Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

A Distributed Framework for Perpetually

advertisement 
PASIS: Perpetually Available and
Secure Information Systems
Pradeep K. Khosla (pkk@cs.cmu.edu)
Han Kiliccote (kiliccote@cmu.edu)
Institute for Complex Engineered Systems
College of Engineering/School of Computer Science
Carnegie Mellon University
Pittsburgh, PA 15213
Institute for Complex
Engineered Systems
Objectives
Create a Distributed Information system that is
 Perpetually Available
 Access to Information and Services should always be
available even when some system components are attacked,
down, or unavailable
 Secure
 Information should be secure even when some system
components are compromised
 Computation must be Secure
 Easy to Deploy
 Provide toolkits and languages to easily develop or convert
legacy systems to intruder resistant systems
Institute for Complex
Engineered Systems
Existing Practice
Client-Server Architectures with Replicas
 Reliability and Robustness
 servers are attacked
whole system is down
 servers are subject to denial of service attacks
 Security
 all data and reasoning are in the servers
 each server is a single point of failure
 Scalability and Performance
 servers are the bottleneck
Institute for Complex
Engineered Systems
Approach - Overview
Pasis
Agent
Interprocess
Communication
Pasis
Agent
Pasis
Application
Pasis
Application
Pasis
Agent
Pasis
Application
Pasis
Agent
WAN
Pasis
Storage
Unit
Institute for Complex
Engineered Systems
Pasis
Application
Pasis
Application
 Virtual Server
 Data and reasoning
capabilities are not
located in a single
physical agent
 No single point of failure
 Applications perceive
other PASIS-agents as
part of a monolithic
server
 Data and meta-data are
decimated and dispersed
Pasis - Technologies
 Decimate Information
 Divide the information into small chunks (puzzlepieces)
 Distribute the chunks to a large number of PASISenabled computers
 Resilient against denial of service attacks
Institute for Complex
Engineered Systems
Information Dispersal
 Disperse information
 Distribute the data to n computers so that m of them can
reconstruct the data but p cannot (p  m  n)
•Agent 1: a1, b1
•Agent 2: a2, b2
•Agent 3: a3, b3
v
Simplified Blackley Algorithm
Institute for Complex
Engineered Systems
Information Dispersal
Scheme
Security
Storage
blowup
(m=15 n=60)
Examples
Notes
Secret
Sharing
Full
n
(60)
Slow
IDA
Incremental
n/m
(4)
Shamir,
Blackley,
Asmuth &
Blum,…
Rabin,
Kiliccote,
…
Ramp
schemes
Full
np/m
(8) if p = 2
Kothari
Slower
n/m + 
(4 + )
Krawczyk
Fast
Short
ComputaSecret
tional
Sharing
Institute for Complex
Engineered Systems
Fastest
Preliminary Results
 Comparison of Pasis
with current
information systems




1000 Computers
109 info items
15 out of 60 scheme
100 read operations
per second
 Each info item is 1K
bytes
Institute for Complex
Engineered Systems
Pasis
1 server
10 servers
Security
To access all information
955
1
1
To access a specific information
Ratio of information revealed if
successful
15
10-7 %
1
100%
1
100%
0
2 10-9%
0.12%
100%
100%
100%
100%
100%
100%
30 computers
0
.03
.11 10-15
46 computers
.51 10-55
.046
.12 10-13
100 computers
.12 10-26
.1
.66 10-10
200 computers
.54 10-13
.2
.85 10-7
.1 10-3% of all records
448
1
10
.1 % of all records
554
1
10
1 % of all records
602
1
10
Storage requirement (bytes)
4 1012
1012
10 1012
Number of messages per read
15
1
3-5
Number of messages per agent
1500
100000
10000
Number of messages per write
60
1
10
Number of messages per agent
6000
100000
100000
Ratio of information revealed
10 computers
30 computers
100 computers
Reliability P(losing one record)
Robustness # of failures to lose
Performance
Preliminary Results
 Information Dispersal
 Comparison between receiving a message from a single
machine versus multiple machines on Internet
4
3.5
3
2.5
2
1.5
1
0.5
0
500B
Institute for Complex
Engineered Systems
2KB
20KB
100KB
K= 1
K= 2
K= 3
K= 4
K= 5
K= 6
K= 7
K= 8
K= 9
K = 10
Preliminary Results
 There is no need to guarantee reliable communication between
the agents
 Performance comparison between UDP vs TCP/IP
2.5
2
1.5
TCP/IP
UDP
1
0.5
0
50B
Institute for Complex
Engineered Systems
500B
5KB
50KB 500KB
Information Dispersal
 Issues






