addressing the trust asymmetry problem in grid computing with encrypted computation peter a. dinda...
TRANSCRIPT
Addressing the Trust AsymmetryProblem In Grid Computing with
Encrypted Computation
Peter A. DindaPrescience Lab
Department of Computer Science
Northwestern University
http://plab.cs.northwestern.edu
2
Takeaway
• Trust asymmetry is a core, unresolved problem in scalable computing
• Encrypted computation is the right approach
• This community is the right one to solve this problem
3
Outline
• Trust asymmetry problem
• Critique of approaches
• Encrypted computation scheme– Boolean circuits– Basic blocks– Control flow
• Discussion
4
Trust Asymmetry
Input
Program
5
Trust Asymmetry
Input
Program
Secure Channel
6
Trust Asymmetry
Input
Program
Secure Channel
Output
7
Trust Asymmetry
Input
Program
Secure Channel
OutputOutput
8
Trust Asymmetry
Input
Program
Secure Channel
OutputOutput
Protected Execution Environment
9
Trust Asymmetry
Input
Program
Secure Channel
OutputOutput
Protected Execution Environment
10
Trust Asymmetry
• Provider need not trust user at all
• User must trust provider completely
11
Consequences
• Scaling limited to machines user trusts
• Very large scale domain limited to low stakes applications
• SETI@HOME, DESCHALL, etc.
• High stakes applications have limited provider pool
• IBM, Sun, other vendors willing to do indemnification
• Economic inefficiency
12
Approaches
• Trust chains
• Attestation
• Obfuscation
• Encrypted computation
13
Trust Chains
• No direct protection of input, code, or output
• I trust X to do A because Y, who I trust, says I can– Chains of such trust assertions– Digital certificates– Example: SSL Certificates on the web– Example: Grid Certificates [Globus]
14
Problems
• Human in the loop…– Slow
• Or human has to write policy– Easy to get wrong
• Trust chains are complex to understand and evaluate against policy– Area of current research!
• Revocation
15
Attestation
• Certificate chain rooted in trusted hardware attests to software stack of machine [Terra, Paladium]
• Run only if you trust the software stack
16
Problems
• How do you know a software stack is OK?– Human in the loop…– Or writing policy
• What happens when stack changes?– Patches– “Semantic attestation”
17
Obfuscation
• Use compiler optimization technology to make code confusing [Collberg]
18
Problems
• No protection of input or output
• No proofs of difficulty of subversion
19
Encrypted Computation
• Apply techniques invented for encrypted communication
• Algorithm-specific techniques [Sander,Song]
• General purpose techniques– Typically focuses on Boolean circuit
20
General Purpose Encrypted Computation
• Seminal work: Abadi&Feigenbaum– Secure evaluation of Boolean circuit– “Interactive”
• More recently: Non-interactive– Sander and Tschudin: polynomials– Loureiro: Boolean circuits
21
Desirable Properties
• Protect inputs, outputs, and algorithm
• No trust needed at all
• Detect lies
• Analogy with communication– We don’t have to trust an Internet path– Trust is limited to endpoints
22
Problems
• Very abstract and theoretical– No implementations
• Unclear performance issues
• These are things the compiler community can help with
23
Our Simple MethodFor Boolean
Circuits
X
f
Secure Channel
Y
Protected Execution Environment
24
Our Simple Method For Boolean Circuits
X
f
Y
E DOne-time pads
f’E DX’ Y’
Remote Execution
25
Example: Y = fXx1x2
x3
y1
y2
X1 X2 X3 Y1 Y2
0 0 0 0 0
0 0 1 1 0
0 1 0 0 1
0 1 1 1 0
1 0 0 1 0
1 0 1 1 1
1 1 0 0 1
1 1 1 0 1
26
One-time Pad Refresher
• One of the oldest, but most secure encryption systems
• Have random bit sequence E
• Encrypt bit sequence X using X’ = X xor E
• Decrypt by X = X’ xor E
27
XOR as Multiplexor
x
e
e
x
28
Procedure
• Choose pads E and D
• Example– E = 1,0,1– D = 1,0
• Where bit is 1, double-invert
f’=DfE
fX
X’ Y’
Y
E E D D
f’=DfE
fX
X’ Y’
Y
E E D D
29
x1x2
x3y1
y2
f’=DfEX X’ Y’
E E D D
Y
Y=DDfEEX
30
Procedure
• Now “flatten” f’ back into sum of products and re-optimize
31
x1’x2’
x3’y1’
y2’
X1’ X2’ X3’ Y1’ Y2’
0 0 0 0 1
0 0 1 0 0
0 1 0 1 0
0 1 1 1 1
1 0 0 0 0
1 0 1 1 0
1 1 0 0 0
1 1 1 1 1
f’=DfE
32
x1x2
x3
y1
y2
X1 X2 X3 Y1 Y2
0 0 0 0 0
0 0 1 1 0
0 1 0 0 1
0 1 1 1 0
1 0 0 1 0
1 0 1 1 1
1 1 0 0 1
1 1 1 0 1
f
33
Concerns
• Currently no proof of difficulty to subvert
• Circuit growth limit?
• Will an automatic optimizer simply find the original configuration?
• Detecting lies– Embedded test circuit with known behavior
“mixed” into circuit
• How much reuse can we have?
34
Basic Blocks
• Obvious analog on data flow graph does not work
• Must convert data flow graph into Boolean circuit, apply technique, and then generate new basic block from the circuit
35
Control Flow
• Generate Mealy or Moore machine
• Apply technique to combinational element
• Generate new code
36
Concerns
• Code generation could “find” that the transparent implementation is best
• Efficient code generation from Boolean circuit
• Code size blowup
• Performance loss– Will determine in which regimes this is
practical
37
Current Status
• Proving how difficult it is to “unfold” the collapsed circuit
• Working toward proof-of-concept implementation as binary-to-binary translator for .NET CLR
38
Takeaway
• Trust asymmetry is a core, unresolved problem in scalable computing
• Encrypted computation is the right approach
• This community is the right one to solve this problem
Demonstrated straightforward scheme
39
For MoreInformation
• Prescience Lab– http://plab.cs.northwestern.edu
• Virtuoso– http://virtuoso.cs.northwestern.edu
• Join our user comfort study!– http://comfort.cs.northwestern.edu