Towards a Paradigm for Robust Distributed Programming

Click here to load reader

  • date post

    31-Dec-2015
  • Category

    Documents

  • view

    23
  • download

    0

Embed Size (px)

description

Towards a Paradigm for Robust Distributed Programming. Christian Scheideler Institute for Computer Science Technical University of Munich. Performance measures. Classical research area: Efficient algorithms and data structures - PowerPoint PPT Presentation

Transcript of Towards a Paradigm for Robust Distributed Programming

  • Towards a Paradigm for Robust Distributed ProgrammingChristian ScheidelerInstitute for Computer ScienceTechnical University of Munich

    Robust Distributed Programming

  • Performance measuresClassical research area: Efficient algorithms and data structures

    Distributed computing: Efficiency is not everything! Robustness against adversarial behavior increasingly pressing issue.Topic of this talk

    Robust Distributed Programming

  • Four Commandments of Distributed ComputingYou shall not sleep.You shall not lie.You shall not stealYou shall not kill Countermeasures for violations:Algorithmic solutions if majority is prompt.Secure multiparty computation, filtering.No intrusion possible, then cryptographic mechanisms protect against identity theft.Serious problem! Denial-of-Service attacks!

    Robust Distributed Programming

  • Fundamental DilemmaScalability: minimize resources needed for operationsRobustness: maximize resources needed for attack

    Scalable solutions easy to attack!!!

    Robust Distributed Programming

  • ConsequenceWe need a new model!

    NOT: What is the current state? Current distributed computing environment fundamentally flawed.

    What is a realizable state?

    Algorithms can be powerful advocates!

    Robust Distributed Programming

  • Towards a new paradigmRequirements:Universality: wide range of comp./comm. environmentsSimplicity: simple to state, realize and applyEfficiency: inexpensive to realize and applyRobustness: ???

    Robust Distributed Programming

  • Laws of Robustness[K. Cameron: The laws of identity, D. Epp: The eight rules of security,]

    User consent and control: user should have full control over its resources at any time

    Minimal exposure: only give enough information to perform task

    Minimal authority: only give enough authority for task (principle of least privilege/authority)

    Robust Distributed Programming

  • Medical privacy[EU Rec. on Protection of Medical Data 1997, U.S. OCR HIPAA Regulations]

    User consent and control: patients should have knowledge of / control over their medical data

    Minimal exposure: only store/reveal information necessary for diagnosis or treatment

    Minimal authority: only give enough authority for task (principle of least privilege/authority)

    Robust Distributed Programming

  • Towards a new paradigmRequirements:Universality: wide range of comp./comm. environmentsSimplicity: simple to state, realize and applyEfficiency: inexpensive to realize and applyRobustness: three laws

    Robust Distributed Programming

  • Universal ModelsTuring machine: easy to state and realize but not to applyvon Neumann machine: easy to state but not to realize in distributed environmentPointer models: looks like most promising direction

    Robust Distributed Programming

  • Subject-oriented approachSubjects: active entities (no dynamic data!)Objects: passive entities (no methods!) (hulls for dynamic data)no global user-accessible references to subjects or objects (minimizes exposure)

    Subjects and objects atomicEvery object accessible by only one subject at any time and must be co-located with itInformation exchange through exchange of objects along relay points

    Robust Distributed Programming

  • Subject-oriented approachPrecursor: Hewitts Actor model 1973Since then: mostly work in programming languages (E Language by Miller et al.)

    Simplicity: concurreny is difficult! ) concurrency only outside of subjects ) only strictly non-blocking primitives ) no global read and write!

    Robust Distributed Programming

  • Subject-oriented approachIngredients: Subjects: threads with static dataObjects: hulls of dynamic data Relay points: communication Identities: objects for authorization

    Robust Distributed Programming

  • Laws of RobustnessUser consent and control: - subjects & objects are atomic, subjects tied to site and objects co-located with subjects - parents are responsible for children

    Minimal exposure: - subjects & objects have no identity, only relays - no sensitive information (keys) revealed

    Minimal authority: any connection/access requires permissionRealize these through create & delete

    Robust Distributed Programming

  • Subjectsp(s): parent of s (cannot be changed!)s.create(s): s=p(s)

    s.delete(s): if s=p(s) then delete s and all of its descendents

    Robust Distributed Programming

  • Relay pointsh(r): home of relay r (cannot be changed!)s.create(r):

    s.create(r | i): if d(i)=s

    s.delete(r): if h(r)=s then delete routgoing link can not be changeds

    Robust Distributed Programming

  • Identitiesd(i) 2 R [ 1: destinations.create(i): d(i)=1 (public identity)

    s.create(i | r): d(i)=p(s)s.create(i | r,i): d(i)=s(i) (s: source of i)

    s.delete(i)

    Robust Distributed Programming

  • First contact

    Robust Distributed Programming

  • IntroductionCrr

    Robust Distributed Programming

  • ObjectsWe already know:Objects are type-less hulls of dynamic data and co-located with their subjectsIdentities are special objects

    Further concepts:For efficiency, only object references transferred in internal communication, but whole objects in external communicationMigration of subjects through special objects called clones

    Robust Distributed Programming

  • Cloness(c): source, d(c): destinations.create(c): d(c)=p(s)s.create(c | i): d(c)=s(i)

    s.create(s | c):

    Robust Distributed Programming

  • Working with objectsInitialization of objects: obj := new Object; (removes all old info) obj1 := obj2; not possible (else access conflicts!)

    Initialization of a new variable in object obj: int obj.var1 := 1; float obj.var2 := 0.2; string obj.var3 := name;

    Test of defined variable: if obj.name = NULL then var1: 1

    Robust Distributed Programming

  • Working with objectsCopy-operation: obj1.name1 := obj2.name2;

    Move-operation: obj1.name1

  • Better resource controlAdditional commands open and close.open(Subject s): activates sclose(Subject s): freezes (and saves) sopen(Relay r): activates rclose(Relay r): freezes (and saves) ropen(Object o): opens o for operationsclose(Object o): closes (and saves) o New subjects/relays/objects initially open.

    Robust Distributed Programming

  • Better resource controlIn addition, use policies:Policies for permitted calls along links.Policies for resource use of subject and its descendents.Still under development

    Robust Distributed Programming

  • Nice featuresRigorous designs of systems possible that are robust against identity theft and DoS attacksSecure grid computingDigital rights managementAnonymity and privacy

    BUT: How to realize subjects environment?

    Robust Distributed Programming

  • ImplementationInternetISPUser User: subjects & internal relay points ISP: external relay points (quota)

    Robust Distributed Programming

  • Questions?Contact [email protected]m.de

    Robust Distributed Programming

    Lets face it. Information moves around after each request: expensive! Information stays: sitting duck!Algorithms can be extremely powerful advocates!