Automatic selection of dispersal scheme
Share renewal
Share revocation
Share addition
Uneven share sizes
Limited Cheater/Intruder detection
Institute for Complex
Engineered Systems
Pasis - Technologies
 Fully distributed directory services - New Model for
managing Distributed Network of Information agents
 Classical replicated server model is not robust, e.g., whole
Internet can be severely disabled by only eliminating 11 root
domain servers
 Solution “small-world” virtual network
F
A
E
B
D
C
Institute for Complex
Engineered Systems
Small World Virtual Network
 Fully distributed Directory Services for use with
Internet or Wireless Ad-hoc networks
 Based on Cayley graphs
 Excellent degree/diameter/size
 Optimally fault-tolerant
Institute for Complex
Engineered Systems
Preliminary results
 Cayley Graphs





Based on Faber-Moore graphs
Each agent “knows about” 1000 other agents (neighbors)
In 1 hop ~106 agents can be reached
In 2 hops ~109 agents can be reached
Excellent resiliency against attacks
 1000 agents have to be attacked to partition another agent
 >99% of the agents have to be attacked to partition 0.1% of the
agents
 Packets can be denied at the hardware level to drop
communication from non-neighbors
 Directed graphs (direct communication not allowed)
Institute for Complex
Engineered Systems
Pasis - Infrastructure
 Class libraries and extensions for converting existing
programs to Pasis programs
 Common Corba services will be ported to PASIS (e.g.
persistence directory service, locking,….. )
 Extensions for C++ for distributed and parallel STL
(Standard Template Library)
 C++ based on ODMG standard
 Java based API for interfacing with PASIS
class Person
{
int age;
}
Institute for Complex
Engineered Systems
class Person : DispObj
{
dint age;
}
Pasis - C++ extension
 Class libraries for C++ and Extended STL (Standard Template
Library)
 A syntactic procedure to convert existing applications
 use “dint”, “dchar”, “dfloat” rather than “int”, “char” and “float”.
 use “P<A> a = foo()” rather than “P* a = foo()”
 derive all the classes from “DispObject”
Instance
Instance
Instance
Instance
Instance
Institute for Complex
Engineered Systems
Instance
A universally unique id (UUID)
Authorization data
Authorization function
Member data
Member functions
Pointers to other instances
Access Control
 Multiversioning,
dependency based
concurrency and
access control
protocol
 locking based
algorithms are not
appropriate for large
number of servers
 intruder detection
 recovery from attacks
Institute for Complex
Engineered Systems
W(A)
Agent 1
Agent 2
Agent 1
commits or
rollbacks
R(A)
Agent 2 is blocked
Agent 2 resumes
Agent 1
commits or
rollbacks.
Changes are
updated
W(A)
Agent 1
Agent 2
Ai
R(A)
Agent 2 is not
blocked
?
Ai+1
Preliminary Results
 Dependency Based Concurrency Control (Very early
Simulation)
3000
100 Elements
50 Transactions
10 elements per
transaction
2500
Messages
2000
1500
1000
500
0
0
1
2
3
4
5
6
7
Number of Data Items Updated
Read-locking
Institute for Complex
Engineered Systems
Reed's
Pasis
8
9
10
Secure Computation
 Secure computation
 Execute an algorithm in a distributed manner such that the
System “knows” the inputs and outputs but no single physical
agent does
 Constant round computation is possible
 Create a secure processor
Institute for Complex
Engineered Systems
A
+
B
=
C
A1
+
B1
=
C1
A2
+
B2
=
C2
Demonstrations
Local
Machine
 Secure and reliable
ftp server
 Guarantees security
and perpetual
availability of
regular files
 No more file “server
unreachable” or
“down” errors
 Works with popular
applications
Institute for Complex
Engineered Systems
Pasis
Ftp
proxy
Pasis
Agent
Network
Pasis
Agent
Pasis
Agent
Pasis
Agent
Demonstrations (cont.)
 Secure and Reliable Ftp Server
 Regular applications (such as Microsoft Word) use the ftp
protocol to contact the ftp proxy (a Pasis application)
 Ftp proxy divides the information into smaller chunks and
sends them to the Pasis Agent through interprocess
communication
 Pasis Agent disperses the information using n/m threshold
scheme to other agents using Pasis Network Protocol
(TCP/IP with probabilistic extensions)
 The multiversioning database in each Pasis Agent stores the
information while guaranteeing concurrency
Institute for Complex
Engineered Systems
Demonstrations
 The Pasis File System
 A File System based on
commercial systems (NT, Unix,
etc) that guarantees security and
perpetual availability of
information
 Files are decimated and
dispersed to all PASIS enabled
computers
 No central authority
 No single point of failure
 Implementation on NT, Unix and
other OS’
Institute for Complex
Engineered Systems
Metrics
 Information dispersal
 Model and compare performance against existing distributed file
systems and databases
 Model and simulate the performance against random attacks in
large systems (10 - 1Million machines)
 Test the performance against random attacks in a small system
(10-100 machines)
 Access Control
 Model and compare the performance under attacks with existing
protocols
 Pasis Infrastructure
 How well Pasis adheres to existing standards
 How many man/month is required to convert existing legacy
systems into Pasis
Institute for Complex
Engineered Systems
Expected Accomplishments
 Embedded Distributed Security and Replication
Mechanisms
 perpetual availability and security of information systems
 secure computation to eliminate malicious users
 Distributed Multiversioning Dependency-based
Access Control
 Automatic recovery when intruders are detected
 An infrastructure to create intruder tolerant systems
 Extensions to existing languages to automatically create new
or convert existing applications to intruder resilient system
 Demonstration of an Intrusion Tolerant System
Institute for Complex
Engineered Systems
Task Schedule
 Embedded distributed security and replication mechanisms
 Pasis Architecture (Month 18)
 Automatic selection of threshold schemes (Month 22)
 PASIS infrastructure
 Extensions to C++ (Month 12)
 Extensions to Java. (Month 18)
 Access Control
 Distributed multiversioning dependency-based access control
protocol (Month 30)
 Fraudulent Usage Detection and Recovery mechanisms. (Month 32)
Institute for Complex
Engineered Systems
Schedule
Month 1- 12
Month 12-24
Month 25-36
Time
Tasks
T1. Distributed Security
and Replication
T1.1 PASIS architecture
T1.2 Threshold scheme selection
T2. The PASIS
Infrastructure
T2.1 Extensions to C++
T2.2 Extensions to Java
T2.3 PASIS tools
T3. Dependency Based
Access Control
T2.2 Multiversioning database
T2.3 Detection and Recovery
T4. Integration,
demonstration, evaluation,
and documentation
T3.1 Integration
T3.2 Demonstration & evaluation
T3.3 Documentation
Milestones
Demonstrations
Institute for Complex
Engineered Systems
Milestone M1
Milestone M2
Milestone M3
Demonstration D1
Demonstration D2
Demonstration D3
Pasis: Summary
 A new paradigm in Distributed Agent-based
Systems that
 Combines advantages of Centralized and Distributed
Architectures
 Provides Scalability through the idea of Virtual Server and
Virtual Client
 Provides Novel Security Mechanisms through Information
Dispersal
 Provides Reliability through innovative Information
Replication Mechanisms
Institute for Complex
Engineered Systems
Institute for Complex
Engineered Systems
Shamir’s dispersal scheme
 Select a polynomial of degree
m - 1 with m - 1 random
coefficients
 The secret s is the free
coefficient
 cm-1xm-1 + … + c1x + s
 For each agent evaluate the
polynomial using the unique id
of each agent
 s1 = cm-1a1m-1 + … + c1a1 + s
 ….
 sn = cm-1anm-1 + … + c1an + s
Institute for Complex
Engineered Systems
a1
a2
a3
Addition of two integers
Demonstrations (cont.)
 Secure calculator
 Secure addition, subtraction
and multiplication
 Resilient against failures
 Resilient against malicious
users
Institute for Complex
Engineered Systems
Demonstrations (cont.)
 Secure
reasoning
Institute for Complex
Engineered Systems
Secure Reasoning
 Use dispersed integers 1 and 0 to represent Boolean
true and false
 AND(x, y) = x * y
 OR(x, y) = x + y - x * y
 NOT(x) = 1 - x
 Using AND, OR, and NOT, create the other
operations
 sbit
 sint
 sdouble
Institute for Complex
Engineered Systems
dispersed interger
array of sbit[32]
struct { sint mantissa; sint exponent }
Demonstrations (cont.)
 Agent manager
 Monitors manager
Pasis as a whole




