cs5412 how it works
play

CS5412: HOW IT WORKS Lecture II Ken Birman Today: Lets look at - PowerPoint PPT Presentation

Sep 01, 2022 •361 likes •917 views

CS5412 Spring 2012 (Cloud Computing: Birman) 1 CS5412: HOW IT WORKS Lecture II Ken Birman Today: Lets look at some real apps 2 Well focus on two very standard examples Netflix movie player Siri, Apples new digital

  1. CS5412 Spring 2012 (Cloud Computing: Birman) 1 CS5412: HOW IT WORKS Lecture II Ken Birman

  2. Today: Let’s look at some real apps 2  We’ll focus on two very standard examples  Netflix movie player  Siri, Apple’s new digital companion service  How are these built?  What issues arise on the client platform?  What about in the Internet?  How is the cloud computing side structures? CS5412 Spring 2012 (Cloud Computing: Birman)

  3. Netflix App: Version 0 3  Plays movies on demand on a mobile device Server Netflix.com Simplest design? • Web Services standards • Netflix owns the data center • Uses a fairly standard server CS5412 Spring 2012 (Cloud Computing: Birman)

  4. Version 0: Encounters issues 4  Hard to compete with companies that already own massive cloud infrastructures (Google, MSN, etc)  Web Services standards were for downloading web pages, must adapt them for video streams  How can we determine that the user is legitimate? CS5412 Spring 2012 (Cloud Computing: Birman)

  5. Options for connection 5  Based on the Web Services standards:  Transmits web pages that contain SOAP requests: Simple Object Access Protocol. Request could be “play movie”  The pages and responses are themselves encoded in HTML . Requests and responses are sent using HTTP(S)  Data is moved over a TCP connection (can be insecure for HTTP , or use the SSL security layer for HTTPS)  Dialog with the DNS maps Netflix.com to a list of IP addresses. Client picks one  On arrival, Netflix load balancing policy routes request to a particular server within the data center CS5412 Spring 2012 (Cloud Computing: Birman)

  6. Options for movie streaming 6  We could fetch segments of the movie as if they were long web pages and render “incrementally”  This is what Netflix actually does  Convenient for users who jump around in the film  We could establish an RSS connection, in which case a series of web pages can be transmitted by the server, page by page  We could use a specialized streaming protocol called AtomPub designed to improve performance CS5412 Spring 2012 (Cloud Computing: Birman)

  7. Building the App 7  An “App” is an application that runs in a browser  Typically, browser is told to disable its menu options and not display a border  Gives the illusion that the App is a dedicated application, yet in fact it can access the full power of the underlying browser framework  Video player App?  A browser plug-in designed to work in many kinds of browsers  Would have interactive API (“pages”) and also a player component (code) that has plug-in “Codec” modules for the movie format(s) Netflix supports CS5412 Spring 2012 (Cloud Computing: Birman)

  8. Picture of an App 8  Browser itself is a complex machine that renders pages but can also run code Cookies Temporary Files CS5412 Spring 2012 (Cloud Computing: Birman)

  9. A browser is a “virtual machine” 9  A kind of mini-operating system  Web pages are the programs (and they can contain real executable code)  Has various policies for which pages can access or create which cookies (must be from same site), which files, conditions under which user must click “ok”, etc  Intent is to protect applications from one-another and also user from malfunctioning application  Browser security: an arms race against functionality  Most browsers have vulnerabilities and some sites use them benignly (e.g. circumvent popup block) or maliciously  Why is web full of free porn? Hint: Many free porn sites have code designed to seize control of your machine CS5412 Spring 2012 (Cloud Computing: Birman)

  10. Browser complexity 10  Browser is multithreaded and can do many things concurrently  One page can have many frames, each with its own security context, and each independently active  Can execute code such as Adobe Flash, Javascript, AJAX, Silverlight, CAJA  Some code downloads silently with web page  Other code must be installed as a “plug in” and gets access to broader browser functionality  A plug-in “extends” the browser with new functions CS5412 Spring 2012 (Cloud Computing: Birman)

