Saturday, August 30, 2008

End to End Arguments in Systems Design (Saltzer, MIT)

Briefly summarize the paper (1-2 short paragraphs)
This paper explains and explores the tradeoff between pushing functionality, such as encryption, duplication detection, and robustness mechanisms, into the lower levels of the network stack vs. implementing the same functionality at the end hosts of the network connection (i.e. at the application level).

The solution they promote is not simply to push things to the ends, but to be sensitive to the advantages and disadvantages of both scenarios. Each has its limitations. For example, encryption at a low level is not a strong enough guarantee for somebody who does not trust all other users on his machine since sensitive data would be moved between the process and the encryption point which would be low in the system stack. On the other hand encryption done at the application level cannot guarantee that all data going out on the wire is encrypted, which might be desirable from a network policy perspective as a safeguard against "wire tapping" or accidental transmission of sensitive data to an untrusted entity.

Provide relevant background/related material as appropriate (1-2 short paragraphs)
This paper was written as a reflection on the experiences at MIT related to this tradeoff space, including "A Too-Real Example"

Critique the paper and suggestion discussion topics (2-3 paragraphs)
This paper is amazing. I believe that my conscience would bother me I if deigned to react with anything but groveling at the feet of its authors.

Why or why not keep this paper in syllabus?
Absolutely keep it in the syllabus, it is a seminal paper that every CS researcher should read. 

What issues are left open for future research?
The principle is a general and useful one. They provide many examples of the trade-off space, but there are countless more that could be enumerated. In fact it is valuable to consider the end-to-end principle any time a network based system is being designed.

What are the important implications of the work?
We had significant discussion of the end-to-end principle during the design phase of Chukwa, the data collection system I helped build at Yahoo over the summer. The end to end principle is taught as a fundamental tool in all systems design work.

No comments: