1. 25-27/11/02 Pisa 1 SeT: Secure Service Technology for Dependable e-Business/Government Applications Jie Xu, Keith Bennett and Malcolm Munro The SeTech Centre Department of Computer Science University of Durham

2. 25-27/11/02 Pisa 2 The SeTech Centre at Durham Funding Sources: EPSRC/DTI, NEeS Centre Industrial Partners (Sun, Sharp, Sparkle etc) Technical Board: Jie Xu (Distributed Systems & Dependability) Keith Bennett (Service-Based Architecture) Malcolm Munro & Nick Holliman (Visualisation) Research Staff: 6 Academic Staff Members + 12 Research Staff Members Hardware Testbed: A Sun 32 CPU UltraGrid computer connected to a network of Sun servers and workstations with an upgraded Gigabit link between Durham and Newcastle Close Collaborations: The Pennine Group, EU and USA univ. & insti.

3. 25-27/11/02 Pisa 3 The SeTech Centre Building

4. 25-27/11/02 Pisa 4 Problems and Challenges The Problem - Coordinated resource sharing & problem solving in large- scale, dynamic, multi-institutional virtual organisations Major Technical Obstacles - Inflexible, protocol-specific architectures & approaches - Difficulty in structuring and writing such large-scale programs - Security risks and malicious attacks - Many risks and problems rooted in software

5. 25-27/11/02 Pisa 5 e-Demand: A Software-Based Solution The Demand-Led Service-Based Architecture - New service-based model for organising flexible e-business/ government applications - An instance of the architecture to be implemented Generic Services, e.g. our unique SIR technique - Support for secure and attack-tolerant information sharing - 3D visualisation service for program/information comprehension Fault-Injection-Based System Evaluation - The FITMVS tool, supported by clusters of workstations - Evaluation with respect to faults/attacks/performance

6. 25-27/11/02 Pisa 6 Architectural Evolution Applications Transport Internet Link Internet Architecture Resources Connectivity Resource Management Coordination of Multiple Resources Applications Protocol-Based Architecture e-Actions Service-Based Architecture ISPs, CSPs, SPs Information, Negotiation Settlement, After-Services Generic Services: Security, FT Visualisation

7. 25-27/11/02 Pisa 7 Service-Based Architectural Model Contractor/assembly service provider Contractor/assembly service provider Catalogue/ontology provider Catalogue/ontology provider Service consumer Service/solution provider Demand Provision Ultra-Late Binding Finding Publishing e-Action service Attack-tolerance service Auto-3D service

8. 25-27/11/02 Pisa 8 The Attack-Tolerant PIR Scheme Private Information Retrieval (PIR) - Normal query to a (remote) database: give me the record x - PIR query: compute functions F 1, F 2, …, F k for me over x, y, z,... (reconstruct x locally based on the results of F 1, F 2, …, F k ) Attack/Failure Models of Remote DB Servers - Honest-but-Curious (HbC): query with K functions (computing tasks) - HbC & loss of results: query with K + L functions - Malicious hosts (may change the results deliberately): 2 different queries (i.e. 2K functions for detection) or (f + 2) queries for tolerating f attacks/failures New Approach: a query with K signed functions (detection) for tolerating f attacks/failures Application Domains: critical information services, healthcare etc.

9. 25-27/11/02 Pisa 9 The System Architecture A11A12 A1m A21A22 A2m An1 An2 Anm request manager mobile code dispatcher request A1 A2 An (local host) user application A1, A2 … An result manager mobile code collector result A1, A2 … An Internet host 1host 2host m (pieces of code)

10. 25-27/11/02 Pisa 10 An Implementation for Real DBs Length of Queries vs. Execution Time