1UT-ORNL 15 March 2005 CSIIR Workshop

Trusted Computing Amidst Untrustworthy Intermediaries

Mike Langston

Department of Computer ScienceUniversity of Tennessee

currently on leave to

Computer Science and Mathematics DivisionOak Ridge National Laboratory

USA

2UT-ORNL 15 March 2005 CSIIR Workshop

Overview

Programs

Data

Highly Parallel

Scalable Network

Variable Topology

Internet Like

But Untrusted!

3UT-ORNL 15 March 2005 CSIIR Workshop

Possible Solutions

• Accept faulty results. Uh, no thanks.

• Authenticate/verify by central authority. Unrealistic, does not scale.

• Exploit complexity and checkability. Problems in NP can be hard to solve -- but they are

always easy to check! No need for centralized control, ownership, or verification.

4UT-ORNL 15 March 2005 CSIIR Workshop

A Little Complexity Theory

The Classic View:

P NP PSPACEΣ 2

P… …

“easy”

5UT-ORNL 15 March 2005 CSIIR Workshop

A Little Complexity Theory

• The Classic View:

P NP PSPACEΣ 2

P… …

“easy”

“hard”

NP-complete

6UT-ORNL 15 March 2005 CSIIR Workshop

A Little Complexity Theory

• The Classic View:

P NP PSPACEΣ 2

P… …

“easy”

“hard”

“fuggettaboutit”

7UT-ORNL 15 March 2005 CSIIR Workshop

Parameter Sensitivity: Instance(n,k)

• Suppose our problem is, say, NP-complete.

• Consider an algorithm with a time bound such as O(2k+n).

• And now one with a time bound more like O(2k+n).

8UT-ORNL 15 March 2005 CSIIR Workshop

Parameter Sensitivity: Instance(n,k)

• Suppose our problem is, say, NP-complete.

• Consider an algorithm with a time bound such as O(2k+n).

• And now one with a time bound more like O(2k+n).

• Both are exponential in parameter value(s).

9UT-ORNL 15 March 2005 CSIIR Workshop

Parameter Sensitivity: Instance(n,k)

• Suppose our problem is, say, NP-complete.

• Consider an algorithm with a time bound such as O(2k+n).

• And now one with a time bound more like O(2k+n).

• Both are exponential in parameter value(s).

• But what happens when k is fixed?

10UT-ORNL 15 March 2005 CSIIR Workshop

Parameter Sensitivity: Instance(n,k)

• Suppose our problem is, say, NP-complete.• Consider an algorithm with a time bound

such as O(2k+n).• And now one with a time bound more like

O(2k+n).• Both are exponential in parameter value(s).• But what happens when k is fixed?• Fixed Parameter Tractability: confines

superpolynomial behavior to the parameter.

11UT-ORNL 15 March 2005 CSIIR Workshop

Complexity Theory, Revised

Hence, the Parameterized View:

FPT … …W[1] W[2] XP

“solvable (even if

NP-complete)”

12UT-ORNL 15 March 2005 CSIIR Workshop

Complexity Theory, Revised

The Parameterized View:

FPT … …W[1] W[2] XP

“solvable (even if NP-hard!)”

“heuristics only”

13UT-ORNL 15 March 2005 CSIIR Workshop

Complexity Theory, Revised

The Parameterized View:

FPT … …W[1] W[2] XP

“solvable (even if NP-hard!)”

“heuristics only”

“I said fuggettaboutit!”

14UT-ORNL 15 March 2005 CSIIR Workshop

Target Problems

• Not membership in P (assuming P≠NP) hard to compute

15UT-ORNL 15 March 2005 CSIIR Workshop

Target Problems

• Not membership in P (assuming P≠NP) hard to compute

• Membership in NP easy to check

16UT-ORNL 15 March 2005 CSIIR Workshop

Target Problems

NP-complete FPT

• Not membership in P (assuming P≠NP) hard to compute

• Membership in NP easy to check

• Fixed Parameter Tractable use kernelization and branching

17UT-ORNL 15 March 2005 CSIIR Workshop

Kernelization

• Consider Clique and Vertex Cover

• High Degree Rule(s)

• Low Degree Rule(s)

• LP, Crown Reductions – kernel of linear size, and extreme density – the “hard part” of the problem instance

18UT-ORNL 15 March 2005 CSIIR Workshop

Branching

• Let’s stay with Clique and Vertex Cover

• Bounded tree search

• Depth at most k

• With this technique, we can now solve vertex cover in O(1.28k+n) time

• Easily parallelizable

• No processor sees another’s work, nor the original graph

19UT-ORNL 15 March 2005 CSIIR Workshop

. . . . . .

Untrusted intermediaries cannot deduce data

Datadecomposition

Nor can they spoof answers

Answer check (NP certificate)

.

Branching as A Form of

Cyber Security

20UT-ORNL 15 March 2005 CSIIR Workshop

Overall Appeal

• Verifiability– easy to check answers: a faulty or malicious

processor cannot invalidate or subvert computations

21UT-ORNL 15 March 2005 CSIIR Workshop

Overall Appeal

• Verifiability– easy to check answers: a faulty or malicious

processor cannot invalidate or subvert computations

• Security– damage from intrusion contained: strong concealment

of the total problem is a natural part of this method

22UT-ORNL 15 March 2005 CSIIR Workshop

Overall Appeal

• Verifiability– easy to check answers: a faulty or malicious

processor cannot invalidate or subvert computations

• Security– damage from intrusion contained: strong concealment

of the total problem is a natural part of this method

• Scalability– branching translates into partitioning: no a priori

bounds on the degree of parallelism

23UT-ORNL 15 March 2005 CSIIR Workshop

Overall Appeal

• Verifiability– easy to check answers: a faulty or malicious

processor cannot invalidate or subvert computations • Security

– damage from intrusion contained: strong concealment of the total problem is a natural part of this method

• Scalability– branching translates into partitioning: no a priori

bounds on the degree of parallelism• Robustness

– subtrees are compartmentalized: processes can be reassigned at will

24UT-ORNL 15 March 2005 CSIIR Workshop

Research Thrusts

• Range of amenable problems? – FPT– non FPT

• Ubiquity of untrustworthy processors?– grid computing – unbrokered resource sharing

• Relationship to traditional forms of security?– internet-style lightweight security– no heavyweight authentication needed