UT-ORNL 15 March 2005 CSIIR Workshop 1 Trusted Computing Amidst Untrustworthy Intermediaries Mike...
-
Upload
marylou-holmes -
Category
Documents
-
view
216 -
download
0
Transcript of UT-ORNL 15 March 2005 CSIIR Workshop 1 Trusted Computing Amidst Untrustworthy Intermediaries Mike...
1UT-ORNL 15 March 2005 CSIIR Workshop
Trusted Computing Amidst Untrustworthy Intermediaries
Mike Langston
Department of Computer ScienceUniversity of Tennessee
currently on leave to
Computer Science and Mathematics DivisionOak Ridge National Laboratory
USA
2UT-ORNL 15 March 2005 CSIIR Workshop
Overview
Programs
Data
Highly Parallel
Scalable Network
Variable Topology
Internet Like
But Untrusted!
3UT-ORNL 15 March 2005 CSIIR Workshop
Possible Solutions
• Accept faulty results. Uh, no thanks.
• Authenticate/verify by central authority. Unrealistic, does not scale.
• Exploit complexity and checkability. Problems in NP can be hard to solve -- but they are
always easy to check! No need for centralized control, ownership, or verification.
4UT-ORNL 15 March 2005 CSIIR Workshop
A Little Complexity Theory
The Classic View:
P NP PSPACEΣ 2
P… …
“easy”
5UT-ORNL 15 March 2005 CSIIR Workshop
A Little Complexity Theory
• The Classic View:
P NP PSPACEΣ 2
P… …
“easy”
“hard”
NP-complete
6UT-ORNL 15 March 2005 CSIIR Workshop
A Little Complexity Theory
• The Classic View:
P NP PSPACEΣ 2
P… …
“easy”
“hard”
“fuggettaboutit”
7UT-ORNL 15 March 2005 CSIIR Workshop
Parameter Sensitivity: Instance(n,k)
• Suppose our problem is, say, NP-complete.
• Consider an algorithm with a time bound such as O(2k+n).
• And now one with a time bound more like O(2k+n).
8UT-ORNL 15 March 2005 CSIIR Workshop
Parameter Sensitivity: Instance(n,k)
• Suppose our problem is, say, NP-complete.
• Consider an algorithm with a time bound such as O(2k+n).
• And now one with a time bound more like O(2k+n).
• Both are exponential in parameter value(s).
9UT-ORNL 15 March 2005 CSIIR Workshop
Parameter Sensitivity: Instance(n,k)
• Suppose our problem is, say, NP-complete.
• Consider an algorithm with a time bound such as O(2k+n).
• And now one with a time bound more like O(2k+n).
• Both are exponential in parameter value(s).
• But what happens when k is fixed?
10UT-ORNL 15 March 2005 CSIIR Workshop
Parameter Sensitivity: Instance(n,k)
• Suppose our problem is, say, NP-complete.• Consider an algorithm with a time bound
such as O(2k+n).• And now one with a time bound more like
O(2k+n).• Both are exponential in parameter value(s).• But what happens when k is fixed?• Fixed Parameter Tractability: confines
superpolynomial behavior to the parameter.
11UT-ORNL 15 March 2005 CSIIR Workshop
Complexity Theory, Revised
Hence, the Parameterized View:
FPT … …W[1] W[2] XP
“solvable (even if
NP-complete)”
12UT-ORNL 15 March 2005 CSIIR Workshop
Complexity Theory, Revised
The Parameterized View:
FPT … …W[1] W[2] XP
“solvable (even if NP-hard!)”
“heuristics only”
13UT-ORNL 15 March 2005 CSIIR Workshop
Complexity Theory, Revised
The Parameterized View:
FPT … …W[1] W[2] XP
“solvable (even if NP-hard!)”
“heuristics only”
“I said fuggettaboutit!”
14UT-ORNL 15 March 2005 CSIIR Workshop
Target Problems
• Not membership in P (assuming P≠NP) hard to compute
15UT-ORNL 15 March 2005 CSIIR Workshop
Target Problems
• Not membership in P (assuming P≠NP) hard to compute
• Membership in NP easy to check
16UT-ORNL 15 March 2005 CSIIR Workshop
Target Problems
NP-complete FPT
• Not membership in P (assuming P≠NP) hard to compute
• Membership in NP easy to check
• Fixed Parameter Tractable use kernelization and branching
17UT-ORNL 15 March 2005 CSIIR Workshop
Kernelization
• Consider Clique and Vertex Cover
• High Degree Rule(s)
• Low Degree Rule(s)
• LP, Crown Reductions – kernel of linear size, and extreme density – the “hard part” of the problem instance
18UT-ORNL 15 March 2005 CSIIR Workshop
Branching
• Let’s stay with Clique and Vertex Cover
• Bounded tree search
• Depth at most k
• With this technique, we can now solve vertex cover in O(1.28k+n) time
• Easily parallelizable
• No processor sees another’s work, nor the original graph
19UT-ORNL 15 March 2005 CSIIR Workshop
. . . . . .
Untrusted intermediaries cannot deduce data
Datadecomposition
Nor can they spoof answers
Answer check (NP certificate)
.
Branching as A Form of
Cyber Security
20UT-ORNL 15 March 2005 CSIIR Workshop
Overall Appeal
• Verifiability– easy to check answers: a faulty or malicious
processor cannot invalidate or subvert computations
21UT-ORNL 15 March 2005 CSIIR Workshop
Overall Appeal
• Verifiability– easy to check answers: a faulty or malicious
processor cannot invalidate or subvert computations
• Security– damage from intrusion contained: strong concealment
of the total problem is a natural part of this method
22UT-ORNL 15 March 2005 CSIIR Workshop
Overall Appeal
• Verifiability– easy to check answers: a faulty or malicious
processor cannot invalidate or subvert computations
• Security– damage from intrusion contained: strong concealment
of the total problem is a natural part of this method
• Scalability– branching translates into partitioning: no a priori
bounds on the degree of parallelism
23UT-ORNL 15 March 2005 CSIIR Workshop
Overall Appeal
• Verifiability– easy to check answers: a faulty or malicious
processor cannot invalidate or subvert computations • Security
– damage from intrusion contained: strong concealment of the total problem is a natural part of this method
• Scalability– branching translates into partitioning: no a priori
bounds on the degree of parallelism• Robustness
– subtrees are compartmentalized: processes can be reassigned at will
24UT-ORNL 15 March 2005 CSIIR Workshop
Research Thrusts
• Range of amenable problems? – FPT– non FPT
• Ubiquity of untrustworthy processors?– grid computing – unbrokered resource sharing
• Relationship to traditional forms of security?– internet-style lightweight security– no heavyweight authentication needed