Eric Grosse, CSME Workshop, 24-25 March 2003 adventures in CSME at Bell Labs • Scientific Computing Research Department • Secure Networking Research Department encouraging freedom and diversity while funding CSME • freedom to use any size or style of computing • diversity of platforms • diversity of background • • ambassadors how people succeed or not ehg@lucent.com adventures in CSME at Bell Labs • • netlib semiconductor device and circuit simulation using domain decomposition, distributed computing • moving least squares, splines, level-aligned • visualization and sonification • non-obtuse, no-small-angle triangulation • non-destructive testing, floating point, S-C, … with physicists, statisticians, theoreticians, manufacturing engineers, businessfolk ehg@lucent.com Secure Networking Research Department • • • • • • • • • breaking old crypto (PKCS#1, DSA) inventing new crypto (PAK) protocol techniques (composability, timed release) biometrics (voice authentication, secured models) crypto libraries, finding subtle security holes integration of 802.11 and 3G AAA secure systems (Venti, Viaduct, …) firewalls, honeypots network mapping -------indestructible networks and systems … ehg@lucent.com Security in the Plan 9 operating system, 4th ed. • Goal: system strong enough to live outside firewall • A secure place to keep your keys. • A trusted agent to handle them. • A clean way to separate security code from kernels, applications, etc. – – – easy to understand the model easy to use easy to change keys, protocols, implementation • More secure and easier to use. http://cm.bell-labs.com/plan9 USENIX Security, Aug’02; media attention after winning Best Paper continuing work with Russ Cox, Dave Presotto ehg@lucent.com keeping good features of Plan 9 AAA: authentication, authorization, auditing • everything is a file – Unix chmod, plus: append-only, exclusive-use, group, last-modifier • logfile is a-rw-rw-rw• mailbox is alrw--w--w• [rsc] --rw-rw-r-- rob sys 18624 Nov 11 12:04 /sys/include/libc.h • presented to kernel, library, remote systems by 9P2000 file protocol – get distributed computing, VPNs as natural consequence • private process-group namespaces – allows sandboxing • unmount(“/net”) Los Alamos port to native Linux; MIT and BL port to BSD; BL attempting port to Windows, as far as we can. ehg@lucent.com Factotum/SecureStore architecture • factotum, authentication agent acting for user or system holds keys, performs cryptographic operations speaks SSL, SSH, APOP, VNC, ...; proxied by application key (proto=apop dom=lucent.com user=ehg !password=x confirm=yes) • long-term storage of keys in secstore in the network loaded into factotum via Encrypted Key Exchange π gx H(π) mod p PAK H(π), keys gy mod p Z= (gy)x mod ehg@lucent.com p Z= (gx)y mod p advantages of factotum • user only has to remember one password – others are automatic and can be high-entropy random strings – PAK comes with a proof, so less chance of nasty surprise later • file on SecureStore is saved in AES CBC format – so even the sysadmin has to work hard to read your secrets – in contrast with Microsoft Passport or Liberty Alliance • other systems don’t know you’re using factotum – incremental deployment – no need to ask anybody for permission or trust ehg@lucent.com netlib • innovations don’t last forever – in Feb 1984, state of the art was mailing mag tape – through first year or two of Web, central distribution (evolving by email, ftp, http, …) was a win – now, it’s easy for everybody to publish locally • for a while, editorial effort of collection was worthwhile – but eventually hotlists created a diverse, tailored alternative – still, many people like the netlib collection • for a while, searching was still a reason to stay centralized – AltaVista wasn’t enough, but Google is • maybe even now, Historic Netlib is an advantage – an early netlib motivation was loss of Underwood’s thesis code – Internet Archive or Historic Google will solve this eventually local demonstration… ack: Jack Dongarra and NSF ehg@lucent.com promoting freedom and diversity in CSME • take as given: – – – – • research directions based on deep technical understanding resources suitable for tackling grand challenges programs like ITR and SciDAC that promote cross-disciplinary teams appreciation for theory, algorithms, software, data, evaluation deltas: – freedom to use any size or style of computing – diversity of platforms, to promote software reuse – diversity of background – ambassadors – how people succeed or not Pardon my naiveté; I’m from a historically unfunded lab. ehg@lucent.com freedom to use any size or style of computing • Which grid to use? ehg@lucent.com It depends