1 / 35

Research in Programming Languages and Security David Evans

The Bugs and the Bees. Research in Programming Languages and Security David Evans. evans@cs.virginia.edu http://www.cs.virginia.edu/evans. University of Virginia Computer Science. Computer Science. “How to” knowledge: Ways of describing imperative processes (computations)

dunne
Download Presentation

Research in Programming Languages and Security David Evans

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Bugs and the Bees Research in Programming Languages and Security David Evans evans@cs.virginia.edu http://www.cs.virginia.edu/evans University of Virginia Computer Science

  2. Computer Science • “How to” knowledge: • Ways of describing imperative processes (computations) • Ways of reasoning about (predicting) what imperative processes will do • Most interesting CS problems concern: • Better ways of describing computations • Ways of reasoning about what they do (and don’t do) David Evans - CS696

  3. Research Projects Swarm Computing How can we program massively distributed collections of simple devices and reason about their behavior in hostile environments? Security for Sensor Networks How can we provide security properties for ad hoc, wireless networks of disposable devices? Static/Dynamic Analysis David Evans - CS696

  4. (Really) Brief History of Computing 1950 1960 1970 1980 1990 2000- Monolithic Computers in guarded, air-conditioned rooms No interactions Narrow interface to operator (punch cards, teletype), no interface to environment Billions of small, cheap unreliable devices Computing organized through local interactions Fundamentally integrated into physical environment Fixed Networks of PCs Data interactions with other computers, but most computing done locally Rich interface to user, limited interface to environment David Evans - CS696

  5. Challenges and Opportunities • Embedded in physical environment • Challenges: unpredictable, energy-limited • Opportunities: physical laws, continuous • Scale • Challenges: billions of independent components • Opportunities: redundant to failures • Demands new programming approaches and reasoning techniques David Evans - CS696

  6. Swarm Computing: Long-Range Goal Cement 10 TFlop David Evans - CS696

  7. Why this Might be Possible? • We are surrounded by systems that: • Contain 70 Trillion components • Continue to function when millions of components fail (3B since this talk started!) • Survive in hostile environments (even Canada!) • Self-organize starting from a single component and a program that is smaller than WindowsXP David Evans - CS696

  8. Observations About Nature’s Programs • Responsive • Aware of state of self and surroundings • Localized • Communication through chemical diffusion • Redundant • Millions of cells can die without compromising function • Diverse • Species survive because of diversity of individuals • Remarkably Expressive • Human genome ~250MB David Evans - CS696

  9. Cellular Automata von Neumann [1940s] Conway’s Game of Life [1970] Wolfram [2002] Amorphous Computing [Abelson, Nagpal, Sussman] Paintable Computing [Butera] Embryonics [Mange, Sipper] Ant Colony Optimization, Swarm Intelligence Foundations Current Research • Reaction-Diffusion • Turing [1952] David Evans - CS696

  10. Swarm Programming Behavior and primitives defined over groups Behavioral Description Device Units Swarm Program Generator Device Programs Environment Model Programmed Device Units Device Model Primitives Library David Evans - CS696

  11. Simplified Cell Model • Awareness of Environment • Sense chemicals on cell walls • Sense chemicals in environment • Cell Actions • Cell Division (asymmetric) • State Change • Communicate: emit (directional, neighboring walls), diffuse (omnidirectional) • Simple physical forces • Two cells cannot overlap in space David Evans - CS696

  12. Biological Complexity Molecular map of colon cancer cell from http://www.gnsbiotech.com/applications.shtml David Evans - CS696

  13. Simple Sphere Program center state center { color 1 0 0 emits (alive, 1) diffuses (radius, 10) transitions alivefromdir < 1 -> (center, body) in dir; } state body { color 0 0 1 emits (alive, 1) transitions alivefromdir < 1 & radius > 0 -> (body, body) indir; } alive < 1 body alive < 1 & radius > 0 David Evans - CS696

  14. state center { color 1 0 0 emits (alive, 1) diffuses (radius, 10) transitions alive from dir < 1 -> (center, body) in dir; } state body { color 0 0 1 emits (alive, 1) transitions alive from dir < 1 & radius > 0 -> (body, body) in dir; } David Evans - CS696

  15. Intrusion Tolerance? • Robust to random failures • As long as source cell survives, the sphere will re-generate • Sphere has > 10000 cells • Not robust to attacks • Destroy the center cell, sphere will not regrow David Evans - CS696

