The Bugs and the Bees
Research in
Programming
Languages
and Security
David Evans
University of Virginia
Computer Science
evans@cs.virginia.edu
http://www.cs.virginia.edu/evans
Computer Science
• “How to” knowledge:
– Ways of describing imperative processes
(computations)
– Ways of reasoning about (predicting) what
imperative processes will do
• Most interesting CS problems concern:
– Better ways of describing computations
– Ways of reasoning about what they do
(and don’t do)
1 October 2003
David Evans - CS696
2
Research Projects
Swarm Computing
How can we program massively
distributed collections of simple
devices and reason about their
behavior in hostile environments?
Security for Sensor Networks
How can we provide security
properties for ad hoc, wireless
networks of disposable devices?
Static/Dynamic Analysis
1 October 2003
David Evans - CS696
3
(Really) Brief History of Computing
1950
1960
1970
1980
1990 2000-
Monolithic Computers
in guarded, airconditioned rooms
Fixed Networks of
PCs
Billions of small,
cheap unreliable
devices
No interactions
Data interactions with
other computers, but
most computing done
locally
Computing
organized through
local interactions
Narrow interface to
operator (punch cards,
teletype), no interface
to environment
Rich interface to user,
limited interface to
environment
Fundamentally
integrated into
physical
environment
1 October 2003
David Evans - CS696
4
Challenges and Opportunities
• Embedded in physical environment
– Challenges: unpredictable, energy-limited
– Opportunities: physical laws, continuous
• Scale
– Challenges: billions of independent
components
– Opportunities: redundant to failures
• Demands new programming
approaches and reasoning techniques
1 October 2003
David Evans - CS696
5
Swarm Computing:
Long-Range Goal
Cement
10 TFlop
1 October 2003
David Evans - CS696
6
Why this Might be Possible?
• We are surrounded by systems that:
– Contain 70 Trillion components
– Continue to function when millions of
components fail (3B since this talk started!)
– Survive in hostile environments (even
Canada!)
– Self-organize starting from a single
component and a program that is smaller
than WindowsXP
1 October 2003
David Evans - CS696
7
Observations About
Nature’s Programs
• Responsive
– Aware of state of
self and surroundings
• Localized
– Communication through chemical diffusion
• Redundant
– Millions of cells can die without compromising function
• Diverse
– Species survive because of diversity of individuals
• Remarkably Expressive
• Human genome ~250MB
1 October 2003
David Evans - CS696
8
Foundations
Current Research
• Amorphous Computing
[Abelson, Nagpal,
Sussman]
Cellular Automata
• Paintable Computing
von Neumann [1940s]
[Butera]
Conway’s Game of Life [1970]
• Embryonics [Mange,
Wolfram [2002]
Sipper]
Reaction-Diffusion
Turing [1952] • Ant Colony
Optimization, Swarm
Intelligence
1 October 2003
David Evans - CS696
9
Swarm Programming
Behavioral
Description
Environment
Model
Behavior and primitives
defined over groups
Swarm
Program
Generator
Device
Model
Device
Units
Device
Programs
Programmed
Device
Units
Primitives
Library
1 October 2003
David Evans - CS696
10
Simplified Cell Model
• Awareness of Environment
– Sense chemicals on cell walls
– Sense chemicals in environment
• Cell Actions
– Cell Division (asymmetric)
– State Change
– Communicate: emit (directional, neighboring
walls), diffuse (omnidirectional)
• Simple physical forces
– Two cells cannot overlap in space
1 October 2003
David Evans - CS696
11
Biological Complexity
Molecular map of colon cancer cell
from http://www.gnsbiotech.com/applications.shtml
1 October 2003
David Evans - CS696
12
Simple Sphere Program
center
alive < 1
state center { color 1 0 0
emits (alive, 1) diffuses (radius, 10)
transitions
alive from dir < 1
-> (center, body) in dir;
}
state body { color 0 0 1
emits (alive, 1)
transitions
alive from dir < 1 & radius > 0
alive < 1 & radius > 0
-> (body, body) in dir;
}
body
1 October 2003
David Evans - CS696
13
state center { color 1 0 0
emits (alive, 1) diffuses (radius, 10)
transitions
alive from dir < 1
-> (center, body) in dir;
}
state body { color 0 0 1
emits (alive, 1)
transitions
alive from dir < 1 & radius > 0
-> (body, body) in dir;
}
1 October 2003
David Evans - CS696
14
Intrusion Tolerance?
