as Aries and an active-active architecture for replication is preferred to an active-passive one.  Lastly, deterministic concurrency control solutions are similarly dominant, compared to dynamic locking.  In short, next generation OLTP systems will be built using anti-caching, single-threading, deterministic execution, and active-active replication.  They will bear little resemblance to today’s traditional systems.                      
In summary, the traditional wisdom is not a good idea in any application area, and “one size fits none”.  I expect DBMS textbooks, future DBMS courses and the commercial market will quickly reflect this point of view.

This talk will address the problem of optimization and execution of queries on XML data. We will discuss a complete, generic and modular XPath cost-based optimization and execution framework. The framework is based on a logical XPath algebra and a comprehensive set of rewriting rules that together enable us to algebraically capture many existing and novel processing strategies for XPath queries. Key pieces of the framework are the physical operators that are available to the execution engine, to turn queries into execution plans. Such operators, to be efficient, need to implement sophisticated algorithms for logical XPath or XQuery operations. Moreover, to enable a cost-based optimizer to choose among them correctly, it is also necessary to provide cost models for such operator implementations. We will present different families of algorithms for XPath physical operators, along with detailed cost model. We will present experimental evaluations of the performance of these operators over different XML storage engines. Another important part of the framework that we will discuss is an efficient cost-based plan selection algorithm for queries.  Such a cost-based query optimizer is independent of the underlying physical data model and storage system and of the available logical operator implementations, depending on a set of well-defined APIs. Finally, to round out the presentation, we will also present an implementation of those APIs, including primitive access methods, the physical operators, statistics estimators and cost models.

Attackers only need to find a single exploitable bug in order to install worms, bots, and other malware on vulnerable computers. Unfortunately, developers rarely have the time or resources to fix all bugs. This raises a serious security question: which bugs are exploitable, and thus should be fixed first? My research teams vision is to automatically check the world's software for exploitable bugs. Our approach is based on program verification, but with a twist. Traditional verification takes a program and a specification of safety as inputs, and checks that all execution paths of the program meet the safety specification. The twist in AEG is we replace typical safety properties with an ``un-exploitability'' property, and the ``verification'' process becomes finding a program path in which the un-exploitability property does not hold. Our analysis generates working control flow hijack and command injection exploits for exploitable paths. I'll discuss our results with a data set of over 1,000 programs and over 370 days of analysis time. Despite the large amount of analysis, there is still much to be done. In the last part of this talk, I'll describe several of the remaining research challenges.

Much of the complexity and overhead (directory, state bits, invalidations, broadcasts) of a typical hardware coherence implementation stems from the effort to make it “invisible” even to the strongest memory consistency models. In this talk, we show how a much simpler, directory-less/broadcast-less, multicore coherence can outperform a directory protocol without its complexity and overhead, with just a data-race-free guarantee from software. This simplification of coherence brings further simplifications to the entire on-chip memory system, for example unconstrained scaling to multiple buses, simple on-chip networks, and a new solution for efficient virtual-cache coherence. Significant area, energy, and performance benefits ensue as a result of simplifying the multicore memory organization, making our approach a prime candidate for coherent, shared-virtual-memory, heterogeneous architectures.

According to a recent World Economic Forum report, personal data has become a new asset class and  the "new oil of the Internet" . As such, personal data both need to be protected and shared, analyzed, as well as, monetized. Regulatory practices have been slow to keep pace with the changing nature of data capture, analysis, and use. As a consequence, innovations in digital  legal, regulatory and governance practices and mechanisms are needed to keep pace with advances in sensor, machine learning, and "Big Data" technologies. This talk presents an approach that  gives individuals and groups control over their personal data while enabling the trusted exchange of data. Project Open Mustard Seed, a collaboration of  ID3 and the MIT Media Lab, provides an open source platform for  innovations in governance, authentication, identity management, access control, auditing,  analytics and visualization technologies  for highly scalable forms of coordinated action and exchange. The goal is to enable new forms of "data banking', collective action and digital institution building and experimentation that are  self-governing and correcting.

Recent advances in DNA sequencing technologies have put ubiquitous availability of whole human genomes within reach. It is no longer hard to imagine the day when everyone will have the means to obtain and store one's own DNA sequence. Widespread and affordable availability of whole genomes immediately opens up important opportunities in a number of health-related fields. In particular, common genomic applications and tests performed in vitro today will soon be conducted computationally, using digitized genomes. New applications will be developed as genome-enabled medicine becomes increasingly preventive and personalized. However, the very same progress also amplifies worrisome privacy concerns, since a genome represents a treasure trove of highly personal and sensitive information.
In this talk, we will overview biomedical advances in genomics and discuss associated privacy, ethical, and security challenges. We begin to address privacy-respecting genomic tests by focusing on some important applications, such as, Personalized Medicine, Paternity Tests, Ancestry Testing, and Genetic Compatibility Tests. After carefully analyzing these applications and their requirements, we propose a set of efficient privacy-enhancing techniques based on private set operations. This allows us to implement, in silico, some operations that are currently performed via in vitro methods, in a secure fashion. Experimental results demonstrate that proposed techniques are both feasible and practical today. Finally, we explore a few alternatives to securely store human genomes and allow authorized parties to run tests in such a way that only the required minimum amount of information is disclosed, and present an Android API framework geared for privacy-preserving genomic testing.