Agents
Appliances
Programs
Users
 Performs security
checks distributedly
Institute for Complex
Engineered Systems
What’s cooking (Cont.)
 Distributed GIS
system for
navigating in a
partially known
terrain
 40000 information
agents
 route selection
 shortest path
algorithms
Institute for Complex
Engineered Systems
What’s cooking (cont.)
 Information System Development Toolkit
 Easy development of large communities of
software agents
 Automatic management of information and
computation agents
Institute for Complex
Engineered Systems
Related documents
Speaker: Hagan Bayley (University of Oxford)
Speaker: Hagan Bayley (University of Oxford)
human cloning designer babies eugenics
human cloning designer babies eugenics
Abstract - Daisuke Minakata Ph.D.
Abstract - Daisuke Minakata Ph.D.
Western ENGINEERED CONTAINMENT ltd.
Western ENGINEERED CONTAINMENT ltd.
eApply Documents Required for Upload
eApply Documents Required for Upload
Highly Multiplexed, Quantitative Single Cell Proteomics for
Highly Multiplexed, Quantitative Single Cell Proteomics for
SafetySecure - Simpson Security Papers
SafetySecure - Simpson Security Papers
A Simple Sales Process - Sales Performance Consultants
A Simple Sales Process - Sales Performance Consultants
Download
advertisement