Systems currently place a great deal of trust in their underlying components. Unfortunately, due to the complexity of both hardware and software systems, such trust is often misplaced. In particular, a layer will sometimes report that it has succeeded when in fact it has failed. Such a silent fault, or a ?lie? as we will sometimes call it, makes the construction of the next generation of software systems a daunting prospect. In this proposal, we describe the Wisconsin Lie Detection (LID) project, in which we plan to develop methods and techniques to detect lies and thus enable a new generation of robust software. Our basic philosophy is one of skepticism, in which a system generally trusts a layer to correctly complete an operation, but in addition has extra machinery to verify that it indeed has done so. Thus, our major objective is to develop a science of skeptical systems design, including a set of principles and methods systems can employ to be robust to silent faults should they arise. The LID project consists of three major components, all conducted within the domain of storage systems, as we believe storage is an important problem area within which skepticism will be of great value. The first is better understanding the effects of lies on current systems. Thus, we plan to develop a comprehensive lie-injection framework and use it to analyze how silent faults affect systems. Second, we plan to design, implement, and evaluate a set of explicit and implicit lie detectors. Explicit lie detectors expose information to enable higher layers to verify a layer?s operation, whereas implicit detectors utilize covert channels to cope with the lack of explicit assistance. Finally, we will investigate the use of an N-version file system in lie detection and recovery. The LID project will change the landscape of system design and implementation in three fundamental ways. First, our study of existing systems will lend key insights into how systems should be built to withstand silent faults. Second, by developing explicit and implicit lie detectors, we will deepen our knowledge of how to design systems to cope with lies even when no explicit aid to do so exists. Finally, we will see whether the promise of N-version programming [7] can be realized in the problem domain of lie detection; success will alter how we build reliable storage systems. A.1 Intellectual Merit Intellectual merit and importance: We will advance the state of knowledge in the science of skeptical systems design in three fundamental ways. First, we will develop techniques to understand how systems react to silent failures. Second, we will design, implement, and evaluate both explicit and implicit lie detectors, thus providing insight on how systems can verify the correct operation of underlying layers. Finally, we will develop mechanisms to utilize multiple file systems to improve system reliability in a low-cost manner. Qualifications: We believe we are well positioned to make progress on this demanding problem, as we draw on our expertise in file and storage systems [10, 13, 12, 20, 59, 60, 62, 60, 59, 58], analysis of complex systems [8, 21, 32, 50, 51], and gray-box and related techniques [2, 15, 33, 46, 48]. All three aspects of our previous work feed into our development of the science of skeptical systems design. Organization and access to resources: From an organizational viewpoint, our goal is to perform ?low-cost, highimpact? research. Hence, the bulk of funding requested within this proposal is found in human costs. From a computational standpoint, we have access to thousands of machines and multiple storage clusters. A.2 Broader Impacts Advancing discovery while promoting teaching, training, and learning: In general, we work to give students hands-on training with cutting-edge systems technology. We also plan to incorporate our research into numerous upper-level courses, thus having an impact on all students who pass through the systems courses at Wisconsin. Broadening the participation of underrepresented groups: Our main focus has been to increase female participation in computer science research. In the past seven years, we have graduated five females. We also plan to recruit an additional female in the fall as a part of this project. Enhancing the infrastructure for research and disseminating results: In this proposal, we plan to develop a new skeptical approach to systems design; we believe this viewpoint is critical in the construction of the next generation of systems and thus hope to disseminate as widely as possible. We will do so in three primary ways: through the classic medium of publication, which in the past has impacted the design and implementation of various storage systems including the EMC Centera [32] and NetApp filers [39]; through the development of numerous software artifacts, which we have shared with the open source community and thus improved various code bases; and finally, through our interaction with NetApp, and the technology transfer that this enables. Benefits to society: Our lives are increasingly dependent on computing systems. The science of skeptical systems design is crucial to the development of the next generation of software systems. By embracing a skeptical approach, the systems we build will be more robust, and thus of better service to society.