• Robust to random failures
– As long as source cell survives, the sphere
will re-generate
– Sphere has > 10000 cells
• Not robust to attacks
– Destroy the center cell, sphere will not
regrow
1 October 2003
David Evans - CS696
15
state center { color 1 0 0
emits (alive, 1) diffuses (radius, 10)
transitions
(alive from dir < 1) -> (center, core) in dir; }
Example
state core { color 0 1 0
emits (alive, 1)
transitions
(alive from dir < 1) & (radius > 2)
-> (core, body) in dir;
(radius < 2) & (alive from dir < 1)
-> (core, center) in dir; }
state body { color 1 1 0
emits (alive, 1)
transitions
(alive from dir < 1) & (radius > 1)
-> (body, body) in dir; }
1 October 2003
David Evans - CS696
16
1 October 2003
David Evans - CS696
17
state corner { color red
emits (length, 8), (alive, 1)
transitions
(alive < 1) from dir
-> (corner, segment) in dir;
-> (corner); }
Network Mesh
state segment { color cyan
emits (alive, 1)
forwards (length - 1)
transitions
(length > 1.5) from dir
& (alive < 0.5) from opposite (dir)
-> (segment, segment)
in opposite (dir);
(length > 0.1) -> (corner);
(length < 0.1) -> die; }
1 October 2003
David Evans - CS696
18
Composing Primitives
• Cells can follow multiple programs
simultaneously (vector of independent states)
• Cells can combine primitives through shared
chemicals
– Chemicals secreted by one primitive can induce
changes in other primitives
• Goals:
– Predict properties of composition based on
properties of primitives
– Diversity of primitive implementations provides
protection from directed attacks
1 October 2003
David Evans - CS696
19
Mickey Mouse Program
• 20 states
• 50 transition rules
• Starts from one cell,
combines lines, spheres
Real Mouse Program
• 3B base pairs
• 98% same as human DNA
• Starts from one cell,
combines complex proteins
1 October 2003
David Evans - CS696
20
Towards Real Systems
• Cells
– Sensor Devices, MEMS, Internet Nodes
• Division
– Processes
– Find new hosts
• Communication
– Point-to-point emissions
– Wireless multicast (can be multi-hop) diffusions
• Example: distributed file system running on
simulated wireless nodes (Selvin George’s
MCS)
1 October 2003
David Evans - CS696
21
Research Problems in Swarm Computing
• Specification of Functional and NonFunctional Properties
– How should we describe primitives?
– How should we describe desired behavior?
• Composition
– What composition mechanisms make sense?
Can we predict the result?
• Survivability
– How can we model attacks? How do we build
robust swarm programs?
1 October 2003
David Evans - CS696
22
Securing Sensor Networks
1 October 2003
David Evans - CS696
23
Sensor Networks
High-power base station
Thousands of small, low-powered devices with
sensors and actuators, communicating wirelessly
1 October 2003
David Evans - CS696
24
Why security for sensor
networks is hard
• Low power devices
– Cannot do traditional public-key algorithms
• Limited device communication
– Sending messages is extremely expensive
• Communication is wireless
– All messages are vulnerable to
eavesdropping and forgery
• May be difficult to preconfigure devices
with secrets
1 October 2003
David Evans - CS696
25
Routing
(Lingxuan Hu’s slide)
1 October 2003
David Evans - CS696
26
Wormhole Attack
• Tunnel packets
received in one
place of the
network and
replay them in
another place
• The attacker
needs no key
material, just two
transceivers!
(Lingxuan Hu’s slide)
1 October 2003
David Evans - CS696
27
Disrupted Routing
(Lingxuan Hu’s slide)
1 October 2003
David Evans - CS696
28
New Opportunities
• Physical Space
– Exploit knowledge about physical space
• Redundancy
– Use cooperation to establish trust
• Physical properties
– Speed of transmission limits time when
another node can hear it
1 October 2003
David Evans - CS696
29
Directional Antennas
Operation Modes: Omni and Directional
1 October 2003
David Evans - CS696
30
Antenna Model
3
2
/3
4
East
1
5
6
Nodes orient themselves using a magnetic compass
1 October 2003
David Evans - CS696
31
Detecting Wormhole
NO! I hear B from right
B is on
left of A
Hello
B
A
(Lingxuan Hu’s slide)
1 October 2003
David Evans - CS696
32
Sophisticated Wormhole
Yes. We are neighbors
B is on
right of A
Hello
A
B
If more nodes cooperate, can verify nodes
as legitimate neighbors. (Maybe…)
(Lingxuan Hu’s slide)
1 October 2003
David Evans - CS696
33
Research Problems
• Key Establishment
– How can groups of sensor nodes establish a
shared key for secure communication?
• Secure Aggregation
– How can nodes aggregate data without losing
authenticity?
• Secure Location Services
– How can nodes determine their location and
neighbors in the presence of adversaries?
1 October 2003
David Evans - CS696
34
Charge
• For more information:
swarm.cs.virginia.edu
www.cs.virginia.edu/evans
• Students:
– PhD: Lingxuan Hu, Nate Paul, Joel Winstead
– Recent grads: Selvin George (MCS, Appian), Weilin
Zhong (MCS, Cigital)
– Undergraduates: Salvatore Guarnieri, Steven Marchette,
Qi Wang, Chalermpong Worawannotai, Brad Zhang
• Funding: NSF CAREER, NSF ITR
1 October 2003
David Evans - CS696
35