Eric Grosse, CSME Workshop, 24-25 March 2003
adventures in CSME at Bell Labs
• Scientific Computing Research Department
• Secure Networking Research Department
encouraging freedom and diversity while funding CSME
• freedom to use any size or style of computing
• diversity of platforms
• diversity of background
•
•
ambassadors
how people succeed or not
ehg@lucent.com
adventures in CSME at Bell Labs
•
•
netlib
semiconductor device and circuit simulation
using domain decomposition, distributed computing
• moving least squares, splines, level-aligned
• visualization and sonification
• non-obtuse, no-small-angle triangulation
• non-destructive testing, floating point, S-C, …
with physicists, statisticians, theoreticians,
manufacturing engineers, businessfolk
ehg@lucent.com
Secure Networking Research Department
•
•
•
•
•
•
•
•
•
breaking old crypto (PKCS#1, DSA)
inventing new crypto (PAK)
protocol techniques (composability, timed release)
biometrics (voice authentication, secured models)
crypto libraries, finding subtle security holes
integration of 802.11 and 3G AAA
secure systems (Venti, Viaduct, …)
firewalls, honeypots
network mapping
-------indestructible networks and systems
…
ehg@lucent.com
Security in the Plan 9 operating system, 4th ed.
• Goal: system strong enough to live outside firewall
• A secure place to keep your keys.
• A trusted agent to handle them.
• A clean way to separate security code from kernels, applications, etc.
–
–
–
easy to understand the model
easy to use
easy to change keys, protocols, implementation
• More secure and easier to use.
http://cm.bell-labs.com/plan9
USENIX Security, Aug’02; media attention after winning Best Paper
continuing work with Russ Cox, Dave Presotto
ehg@lucent.com
keeping good features of Plan 9
AAA: authentication, authorization, auditing
•
everything is a file
– Unix chmod, plus: append-only, exclusive-use, group, last-modifier
• logfile is a-rw-rw-rw• mailbox is alrw--w--w• [rsc] --rw-rw-r-- rob sys 18624 Nov 11 12:04 /sys/include/libc.h
•
presented to kernel, library, remote systems by 9P2000 file protocol
– get distributed computing, VPNs as natural consequence
•
private process-group namespaces
– allows sandboxing
•
unmount(“/net”)
Los Alamos port to native Linux; MIT and BL port to BSD;
BL attempting port to Windows, as far as we can.
ehg@lucent.com
Factotum/SecureStore architecture
• factotum, authentication agent acting for user or system
 holds keys, performs cryptographic operations
 speaks SSL, SSH, APOP, VNC, ...; proxied by application
 key (proto=apop dom=lucent.com user=ehg !password=x confirm=yes)
• long-term storage of keys in secstore in the network
 loaded into factotum via Encrypted Key Exchange
π
gx H(π) mod p
PAK
H(π), keys
gy mod p
Z=
(gy)x mod
ehg@lucent.com
p
Z= (gx)y mod p
advantages of factotum
•
user only has to remember one password
– others are automatic and can be high-entropy random strings
– PAK comes with a proof, so less chance of nasty surprise later
•
file on SecureStore is saved in AES CBC format
– so even the sysadmin has to work hard to read your secrets
– in contrast with Microsoft Passport or Liberty Alliance
•
other systems don’t know you’re using factotum
– incremental deployment
– no need to ask anybody for permission or trust
ehg@lucent.com
netlib
•
innovations don’t last forever
– in Feb 1984, state of the art was mailing mag tape
– through first year or two of Web,
central distribution (evolving by email, ftp, http, …) was a win
– now, it’s easy for everybody to publish locally
•
for a while, editorial effort of collection was worthwhile
– but eventually hotlists created a diverse, tailored alternative
– still, many people like the netlib collection
•
for a while, searching was still a reason to stay centralized
– AltaVista wasn’t enough, but Google is
•
maybe even now, Historic Netlib is an advantage
– an early netlib motivation was loss of Underwood’s thesis code
– Internet Archive or Historic Google will solve this eventually
local demonstration…
ack: Jack Dongarra and NSF
ehg@lucent.com
promoting freedom and diversity in CSME
•
take as given:
–
–
–
–
•
research directions based on deep technical understanding
resources suitable for tackling grand challenges
programs like ITR and SciDAC that promote cross-disciplinary teams
appreciation for theory, algorithms, software, data, evaluation
deltas:
– freedom to use any size or style of computing
– diversity of platforms, to promote software reuse
– diversity of background
– ambassadors
– how people succeed or not
Pardon my naiveté; I’m from a historically unfunded lab.