  11. Popups 11  Rendered content can generally render in  Frame that created the content  Parent frame (“entire page”)  A new frame that runs as a new tab  A new frame that runs as a new page  Frame has an associated security context (site) and can only download or upload from that site  But since downloaded page can have new frames, and one site can map to many places, limitation isn’t very meaningful  If frame also controls web page borders can be hard to understand interaction as being “pages”; looks more like a “live window” GUI CS5412 Spring 2012 (Cloud Computing: Birman)

  12. Cookies 12  Cookies store history and other data  A file in a standard HTML format  Many possible fields, and application can add more  Browser provides the cookie for Netflix.com when connecting to Netflix.com  To avoid huge cookies, some sites have multiple cookies with subdomain names  Browser prevents BadGuysAreUs.com from seeing the Netflix.com cookie as a security measure CS5412 Spring 2012 (Cloud Computing: Birman)

  13. Files 13  When content is downloaded from the Internet, the browser “quarantines” it by placing it in a secure area of the file system  Intent is that only application that downloaded a file can access it, and that files can only be created or read from this safe part of the file system  User has a degree of control over downloaded content but might be surprised at how much of this there is, and what it could contain! CS5412 Spring 2012 (Cloud Computing: Birman)

  14. Localization 14  Our Netflix.com application wants to stream data from:  A nearby data center  Within it, a machine with the right content  Among those, one that has light load  But Netflix won’t want to build its own nationwide collection of data centers!  Leads to Netflix “version 1” CS5412 Spring 2012 (Cloud Computing: Birman)

  15. Netflix “outsourcing” components 15  Think of Netflix in terms of main components  The API you see that runs on your client system  The routing policy used to connect you to a data center  The Netflix “home page” service in that data center  The movie you end up downloading  Netflix 1.0 breaks the solution into parts  Builds each of these aspects itself  But then pays a hosting company to run each part, and not necessarily just one company! CS5412 Spring 2012 (Cloud Computing: Birman)

  16. Netflix Version 1 16 Netflix Movies: Master Home copies Amazon.com CS5412 Spring 2012 (Cloud Computing: Birman)

  17. Features of new version 17  Netflix.com is actually a “pseudonym” for Amazon.com  An IP address domain within Amazon.com  Amazon’s control over the DNS allows it to vector your request to a nearby Amazon.com data center, then on arrival, Amazon gateway routes request to a Netflix tier- one cloud service component  The number of these varies elastically based on load Netflix is experiencing  Amazon AC3 used to host the master copies of Netflix movies CS5412 Spring 2012 (Cloud Computing: Birman)

  18. Akamai 18  Akamai is an example of a “content distribution service”  A company that plays an intermediary role  Content is delivered to the service by Netflix.com (from its Amazon.com platform)  Akamai makes copies “as needed” and distributes them to end users who present Akamai with appropriate URLs  Netflix.com (within Amazon.com) returns a web page with “redirection” URLs to tell your browser app what to fetch from Akamai CS5412 Spring 2012 (Cloud Computing: Birman)

  19. ARL (Akamized URL) 19 Image from Akamai’s white papers CS5412 Spring 2012 (Cloud Computing: Birman)

  20. A few options… 20  With Akamai, the ARL encodes information about what the user seeks and how to find it  Netflix.com page would be generated to contain these Akamai ARLs using software Akamai provides  But there have been several solutions to this problem (we won’t get detailed due to time limits) CS5412 Spring 2012 (Cloud Computing: Birman)

  21. Netflix worry: Theft! 21  Digital movies cost a lot of money for Netflix  Can’t risk that people might steal them from within Akamai or Amazon by knowing the URLs  So Netflix uses a cryptographic encoding scheme!  Every movie is enciphered using AES 256 coding  To decipher a movie, player must have the key CS5412 Spring 2012 (Cloud Computing: Birman)

  22. Sending key to user 22  We can’t just send it in plain text  Anyone on the web might see the page go by  Could use HTTPS (runs on the SSL standard)  The user’s system must log into Netflix.com.  We identify (“authenticate”) the user and verify that this user is allowed (“authorized”) to access this movie  Web pages sent over SSL use negotiated end-to-end security certificates (again, AES 256) hence are safe against intrusion  So: we send the key in the web page with the ARL! CS5412 Spring 2012 (Cloud Computing: Birman)