"Strong economic incentives to adopt the Cloud processing paradigm presents obvious risks to the confidentiality of data exposed to foreign jurisdictions. Homomorphic encryption seems unlikely to be practical and current 'trusted computing' technology is designed against consumer-grade adversaries. European policymakers have been proposing frameworks for legal certification which would permit unlimited export of personal data, subject to a commercial security audit of the Cloud platform against external threats. However there appears to be a dissonance between regulator expectations that foreign 'requests' for data will be discrete and follow due process, and evidence from whistle-blowers that apparatus for continuous mass-surveillance is already systematically deployed. Moreover the small-print of these frameworks appears to have been crafted to turn a blind-eye to secret 'national security' access to data, even though relevant foreign laws do not comply with European human rights standards, for example by discriminating by nationality and allowing purely political purposes unrelated to criminality. This talk will describe the recent policy history, from the Safe Harbour Agreement to current controversies over the new draft EU Data Protection Regulation."

Electronic devices have come to permeate every aspect of our daily lives.  At the heart of these devices are Integrated Circuits.   State-of-the-art chips can now contain several billion transistors; designing and verifying that these circuits function correctly under all expected (and unexpected) operation conditions is extremely challenging.   While simulation is an important tool, it is not sufficient; simulation is slow, and it is increasingly important to be able to debug circuits in-situ.  Debugging fabricated chips, post-silicon, is the only solution to ensure working systems.

An emerging tool in improving the debug experience is the use of Field-Programmable Gate Array (FPGA) technology.  In this talk, we will focus on two ways FPGA-like technology can be used to accelerate post-silicon debug.  First, we will show how debug productivity can be enhanced by embedding small reconfigurable logic analyzers on chip, and using these to not only record traces, but intelligently process data to control the system and make better use of existing on-chip trace storage.  Challenges include minimizing the overhead while providing enough flexibility to support many debug scenarios.

Second, we will discuss how the reconfigurable nature of FPGAs can be used to efficiently provide observability while debugging in an FPGA prototyping environment.   In particular, we will show how we can create flexible overlay networks that provide connectivity between trace buffers and the circuit under test using unused FPGA routing resources.   We will show that this technique effectively results in no area and speed overhead to the circuit under test, yet provides a significantly improved debug experience.

Recent trends in public-key infrastructure research explore the tradeoff between decreased trust in Certificate Authorities (CAs), resilience against attacks, ommunication overhead (bandwidth and latency) for setting up an SSL/TLS connection, and availability with respect to verifiability of public key information. In this paper, we propose AKI as a new public-key validation infrastructure, to reduce the level of trust in CAs.  AKI integrates an architecture for key revocation of all entities (e.g., CAs, domains) with an architecture for accountability of all infrastructure parties through checks-and-balances. AKI efficiently handles common certification operations, and gracefully handles catastrophic events such as domain key loss or compromise. We propose AKI to make progress towards a public-key validation infrastructure with key revocation that reduces trust in any single entity.

Current worldwide network infrastructure is under continual attack.
Custom build, sophisticated mallware is exploited for economical purposes and is very difficult to detect its operation once it successfully penetrates the perimeter. Based on the state-of-the-art research in the field of artificial intelligence, machine learning, game theory and agent-based computing studied at the  Agent Technology Centre, Czech Technical University, the company Cognitive Security
(COSE) have designed and developed anomaly detection system providing introspection into vulnerability of customers' networks. The Cognitive One (C1) system processes packet headers in the form of NETFLOW data, combines several custom build statistical classifiers and is optimised for delivering the extremely low false positive rate while maintaining high detection capability. COSE, a startup from Czech Technical University has been acquired by CISCO Systems in January 2013 and Prague-based team became a core of the newly formed  CISCO R&D laboratory building a next generation Thread Defence technology.

