240 likes | 419 Views
Trusted Computing Amidst Untrustworthy Intermediaries. Mike Langston Department of Computer Science University of Tennessee currently on leave to Computer Science and Mathematics Division Oak Ridge National Laboratory USA. Overview. Highly Parallel Scalable Network Variable Topology
E N D
Trusted Computing Amidst Untrustworthy Intermediaries Mike Langston Department of Computer Science University of Tennessee currently on leave to Computer Science and Mathematics Division Oak Ridge National Laboratory USA
Overview Highly Parallel Scalable Network Variable Topology Internet Like But Untrusted! Programs Data
Possible Solutions • Accept faulty results. Uh, no thanks. • Authenticate/verify by central authority. Unrealistic, does not scale. • Exploit complexity and checkability. Problems in NP can be hard to solve -- but they are always easy to check! No need for centralized control, ownership, or verification.
A Little Complexity Theory The Classic View: “easy” P … … NP Σ P PSPACE 2
A Little Complexity Theory • The Classic View: “easy” NP-complete P … … NP Σ P PSPACE 2 “hard”
A Little Complexity Theory • The Classic View: “fuggettaboutit” “easy” P … … NP Σ P PSPACE 2 “hard”
Parameter Sensitivity: Instance(n,k) • Suppose our problem is, say, NP-complete. • Consider an algorithm with a time bound such as O(2k+n). • And now one with a time bound more like O(2k+n).
Parameter Sensitivity: Instance(n,k) • Suppose our problem is, say, NP-complete. • Consider an algorithm with a time bound such as O(2k+n). • And now one with a time bound more like O(2k+n). • Both are exponential in parameter value(s).
Parameter Sensitivity: Instance(n,k) • Suppose our problem is, say, NP-complete. • Consider an algorithm with a time bound such as O(2k+n). • And now one with a time bound more like O(2k+n). • Both are exponential in parameter value(s). • But what happens when k is fixed?
Parameter Sensitivity: Instance(n,k) • Suppose our problem is, say, NP-complete. • Consider an algorithm with a time bound such as O(2k+n). • And now one with a time bound more like O(2k+n). • Both are exponential in parameter value(s). • But what happens when k is fixed? • Fixed Parameter Tractability: confines superpolynomial behavior to the parameter.
Complexity Theory, Revised Hence, the Parameterized View: “solvable (even if NP-complete)” … … W[2] XP W[1] FPT
Complexity Theory, Revised The Parameterized View: “solvable (even if NP-hard!)” … … W[2] XP W[1] FPT “heuristics only”
Complexity Theory, Revised The Parameterized View: “I said fuggettaboutit!” “solvable (even if NP-hard!)” … … W[2] XP W[1] FPT “heuristics only”
Target Problems • Not membership in P (assuming P≠NP) • hard to compute
Target Problems • Not membership in P (assuming P≠NP) • hard to compute • Membership in NP • easy to check
NP-complete FPT Target Problems • Not membership in P (assuming P≠NP) • hard to compute • Membership in NP • easy to check • Fixed Parameter Tractable • use kernelization and branching
Kernelization • Consider Clique and Vertex Cover • High Degree Rule(s) • Low Degree Rule(s) • LP, Crown Reductions • kernel of linear size, and extreme density • the “hard part” of the problem instance
Branching • Let’s stay with Clique and Vertex Cover • Bounded tree search • Depth at most k • With this technique, we can now solve vertex cover in O(1.28k+n) time • Easily parallelizable • No processor sees another’s work, nor the original graph
Branching as A Form of Cyber Security Data decomposition Answer check (NP certificate) . Untrusted intermediaries cannot deduce data Nor can they spoof answers . . . . . .
Overall Appeal • Verifiability • easy to check answers: a faulty or malicious processor cannot invalidate or subvert computations
Overall Appeal • Verifiability • easy to check answers: a faulty or malicious processor cannot invalidate or subvert computations • Security • damage from intrusion contained: strong concealment of the total problem is a natural part of this method
Overall Appeal • Verifiability • easy to check answers: a faulty or malicious processor cannot invalidate or subvert computations • Security • damage from intrusion contained: strong concealment of the total problem is a natural part of this method • Scalability • branching translates into partitioning: no a priori bounds on the degree of parallelism
Overall Appeal • Verifiability • easy to check answers: a faulty or malicious processor cannot invalidate or subvert computations • Security • damage from intrusion contained: strong concealment of the total problem is a natural part of this method • Scalability • branching translates into partitioning: no a priori bounds on the degree of parallelism • Robustness • subtrees are compartmentalized: processes can be reassigned at will
Research Thrusts • Range of amenable problems? • FPT • non FPT • Ubiquity of untrustworthy processors? • grid computing • unbrokered resource sharing • Relationship to traditional forms of security? • internet-style lightweight security • no heavyweight authentication needed