ehg@lucent.com
freedom to use any size or style of computing
•
Which grid to use?
ehg@lucent.com
It depends on the technology.
computational equivalent of co-generation
• novel sources of cycles
– network processors, graphics processors
• suited to early data processing, as in real-time collection
• needs team of algorithm experts and software specialists
– trustworthy sandboxing, portable namespaces
• stability considerations as the grid changes
– I-BGP oscillations
•
•
•
•
I-BGP mostly works fine, but has subtle instabilities
problems masquerade as network configuration mistakes
temptation to use quick-fix engineering patch
careful theoretical analysis gives sounder base for the future
ehg@lucent.com
definition of a distributed system
In a distributed system, the failure of a
computer you didn't even know existed can
render your own computer unusable.
Leslie Lamport
build in robustness against
•
•
•
•
loss of nodes and links
unexpected input
malicious input
human error
apply capacity for clever redundancy, not just large feature sets
ehg@lucent.com
electricity is fungible, computing is not
•
The computing debate too often focuses on the size and interconnect
of CPUs. This misses a key point of networking.
•
a personal journey, but not atypical
– 70’s
• at SDRC in Ohio, calculating on CDC6500 at US Steel
• at Stanford, calculating in Macsyma at MIT
– 80’s
• calculating on supercomputer, shared across many organizations
• switched to cluster computing, driven by social factors
– 90’s
• calculating on laptops, driven by customers’ wishes
– 00’s
• building systems on hardware/software platforms far away
•
So CISE properly features remote access to unique data,
experimental apparatus, communities of experts.
ehg@lucent.com
diversity of platforms to encourage software reuse
•
•
standing on the shoulders of giants
portable code comes not from good intentions but constant practice
– supply build environments to wide community
– encourage transformation tool builders to link with other grantees
•
we need incentives to use others’ work
– human nature to build on one’s own work
– consider evidence of reuse when evaluating novelty of proposals
– ask about past history of effective reuse
•
don’t use stupid metrics
– web page hits and downloads are almost meaningless
– requests for help and bug reports are better
– notice whose software is being cited in “past history of reuse”
ehg@lucent.com
diversity of background
•
Looking back over multi-disciplinary projects at Bell Labs,
disproportionate success when led by women and minorities.
CSME is a natural for those who’ve learned to bridge differing
backgrounds.
•
Why so few GRPW/CRFP fellowship applications in computational
science and engineering? Please encourage them!
today’s NA-Digest: MIT School of Engineering position in Computational Engineering
CRA Taulbee survey
35/847 = 4% of CS PhD in scientific computing
ehg@lucent.com
collecting cautionary examples
•
•
•
another, less benign, kind of diversity of background in CSME:
people with less numerical and statistical experience
can lead to simplistic simulation attempts
as a discipline, we need to be collecting cautionary examples
– test collections today often are designed for experts
– to compare performance of algorithms on typical problems
– need to also stress convergence criteria, violated assumptions
ehg@lucent.com
ambassadors
•
anecdote from approximation theory
– Franke compared bivariate scattered-data interpolation methods
– a winner was Hardy’s multiquadric from geophysics
– beginning of flowering of research in radial basis functions
•
anecdote from electronic circuit simulation
– splines replaced low-order tables
– reduced order modeling, Pade via Lanczos
– vicissitudes of business: fewer numerical people in field,
and stories of missing the connections
•
proposal: fund senior person to reach out to other field
–
–
–
–
somewhat like distinguished lecturer programs
administered by professional societies
judge by surprising connections uncovered and theorems applied
supplement to traditional multidisciplinary teams
ehg@lucent.com
how people succeed or not
•
•
projects at Bell Labs have long been cross-discipline
who succeeds?
–
–
–
–
•
broad, knowledgeable, fearless individuals
people driven to see their tools in use by others
people with enough professional success to willingly share credit
supported by managers who appreciate the costs
and by second level managers who also can share credit
software architects
– crucial; seeing simulation projects founder without architect
– Do we give architects a good career path?
ehg@lucent.com
action items
• remember to promote freedom and diversity
• nominate ambassadors
• reward re-use
• collect cautionary examples
• find a career path for software architects
ehg@lucent.com