on the technology. computational equivalent of co-generation • novel sources of cycles – network processors, graphics processors • suited to early data processing, as in real-time collection • needs team of algorithm experts and software specialists – trustworthy sandboxing, portable namespaces • stability considerations as the grid changes – I-BGP oscillations • • • • I-BGP mostly works fine, but has subtle instabilities problems masquerade as network configuration mistakes temptation to use quick-fix engineering patch careful theoretical analysis gives sounder base for the future ehg@lucent.com definition of a distributed system In a distributed system, the failure of a computer you didn't even know existed can render your own computer unusable. Leslie Lamport build in robustness against • • • • loss of nodes and links unexpected input malicious input human error apply capacity for clever redundancy, not just large feature sets ehg@lucent.com electricity is fungible, computing is not • The computing debate too often focuses on the size and interconnect of CPUs. This misses a key point of networking. • a personal journey, but not atypical – 70’s • at SDRC in Ohio, calculating on CDC6500 at US Steel • at Stanford, calculating in Macsyma at MIT – 80’s • calculating on supercomputer, shared across many organizations • switched to cluster computing, driven by social factors – 90’s • calculating on laptops, driven by customers’ wishes – 00’s • building systems on hardware/software platforms far away • So CISE properly features remote access to unique data, experimental apparatus, communities of experts. ehg@lucent.com diversity of platforms to encourage software reuse • • standing on the shoulders of giants portable code comes not from good intentions but constant practice – supply build environments to wide community – encourage transformation tool builders to link with other grantees • we need incentives to use others’ work – human nature to build on one’s own work – consider evidence of reuse when evaluating novelty of proposals – ask about past history of effective reuse • don’t use stupid metrics – web page hits and downloads are almost meaningless – requests for help and bug reports are better – notice whose software is being cited in “past history of reuse” ehg@lucent.com diversity of background • Looking back over multi-disciplinary projects at Bell Labs, disproportionate success when led by women and minorities. CSME is a natural for those who’ve learned to bridge differing backgrounds. • Why so few GRPW/CRFP fellowship applications in computational science and engineering? Please encourage them! today’s NA-Digest: MIT School of Engineering position in Computational Engineering CRA Taulbee survey 35/847 = 4% of CS PhD in scientific computing ehg@lucent.com collecting cautionary examples • • • another, less benign, kind of diversity of background in CSME: people with less numerical and statistical experience can lead to simplistic simulation attempts as a discipline, we need to be collecting cautionary examples – test collections today often are designed for experts – to compare performance of algorithms on typical problems – need to also stress convergence criteria, violated assumptions ehg@lucent.com ambassadors • anecdote from approximation theory – Franke compared bivariate scattered-data interpolation methods – a winner was Hardy’s multiquadric from geophysics – beginning of flowering of research in radial basis functions • anecdote from electronic circuit simulation – splines replaced low-order tables – reduced order modeling, Pade via Lanczos – vicissitudes of business: fewer numerical people in field, and stories of missing the connections • proposal: fund senior person to reach out to other field – – – – somewhat like distinguished lecturer programs administered by professional societies judge by surprising connections uncovered and theorems applied supplement to traditional multidisciplinary teams ehg@lucent.com how people succeed or not • • projects at Bell Labs have long been cross-discipline who succeeds? – – – – • broad, knowledgeable, fearless individuals people driven to see their tools in use by others people with enough professional success to willingly share credit supported by managers who appreciate the costs and by second level managers who also can share credit software architects – crucial; seeing simulation projects founder without architect – Do we give architects a good career path? ehg@lucent.com action items • remember to promote freedom and diversity • nominate ambassadors • reward re-use • collect cautionary examples • find a career path for software architects ehg@lucent.com