  16. Example statecenter { color1 0 0 emits (alive, 1) diffuses (radius, 10) transitions (alivefromdir < 1) -> (center, core) indir; } statecore { color0 1 0 emits (alive, 1) transitions (alivefromdir < 1) & (radius > 2) -> (core, body) indir; (radius < 2) & (alivefromdir < 1) -> (core, center) indir; } statebody { color1 1 0 emits (alive, 1) transitions (alivefromdir < 1) & (radius > 1) -> (body, body) indir; } David Evans - CS696

  17. David Evans - CS696

  18. state corner { color red emits (length, 8), (alive, 1) transitions (alive < 1) from dir -> (corner, segment) in dir; -> (corner); } state segment { color cyan emits (alive, 1) forwards (length - 1) transitions (length > 1.5) from dir & (alive < 0.5) from opposite (dir) -> (segment, segment) in opposite (dir); (length > 0.1) -> (corner); (length < 0.1) -> die; } Network Mesh David Evans - CS696

  19. Composing Primitives • Cells can follow multiple programs simultaneously (vector of independent states) • Cells can combine primitives through shared chemicals • Chemicals secreted by one primitive can induce changes in other primitives • Goals: • Predict properties of composition based on properties of primitives • Diversity of primitive implementations provides protection from directed attacks David Evans - CS696

  20. Mickey Mouse Program • 20 states • 50 transition rules • Starts from one cell, • combines lines, spheres • Real Mouse Program • 3B base pairs • 98% same as human DNA • Starts from one cell, • combines complex proteins David Evans - CS696

  21. Towards Real Systems • Cells • Sensor Devices, MEMS, Internet Nodes • Division • Processes • Find new hosts • Communication • Point-to-point emissions • Wireless multicast (can be multi-hop) diffusions • Example: distributed file system running on simulated wireless nodes (Selvin George’s MCS) David Evans - CS696

  22. Research Problems in Swarm Computing • Specification of Functional and Non-Functional Properties • How should we describe primitives? • How should we describe desired behavior? • Composition • What composition mechanisms make sense? Can we predict the result? • Survivability • How can we model attacks? How do we build robust swarm programs? David Evans - CS696

  23. Securing Sensor Networks David Evans - CS696

  24. Sensor Networks High-power base station Thousands of small, low-powered devices with sensors and actuators, communicating wirelessly David Evans - CS696

  25. Why security for sensor networks is hard • Low power devices • Cannot do traditional public-key algorithms • Limited device communication • Sending messages is extremely expensive • Communication is wireless • All messages are vulnerable to eavesdropping and forgery • May be difficult to preconfigure devices with secrets David Evans - CS696

  26. Routing (Lingxuan Hu’s slide) David Evans - CS696

  27. Wormhole Attack • Tunnel packets received in one place of the network and replay them in another place • The attacker needs no key material, just two transceivers! (Lingxuan Hu’s slide) David Evans - CS696

  28. Disrupted Routing (Lingxuan Hu’s slide) David Evans - CS696

  29. New Opportunities • Physical Space • Exploit knowledge about physical space • Redundancy • Use cooperation to establish trust • Physical properties • Speed of transmission limits time when another node can hear it David Evans - CS696

  30. Directional Antennas Operation Modes: OmniandDirectional David Evans - CS696

  31. Antenna Model East Nodes orient themselves using a magnetic compass David Evans - CS696

  32. Detecting Wormhole NO! I hear B from right B is on left of A Hello B A (Lingxuan Hu’s slide) David Evans - CS696

  33. Sophisticated Wormhole Yes. We are neighbors B is on right of A Hello A B If more nodes cooperate, can verify nodes as legitimate neighbors. (Maybe…) (Lingxuan Hu’s slide) David Evans - CS696

  34. Research Problems • Key Establishment • How can groups of sensor nodes establish a shared key for secure communication? • Secure Aggregation • How can nodes aggregate data without losing authenticity? • Secure Location Services • How can nodes determine their location and neighbors in the presence of adversaries? David Evans - CS696

  35. Charge • For more information: swarm.cs.virginia.edu www.cs.virginia.edu/evans • Students: • PhD: Lingxuan Hu, Nate Paul, Joel Winstead • Recent grads: Selvin George (MCS, Appian), Weilin Zhong (MCS, Cigital) • Undergraduates: Salvatore Guarnieri, Steven Marchette, Qi Wang, Chalermpong Worawannotai, Brad Zhang • Funding: NSF CAREER, NSF ITR David Evans - CS696

More Related