In practice, most developers use cryptography via an application program interface (API) either to a software library or a hardware device where keys are stored and all cryptographic operations take place. Designing such interfaces so that they offer flexible functionality but cannot be abused to reveal keys or secrets has proved to be extremely difficult, with a number of published vulnerabilities in widely-used APIs appearing over the last decade.
This talk will discuss research on the use of formal methods to specify and verify such interfaces in order to either detect flaws or prove security properties. We will focus on the example of RSA PKCS#11, the most widely used interface for cryptographic devices, and show how research has progressed from initial theoretical results through to a powerful tool, the Cryptosense Analyzer, which can reverse engineer the particular configuration of PKCS#11 in use on some device under test, construct a model of the device's functionality, and call a model checker to search for attacks. If an attack is found, it can be executed automatically on the device, and
advice for secure configuration is given. The talk will conclude with a live demonstration.

Network anomaly detection is a critical aspect of network management for instance for QoS, security, etc. The continuous arising of new anomalies and attacks create a continuous challenge to cope with events that put the network integrity at risk. Most network anomaly detection systems proposed so far employ a supervised strategy to accomplish the task, using either signature-based detection methods or supervised-learning techniques. However, both approaches present major limitations: the former fails to detect and characterize unknown anomalies (letting the network unprotected for long periods), the latter requires training and labeled traffic, which is difficult and expensive to produce. Such limitations impose a serious bottleneck to the previously presented problem. We introduce an unsupervised approach to detect and characterize network anomalies, without relying on signatures, statistical training, or labeled traffic, which represents a significant step towards the autonomy of networks. Unsupervised detection is accomplished by means of robust data-clustering techniques, combining Sub-Space clustering with Evidence Accumulation or Inter-Clustering Results Association, to blindly identify anomalies in traffic flows. Several post-processing techniques such as correlation, ranking and characterization, are applied on extracted anomalies to improve results and reduce operator workload. The detection and characterization performances of the unsupervised approach are evaluated on real network traffic.

We survey recent work of ours on developing security protocols by step-wise refinement.  We present a refinement strategy that guides the transformation of abstract security goals into protocols that are secure when operating over an insecure channel controlled by a Dolev-Yao-style intruder.  The refinement steps used successively introduce local states, an intruder, communication channels with security properties, and cryptographic operations realizing these channels.  The abstractions used provide insights on how the protocols work and foster the development of families of protocols sharing a common structure and properties.  In contrast to post-hoc verification methods, protocols are developed together with their correctness proofs.  We have implemented our method in Isabelle/HOL and used it to develop a number of entity authentication and key transport protocols.
(Joint work with Christoph Sprenger, ETH Zurich)

RNA has recently emerged as an important molecule in cellular biology with several direct functional roles in addition to its traditionally known role as an intermediary carrier of the code for protein synthesis. For RNAs that serve these direct noncoding roles, knowledge of the molecular structure is fundamental to understanding their function, to finding new RNA genes, and to the design of targeted therapeutics. Due to the difficulty and cost associated with experimental procedures for determining structure, computational methods for predicting structure are of significant research interest. In this talk, we focus on computational techniques for RNA secondary structure prediction – the first step in the hierarchy of RNA structure estimation that predicts the folding configuration of a linear RNA chain. Specifically, we consider methods that predict secondary structure for multiple RNA homologs by combining intra-sequence folding information and inter-sequence alignment information. The comparative analysis implicit in these multi-sequence methods provides significant improvements in accuracy over single sequence prediction methods but the resulting computational complexity is often prohibitive. We present our recent work that addresses this challenge via a novel iterative algorithm, TurboFold. TurboFold formulates RNA folding in a probabilistic framework as the problem of estimating base pairing probabilities and iteratively re-computes these base pairing probabilities by combining intrinsic information, derived from the sequence itself via a thermodynamic model, with extrinsic information, derived from the other sequences in the input set. This process yields updated estimates of base pairing probability, which are in turn used to recompute the extrinsic information for subsequent interations, resulting in the overall iterative estimation procedure that defines TurboFold. We benchmark TurboFold against alternative methods and highlight several of its advantages. Finally, we explore connections with turbo decoding in digital communications, which inspired TurboFold, and outline our continuing research that seeks to develop algorithms for estimating RNA structure from multiple homologs with high accuracy and low computational cost by using iterative algorithms for approximate maximum a posteriori estimation of RNA structure.

Today, buildings account for nearly 75% of the electricity usage and 40% of the total energy usage in modern economies. Consequently, techniques for reducing the  energy and carbon footprint of buildings has emerged as an important research topic. Demand side energy management refers to techniques employed by smart buildings or its occupants to modulate the energy usage for various energy- or grid-level optimizations. In this talk, I will argue that modeling and prediction of electrical loads is a key ingredient of any demand-side energy management technique. I will describe opportunities and challenges in modeling these loads and
describe our recent work in empirically characterizing and modeling common residential loads. I will also describe how better modeling can result in more effective demand side energy management and better energy efficiency improvements in the smart grid.