116 Views

Download Presentation
## Trusted Computing Amidst Untrustworthy Intermediaries

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Trusted Computing Amidst Untrustworthy Intermediaries**Mike Langston Department of Computer Science University of Tennessee currently on leave to Computer Science and Mathematics Division Oak Ridge National Laboratory USA**Overview**Highly Parallel Scalable Network Variable Topology Internet Like But Untrusted! Programs Data**Possible Solutions**• Accept faulty results. Uh, no thanks. • Authenticate/verify by central authority. Unrealistic, does not scale. • Exploit complexity and checkability. Problems in NP can be hard to solve -- but they are always easy to check! No need for centralized control, ownership, or verification.**A Little Complexity Theory**The Classic View: “easy” P … … NP Σ P PSPACE 2**A Little Complexity Theory**• The Classic View: “easy” NP-complete P … … NP Σ P PSPACE 2 “hard”**A Little Complexity Theory**• The Classic View: “fuggettaboutit” “easy” P … … NP Σ P PSPACE 2 “hard”**Parameter Sensitivity: Instance(n,k)**• Suppose our problem is, say, NP-complete. • Consider an algorithm with a time bound such as O(2k+n). • And now one with a time bound more like O(2k+n).**Parameter Sensitivity: Instance(n,k)**• Suppose our problem is, say, NP-complete. • Consider an algorithm with a time bound such as O(2k+n). • And now one with a time bound more like O(2k+n). • Both are exponential in parameter value(s).**Parameter Sensitivity: Instance(n,k)**• Suppose our problem is, say, NP-complete. • Consider an algorithm with a time bound such as O(2k+n). • And now one with a time bound more like O(2k+n). • Both are exponential in parameter value(s). • But what happens when k is fixed?**Parameter Sensitivity: Instance(n,k)**• Suppose our problem is, say, NP-complete. • Consider an algorithm with a time bound such as O(2k+n). • And now one with a time bound more like O(2k+n). • Both are exponential in parameter value(s). • But what happens when k is fixed? • Fixed Parameter Tractability: confines superpolynomial behavior to the parameter.**Complexity Theory, Revised**Hence, the Parameterized View: “solvable (even if NP-complete)” … … W[2] XP W[1] FPT**Complexity Theory, Revised**The Parameterized View: “solvable (even if NP-hard!)” … … W[2] XP W[1] FPT “heuristics only”**Complexity Theory, Revised**The Parameterized View: “I said fuggettaboutit!” “solvable (even if NP-hard!)” … … W[2] XP W[1] FPT “heuristics only”**Target Problems**• Not membership in P (assuming P≠NP) • hard to compute**Target Problems**• Not membership in P (assuming P≠NP) • hard to compute • Membership in NP • easy to check**NP-complete**FPT Target Problems • Not membership in P (assuming P≠NP) • hard to compute • Membership in NP • easy to check • Fixed Parameter Tractable • use kernelization and branching**Kernelization**• Consider Clique and Vertex Cover • High Degree Rule(s) • Low Degree Rule(s) • LP, Crown Reductions • kernel of linear size, and extreme density • the “hard part” of the problem instance**Branching**• Let’s stay with Clique and Vertex Cover • Bounded tree search • Depth at most k • With this technique, we can now solve vertex cover in O(1.28k+n) time • Easily parallelizable • No processor sees another’s work, nor the original graph**Branching as**A Form of Cyber Security Data decomposition Answer check (NP certificate) . Untrusted intermediaries cannot deduce data Nor can they spoof answers . . . . . .**Overall Appeal**• Verifiability • easy to check answers: a faulty or malicious processor cannot invalidate or subvert computations**Overall Appeal**• Verifiability • easy to check answers: a faulty or malicious processor cannot invalidate or subvert computations • Security • damage from intrusion contained: strong concealment of the total problem is a natural part of this method**Overall Appeal**• Verifiability • easy to check answers: a faulty or malicious processor cannot invalidate or subvert computations • Security • damage from intrusion contained: strong concealment of the total problem is a natural part of this method • Scalability • branching translates into partitioning: no a priori bounds on the degree of parallelism**Overall Appeal**• Verifiability • easy to check answers: a faulty or malicious processor cannot invalidate or subvert computations • Security • damage from intrusion contained: strong concealment of the total problem is a natural part of this method • Scalability • branching translates into partitioning: no a priori bounds on the degree of parallelism • Robustness • subtrees are compartmentalized: processes can be reassigned at will**Research Thrusts**• Range of amenable problems? • FPT • non FPT • Ubiquity of untrustworthy processors? • grid computing • unbrokered resource sharing • Relationship to traditional forms of security? • internet-style lightweight security • no heavyweight authentication needed