Download presentation

Presentation is loading. Please wait.

Published byYolanda Crummett Modified over 3 years ago

1
Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern University http://plab.cs.northwestern.edu

2
2 Takeaway Trust asymmetry is a core, unresolved problem in scalable computing Encrypted computation is the right approach This community is the right one to solve this problem

3
3 Outline Trust asymmetry problem Critique of approaches Encrypted computation scheme –Boolean circuits –Basic blocks –Control flow Discussion

4
4 Trust Asymmetry Input Program

5
5 Trust Asymmetry Input Program Secure Channel

6
6 Trust Asymmetry Input Program Secure Channel Output

7
7 Trust Asymmetry Input Program Secure Channel Output

8
8 Trust Asymmetry Input Program Secure Channel Output Protected Execution Environment

9
9 Trust Asymmetry Input Program Secure Channel Output Protected Execution Environment

10
10 Trust Asymmetry Provider need not trust user at all User must trust provider completely

11
11 Consequences Scaling limited to machines user trusts Very large scale domain limited to low stakes applications SETI@HOME, DESCHALL, etc. High stakes applications have limited provider pool IBM, Sun, other vendors willing to do indemnification Economic inefficiency

12
12 Approaches Trust chains Attestation Obfuscation Encrypted computation

13
13 Trust Chains No direct protection of input, code, or output I trust X to do A because Y, who I trust, says I can –Chains of such trust assertions –Digital certificates –Example: SSL Certificates on the web –Example: Grid Certificates [Globus]

14
14 Problems Human in the loop… –Slow Or human has to write policy –Easy to get wrong Trust chains are complex to understand and evaluate against policy –Area of current research! Revocation

15
15 Attestation Certificate chain rooted in trusted hardware attests to software stack of machine [Terra, Paladium] Run only if you trust the software stack

16
16 Problems How do you know a software stack is OK? –Human in the loop… –Or writing policy What happens when stack changes? –Patches –“Semantic attestation”

17
17 Obfuscation Use compiler optimization technology to make code confusing [Collberg]

18
18 Problems No protection of input or output No proofs of difficulty of subversion

19
19 Encrypted Computation Apply techniques invented for encrypted communication Algorithm-specific techniques [Sander,Song] General purpose techniques –Typically focuses on Boolean circuit

20
20 General Purpose Encrypted Computation Seminal work: Abadi&Feigenbaum –Secure evaluation of Boolean circuit –“Interactive” More recently: Non-interactive –Sander and Tschudin: polynomials –Loureiro: Boolean circuits

21
21 Desirable Properties Protect inputs, outputs, and algorithm No trust needed at all Detect lies Analogy with communication –We don’t have to trust an Internet path –Trust is limited to endpoints

22
22 Problems Very abstract and theoretical –No implementations Unclear performance issues These are things the compiler community can help with

23
23 Our Simple Method For Boolean Circuits X f Secure Channel Y Protected Execution Environment

24
24 Our Simple Method For Boolean Circuits X f Y ED One-time pads f’E D X’Y’ Remote Execution

25
25 Example: Y = fX x1 x2 x3 y1 y2 X1X2X3Y1Y2 00000 00110 01001 01110 10010 10111 11001 11101

26
26 One-time Pad Refresher One of the oldest, but most secure encryption systems Have random bit sequence E Encrypt bit sequence X using X’ = X xor E Decrypt by X = X’ xor E

27
27 XOR as Multiplexor x e e x

28
28 Procedure Choose pads E and D Example –E = 1,0,1 –D = 1,0 Where bit is 1, double-invert

29
29 x1 x2 x3 y1 y2 f’=DfE X X’ Y’ E E D D Y Y=DDfEEX

30
30 Procedure Now “flatten” f’ back into sum of products and re-optimize

31
31 x1’ x2’ x3’ y1’ y2’ X1’X2’X3’Y1’Y2’ 00001 00100 01010 01111 10000 10110 11000 11111 f’=DfE

32
32 x1 x2 x3 y1 y2 X1X2X3Y1Y2 00000 00110 01001 01110 10010 10111 11001 11101 f

33
33 Concerns Currently no proof of difficulty to subvert Circuit growth limit? Will an automatic optimizer simply find the original configuration? Detecting lies –Embedded test circuit with known behavior “mixed” into circuit How much reuse can we have?

34
34 Basic Blocks Obvious analog on data flow graph does not work Must convert data flow graph into Boolean circuit, apply technique, and then generate new basic block from the circuit

35
35 Control Flow Generate Mealy or Moore machine Apply technique to combinational element Generate new code

36
36 Concerns Code generation could “find” that the transparent implementation is best Efficient code generation from Boolean circuit Code size blowup Performance loss –Will determine in which regimes this is practical

37
37 Current Status Proving how difficult it is to “unfold” the collapsed circuit Working toward proof-of-concept implementation as binary-to-binary translator for.NET CLR

38
38 Takeaway Trust asymmetry is a core, unresolved problem in scalable computing Encrypted computation is the right approach This community is the right one to solve this problem Demonstrated straightforward scheme

39
39 For More Information Prescience Lab –http://plab.cs.northwestern.edu Virtuoso –http://virtuoso.cs.northwestern.edu Join our user comfort study! –http://comfort.cs.northwestern.edu

Similar presentations

OK

CSCI1600: Embedded and Real Time Software Lecture 33: Worst Case Execution Time Steven Reiss, Fall 2015.

CSCI1600: Embedded and Real Time Software Lecture 33: Worst Case Execution Time Steven Reiss, Fall 2015.

© 2019 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google