  23. Notion of “closest” matters 23  We want to direct the user’s request to the closest Amazon.com (Netflix.com) data center  Later want to stream the movie from the best choice of Akamai data center  But what should closest mean within the web? CS5412 Spring 2012 (Cloud Computing: Birman)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS5412/LECTURE 23 Ken Birman HARDWARE ACCELERATORS CS5412 Spring 2020

CS5412/LECTURE 23 Ken Birman HARDWARE ACCELERATORS CS5412 Spring 2020

CS5412/LECTURE 23 Ken Birman HARDWARE ACCELERATORS CS5412 Spring 2020 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 IN THE EARLY DAYS, DIVIDE AND CONQUER SUFFICED People broke web page computations into a first -tier, and then a bank of

678 views • 44 slides
CS5412/LECTURE 14 Ken Birman BLOCKCHAINS FOR I O T (PART 1) CS5412 Spring 2020

CS5412/LECTURE 14 Ken Birman BLOCKCHAINS FOR I O T (PART 1) CS5412 Spring 2020

CS5412/LECTURE 14 Ken Birman BLOCKCHAINS FOR I O T (PART 1) CS5412 Spring 2020 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 BLOCKCHAINS FOR I O T Lucas Mearian. Not afraid of hyperbole! What is blockchain? The most disruptive tech in

636 views • 49 slides
CS5412 / LECTURE 19 Ken Birman BIG (I O T) DATA Spring, 2019

CS5412 / LECTURE 19 Ken Birman BIG (I O T) DATA Spring, 2019

CS5412 / LECTURE 19 Ken Birman BIG (I O T) DATA Spring, 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2018SP 1 TODAYS TOPIC: A BROAD OVERVIEW In CS5412 we dont actually do big data, but we are interested in the infrastructure that

749 views • 47 slides
CS5412/LECTURE 12 Ken Birman GOSSIP PROTOCOLS CS5412 Spring 2019

CS5412/LECTURE 12 Ken Birman GOSSIP PROTOCOLS CS5412 Spring 2019

CS5412/LECTURE 12 Ken Birman GOSSIP PROTOCOLS CS5412 Spring 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 1 GOSSIP 101 Gossip protocols: Ones in which information is spread node-to-node at random, like a Zombie virus. At first, the

543 views • 42 slides
CS5412/LECTURE 10 Ken Birman CS5412 Spring 2020 CONSISTENT STORAGE FOR I O T CORNELL UNIVERSITY

CS5412/LECTURE 10 Ken Birman CS5412 Spring 2020 CONSISTENT STORAGE FOR I O T CORNELL UNIVERSITY

CS5412/LECTURE 10 Ken Birman CS5412 Spring 2020 CONSISTENT STORAGE FOR I O T CORNELL UNIVERSITY CS5412 SPRING 2020 1 CONSIDER A SMART HIGHWAY We have lots and lots of sensors deployed Cars are getting some form of guidance and if they

593 views • 45 slides
CS5412/LECTURE 7 Ken Birman CS5412 Spring 2019 CONSISTENT STORAGE FOR I O T CORNELL UNIVERSITY

CS5412/LECTURE 7 Ken Birman CS5412 Spring 2019 CONSISTENT STORAGE FOR I O T CORNELL UNIVERSITY

CS5412/LECTURE 7 Ken Birman CS5412 Spring 2019 CONSISTENT STORAGE FOR I O T CORNELL UNIVERSITY CS5412 SPRING 2019 1 CONSIDER A SMART HIGHWAY We have lots and lots of sensors deployed Cars are getting some form of guidance and if they

990 views • 52 slides
CS5412: LECTURE 8 Ken Birman USING TIME IN I O T APPLICATIONS Spring, 2019

CS5412: LECTURE 8 Ken Birman USING TIME IN I O T APPLICATIONS Spring, 2019

CS5412: LECTURE 8 Ken Birman USING TIME IN I O T APPLICATIONS Spring, 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 1 CONTEXT: QUICK REMINDER Real-time clocks have limitations on precision, accuracy and skew. Lamport defines the

476 views • 43 slides
CS5412: HOW DURABLE SHOULD IT BE? Lecture XV Ken Birman Choices, choices 2 A system

CS5412: HOW DURABLE SHOULD IT BE? Lecture XV Ken Birman Choices, choices 2 A system

CS5412 Spring 2016 (Cloud Computing: Birman) 1 CS5412: HOW DURABLE SHOULD IT BE? Lecture XV Ken Birman Choices, choices 2 A system like Vsync lets you control message ordering, durability, while Paxos opts for strong guarantees.

680 views • 39 slides
CS5412: CONSENSUS AND THE FLP IMPOSSIBILITY RESULT Lecture XII Ken Birman Generalizing Sam and

CS5412: CONSENSUS AND THE FLP IMPOSSIBILITY RESULT Lecture XII Ken Birman Generalizing Sam and

CS5412 Spring 2012 (Cloud Computing: Birman) 1 CS5412: CONSENSUS AND THE FLP IMPOSSIBILITY RESULT Lecture XII Ken Birman Generalizing Sam and Jills challenge 2 Recall from last time: Sam and Jill had difficulty agreeing where to meet

967 views • 42 slides
CS5412 / LECTURE 10 Ken Birman REPLICATION AND CONSISTENCY Spring, 2019

CS5412 / LECTURE 10 Ken Birman REPLICATION AND CONSISTENCY Spring, 2019

CS5412 / LECTURE 10 Ken Birman REPLICATION AND CONSISTENCY Spring, 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2018SP 1 RECAP -services, and We discussed several building blocks for creating new along the way noticed that consistency

747 views • 51 slides
CS5412: CONSENSUS AND THE FLP IMPOSSIBILITY RESULT Lecture XII Ken Birman Generalizing Ron and

CS5412: CONSENSUS AND THE FLP IMPOSSIBILITY RESULT Lecture XII Ken Birman Generalizing Ron and

CS5412 Spring 2016 (Cloud Computing: Birman) 1 CS5412: CONSENSUS AND THE FLP IMPOSSIBILITY RESULT Lecture XII Ken Birman Generalizing Ron and Hermiones challenge 2 Recall from last time: Ron and Hermione had difficulty agreeing where

975 views • 42 slides
CS5412 / LECTURE 16 Ken Birman BLOCKCHAINS WITH MULTIPLE Spring, 2020 ORGANIZATIONS

CS5412 / LECTURE 16 Ken Birman BLOCKCHAINS WITH MULTIPLE Spring, 2020 ORGANIZATIONS

CS5412 / LECTURE 16 Ken Birman BLOCKCHAINS WITH MULTIPLE Spring, 2020 ORGANIZATIONS HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 TODAY: BRAINSTORMING ABOUT A REAL BLOCKCHAIN USE CASE! Consider the challenge of running a

503 views • 47 slides
CS5412 / LECTURE 25 Ken Birman PROGRAMMING HARDWARE Spring, 2020 ACCELERATORS

CS5412 / LECTURE 25 Ken Birman PROGRAMMING HARDWARE Spring, 2020 ACCELERATORS

CS5412 / LECTURE 25 Ken Birman PROGRAMMING HARDWARE Spring, 2020 ACCELERATORS HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 SUPPOSE THAT YOU PURCHASE A GPU. HOW WOULD YOU PROGRAM IT? GPUs come with a collection of existing software

272 views • 11 slides
CS5412: TORRENTS AND TIT-FOR-TAT Lecture VI Ken Birman BitTorrent 2 Today well be

CS5412: TORRENTS AND TIT-FOR-TAT Lecture VI Ken Birman BitTorrent 2 Today well be

CS5412 Spring 2012 (Cloud Computing: Birman) 1 CS5412: TORRENTS AND TIT-FOR-TAT Lecture VI Ken Birman BitTorrent 2 Today well be focusing on BitTorrent The technology really has three aspects A standard tht BitTorrent client

478 views • 44 slides
CS5412: WHERE DID MY PERFORMANCE GO? Lecture XVIII Ken Birman Suppose you follow the rules

CS5412: WHERE DID MY PERFORMANCE GO? Lecture XVIII Ken Birman Suppose you follow the rules

