Presentation is loading. Please wait.

Presentation is loading. Please wait.

Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern.

Similar presentations


Presentation on theme: "Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern."— Presentation transcript:

1 Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern University

2 2 Takeaway Trust asymmetry is a core, unresolved problem in scalable computing Encrypted computation is the right approach This community is the right one to solve this problem

3 3 Outline Trust asymmetry problem Critique of approaches Encrypted computation scheme –Boolean circuits –Basic blocks –Control flow Discussion

4 4 Trust Asymmetry Input Program

5 5 Trust Asymmetry Input Program Secure Channel

6 6 Trust Asymmetry Input Program Secure Channel Output

7 7 Trust Asymmetry Input Program Secure Channel Output

8 8 Trust Asymmetry Input Program Secure Channel Output Protected Execution Environment

9 9 Trust Asymmetry Input Program Secure Channel Output Protected Execution Environment

10 10 Trust Asymmetry Provider need not trust user at all User must trust provider completely

11 11 Consequences Scaling limited to machines user trusts Very large scale domain limited to low stakes applications DESCHALL, etc. High stakes applications have limited provider pool IBM, Sun, other vendors willing to do indemnification Economic inefficiency

12 12 Approaches Trust chains Attestation Obfuscation Encrypted computation

13 13 Trust Chains No direct protection of input, code, or output I trust X to do A because Y, who I trust, says I can –Chains of such trust assertions –Digital certificates –Example: SSL Certificates on the web –Example: Grid Certificates [Globus]

14 14 Problems Human in the loop… –Slow Or human has to write policy –Easy to get wrong Trust chains are complex to understand and evaluate against policy –Area of current research! Revocation

15 15 Attestation Certificate chain rooted in trusted hardware attests to software stack of machine [Terra, Paladium] Run only if you trust the software stack

16 16 Problems How do you know a software stack is OK? –Human in the loop… –Or writing policy What happens when stack changes? –Patches –“Semantic attestation”

17 17 Obfuscation Use compiler optimization technology to make code confusing [Collberg]

18 18 Problems No protection of input or output No proofs of difficulty of subversion

19 19 Encrypted Computation Apply techniques invented for encrypted communication Algorithm-specific techniques [Sander,Song] General purpose techniques –Typically focuses on Boolean circuit

20 20 General Purpose Encrypted Computation Seminal work: Abadi&Feigenbaum –Secure evaluation of Boolean circuit –“Interactive” More recently: Non-interactive –Sander and Tschudin: polynomials –Loureiro: Boolean circuits

21 21 Desirable Properties Protect inputs, outputs, and algorithm No trust needed at all Detect lies Analogy with communication –We don’t have to trust an Internet path –Trust is limited to endpoints

22 22 Problems Very abstract and theoretical –No implementations Unclear performance issues These are things the compiler community can help with

23 23 Our Simple Method For Boolean Circuits X f Secure Channel Y Protected Execution Environment

24 24 Our Simple Method For Boolean Circuits X f Y ED One-time pads f’E D X’Y’ Remote Execution

25 25 Example: Y = fX x1 x2 x3 y1 y2 X1X2X3Y1Y

26 26 One-time Pad Refresher One of the oldest, but most secure encryption systems Have random bit sequence E Encrypt bit sequence X using X’ = X xor E Decrypt by X = X’ xor E

27 27 XOR as Multiplexor x e e x

28 28 Procedure Choose pads E and D Example –E = 1,0,1 –D = 1,0 Where bit is 1, double-invert

29 29 x1 x2 x3 y1 y2 f’=DfE X X’ Y’ E E D D Y Y=DDfEEX

30 30 Procedure Now “flatten” f’ back into sum of products and re-optimize

31 31 x1’ x2’ x3’ y1’ y2’ X1’X2’X3’Y1’Y2’ f’=DfE

32 32 x1 x2 x3 y1 y2 X1X2X3Y1Y f

33 33 Concerns Currently no proof of difficulty to subvert Circuit growth limit? Will an automatic optimizer simply find the original configuration? Detecting lies –Embedded test circuit with known behavior “mixed” into circuit How much reuse can we have?

34 34 Basic Blocks Obvious analog on data flow graph does not work Must convert data flow graph into Boolean circuit, apply technique, and then generate new basic block from the circuit

35 35 Control Flow Generate Mealy or Moore machine Apply technique to combinational element Generate new code

36 36 Concerns Code generation could “find” that the transparent implementation is best Efficient code generation from Boolean circuit Code size blowup Performance loss –Will determine in which regimes this is practical

37 37 Current Status Proving how difficult it is to “unfold” the collapsed circuit Working toward proof-of-concept implementation as binary-to-binary translator for.NET CLR

38 38 Takeaway Trust asymmetry is a core, unresolved problem in scalable computing Encrypted computation is the right approach This community is the right one to solve this problem Demonstrated straightforward scheme

39 39 For More Information Prescience Lab –http://plab.cs.northwestern.edu Virtuoso –http://virtuoso.cs.northwestern.edu Join our user comfort study! –http://comfort.cs.northwestern.edu


Download ppt "Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern."

Similar presentations


Ads by Google