Loading in 2 Seconds...
Loading in 2 Seconds...
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
SeT: Secure Service Technology for Dependable e-Business/Government Applications Jie Xu, Keith Bennett and Malcolm Munro The SeTech Centre Department of Computer Science University of Durham
The SeTech Centre at Durham Funding Sources: EPSRC/DTI, NEeS Centre Industrial Partners (Sun, Sharp, Sparkle etc) Technical Board: Jie Xu (Distributed Systems & Dependability) Keith Bennett (Service-Based Architecture) Malcolm Munro & Nick Holliman (Visualisation) Research Staff: 6 Academic Staff Members + 12 Research Staff Members Hardware Testbed: A Sun 32 CPU UltraGrid computer connected to a network of Sun servers and workstations with an upgraded Gigabit link between Durham and Newcastle Close Collaborations: The Pennine Group, EU and USA univ. & insti.
Problems and Challenges The Problem - Coordinated resource sharing & problem solving in large- scale, dynamic, multi-institutional virtual organisations Major Technical Obstacles - Inflexible, protocol-specific architectures & approaches - Difficulty in structuring and writing such large-scale programs - Security risks and malicious attacks - Many risks and problems rooted in software
e-Demand:A Software-BasedSolution The Demand-Led Service-Based Architecture - New service-based model for organising flexible e-business/ government applications - An instance of the architecture to be implemented Generic Services, e.g. our unique SIR technique - Support for secure and attack-tolerant information sharing - 3D visualisation service for program/information comprehension Fault-Injection-Based System Evaluation - The FITMVS tool, supported by clusters of workstations - Evaluation with respect to faults/attacks/performance
Architectural Evolution Internet Architecture Service-Based Architecture Protocol-Based Architecture Applications Applications Information, Negotiation Settlement, After-Services e-Actions ISPs, CSPs, SPs Coordination of Multiple Resources Generic Services: Security, FT Visualisation Resource Management Transport Connectivity Internet Link Resources
Service-Based Architectural Model Demand Contractor/assembly service provider Catalogue/ontology provider Finding Service consumer Provision Ultra-Late Binding Publishing e-Action service Service/solution provider Attack-tolerance service Auto-3D service
The Attack-Tolerant PIR Scheme Private Information Retrieval (PIR) - Normal query to a (remote) database: give me the record x - PIR query: compute functions F1, F2, …, Fk for me over x, y, z, ... (reconstruct x locally based on the results of F1, F2, …, Fk) Attack/Failure Models of Remote DB Servers - Honest-but-Curious (HbC): query with K functions (computing tasks) - HbC & loss of results: query with K + L functions - Malicious hosts (may change the results deliberately): 2 different queries (i.e. 2K functions for detection) or (f + 2)queries for tolerating f attacks/failures New Approach: a query with K signed functions (detection) for tolerating f attacks/failures Application Domains: critical information services, healthcare etc.
The System Architecture host 1 host 2 host m A1m A11 A12 A1 A2m A21 A22 A2 An1 Anm An2 An Internet (pieces of code) A1, A2 … An A1, A2 … An mobile code dispatcher mobile code collector request manager result manager (local host) request result user application
An Implementation for Real DBs Length of Queries vs. Execution Time