CS5412 Spring 2015 (Cloud Computing: Birman) 1 CS5412: WHERE DID MY PERFORMANCE GO? Lecture XVIII Ken Birman Suppose you follow the rules 2 You set out to build a fairly complex large-scale system for some kind of important task

658 views • 48 slides
CS5412: HOW MUCH ORDERING? Lecture XVI Ken Birman Ordering 2 The key to consistency turns

CS5412: HOW MUCH ORDERING? Lecture XVI Ken Birman Ordering 2 The key to consistency turns

CS5412 Spring 2012 (Cloud Computing: Birman) 1 CS5412: HOW MUCH ORDERING? Lecture XVI Ken Birman Ordering 2 The key to consistency turns has turned out to be delivery ordering (durability is a separate thing) Given replicas that

662 views • 47 slides
Finance, Growth and Fragility: The Role of Government Thorsten Beck Maxwell Fry Lecture 2012

Finance, Growth and Fragility: The Role of Government Thorsten Beck Maxwell Fry Lecture 2012

Finance, Growth and Fragility: The Role of Government Thorsten Beck Maxwell Fry Lecture 2012 Finance is pro-growth and pro -poor but also fragile Output losses relative to potential output; Source: Laeven and Valencia (2010) Finance,

676 views • 38 slides
CLICK HERE.exe XSS & CSRF Security Meetup Month 2 of 12 (February) Last month: SQL

CLICK HERE.exe XSS & CSRF Security Meetup Month 2 of 12 (February) Last month: SQL

CLICK HERE.exe XSS & CSRF Security Meetup Month 2 of 12 (February) Last month: SQL Injections This month: XSS / CSRF Next month: DDoS / DoS Meetup Group for times/dates https://www.meetup.com/CLICK_HERE-exe/ Plan of Attack

1.76k views • 58 slides
Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer

Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer

Isolation problem for Web Mashups Formal definition of Capability Safe languages Solving the Isolation problem using Capabilit Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer Science, Stanford

1.01k views • 43 slides
Verify what? Navigating the Attack Surface Mark S. Miller, Google Formal Methods meets JavaScript

Verify what? Navigating the Attack Surface Mark S. Miller, Google Formal Methods meets JavaScript

Verify what? Navigating the Attack Surface Mark S. Miller, Google Formal Methods meets JavaScript Imperial College, March 2018 Risk as Attack Surface a Expected Risk: likelihood * damage Potential damage Likelihood of exploitable

592 views • 48 slides
Expressing Security Constraints using capabilities Mark S. Miller and the Cajadores Overview

Expressing Security Constraints using capabilities Mark S. Miller and the Cajadores Overview

Expressing Security Constraints using capabilities Mark S. Miller and the Cajadores Overview This talk The What and Why of object-capabilities (ocaps) My Securing EcmaScript 5 talk tomorrow The How of doing ocaps in JavaScript Patterns

853 views • 67 slides
A3: Cross-site Scripting (XSS) (JavaScript injection) Prevalence Stock et.al. How the Web

A3: Cross-site Scripting (XSS) (JavaScript injection) Prevalence Stock et.al. How the Web

A3: Cross-site Scripting (XSS) (JavaScript injection) Prevalence Stock et.al. How the Web Tangled Itself: Uncovering the History of Client- Side Web (In)Security, USENIX Security 2017 But first..JavaScript security Pages now loaded

482 views • 46 slides
Basic housekeeping Plugging obvious security holes in web sites. Chris9an Heilmann, Paris Web,

Basic housekeeping Plugging obvious security holes in web sites. Chris9an Heilmann, Paris Web,

Basic housekeeping Plugging obvious security holes in web sites. Chris9an Heilmann, Paris Web, Paris, October 2009 A few things to remember about basic web security. A bit of pimping... Grer la scurit de vos applica9ons web (Salle 1)

1.08k views • 89 slides
There are no Accidents !!!! 17 th September is a very important date for Indian Solar Industry

There are no Accidents !!!! 17 th September is a very important date for Indian Solar Industry

There are no Accidents !!!! 17 th September is a very important date for Indian Solar Industry Autonic / UNSW 2019 1 Kungfu Panda, copywrite: Dreamworks for educational purpose Birthday of our Hon. Prime Minister Shri Narandra Modi Principle

940 views • 54 slides

More recommend