Towards a Paradigm for Robust Distributed Programming - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

Towards a Paradigm for Robust Distributed Programming

Description:

... if s=p(s ) then delete s and all of its descendents. delete. verb(args) ... Policies for resource use of subject and its descendents. Still under development... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 29
Provided by: ChristianS99
Category:

less

Transcript and Presenter's Notes

Title: Towards a Paradigm for Robust Distributed Programming


1
Towards a Paradigm for Robust Distributed
Programming
  • Christian Scheideler
  • Institute for Computer Science
  • Technical University of Munich

2
Performance measures
  • Classical research areaEfficient algorithms and
    data structures
  • Distributed computingEfficiency is not
    everything!Robustness against adversarial
    behavior increasingly pressing issue.

Topic of this talk
3
Four Commandments of Distributed Computing
  • You shall not sleep.
  • You shall not lie.
  • You shall not steal
  • You shall not kill
  • Countermeasures for violations
  • Algorithmic solutions if majority is prompt.
  • Secure multiparty computation, filtering.
  • No intrusion possible, then cryptographic
    mechanisms protect against identity theft.
  • Serious problem! Denial-of-Service attacks!

4
Fundamental Dilemma
  • Scalability minimize resources needed for
    operations
  • Robustnessmaximize resources needed for attack
  • Scalable solutions easy to attack!!!

5
Consequence
  • We need a new model!
  • NOT What is the current state? Current
    distributed computing environment
    fundamentally flawed.
  • What is a realizable state?
  • Algorithms can be powerful advocates!

6
Towards a new paradigm
  • Requirements
  • Universalitywide range of comp./comm.
    environments
  • Simplicitysimple to state, realize and apply
  • Efficiencyinexpensive to realize and apply
  • Robustness???

7
Laws of Robustness
  • K. Cameron The laws of identity, D. Epp The
    eight rules of security,
  • User consent and controluser should have full
    control over its resources at any time
  • Minimal exposureonly give enough information to
    perform task
  • Minimal authorityonly give enough authority for
    task (principle of least privilege/authority)

8
Medical privacy
  • EU Rec. on Protection of Medical Data 1997,
    U.S. OCR HIPAA Regulations
  • User consent and controlpatients should have
    knowledge of /control over their medical data
  • Minimal exposureonly store/reveal information
    necessary for diagnosis or treatment
  • Minimal authorityonly give enough authority for
    task (principle of least privilege/authority)

9
Towards a new paradigm
  • Requirements
  • Universalitywide range of comp./comm.
    environments
  • Simplicitysimple to state, realize and apply
  • Efficiencyinexpensive to realize and apply
  • Robustnessthree laws

10
Universal Models
  • Turing machineeasy to state and realize but not
    to apply
  • von Neumann machineeasy to state but not to
    realize in distributed environment
  • Pointer modelslooks like most promising
    direction

11
Subject-oriented approach
  • Subjects active entities (no dynamic data!)
  • Objects passive entities (no methods!)(hulls
    for dynamic data)
  • no global user-accessible references to subjects
    or objects (minimizes exposure)
  • Subjects and objects atomic
  • Every object accessible by only one subject at
    any time and must be co-located with it
  • Information exchange through exchange of objects
    along relay points

12
Subject-oriented approach
  • Precursor Hewitts Actor model 1973
  • Since then mostly work in programming languages
    (E Language by Miller et al.)
  • Simplicity concurreny is difficult!
  • ) concurrency only outside of subjects
  • ) only strictly non-blocking primitives
  • ) no global read and write!

13
Subject-oriented approach
  • Ingredients
  • Subjects threads with static data
  • Objects hulls of dynamic data
  • Relay points communication
  • Identities objects for authorization

14
Laws of Robustness
  • User consent and control- subjects objects
    are atomic, subjects tied to site and objects
    co-located with subjects - parents are
    responsible for children
  • Minimal exposure- subjects objects have no
    identity, only relays- no sensitive information
    (keys) revealed
  • Minimal authorityany connection/access requires
    permission

Realize these through create delete
15
Subjects
  • p(s) parent of s (cannot be changed!)
  • s.create(s) sp(s)
  • s.delete(s) if sp(s) then delete s and all
    of its descendents

16
Relay points
  • h(r) home of relay r (cannot be changed!)
  • s.create(r)
  • s.create(r i) if d(i)s
  • s.delete(r) if h(r)s then delete r

outgoing link can not be changed
s
17
Identities
  • d(i) 2 R 1 destination
  • s.create(i) d(i)1 (public identity)
  • s.create(i r) d(i)p(s)
  • s.create(i r,i) d(i)s(i) (s source of i)
  • s.delete(i)

18
First contact
19
Introduction
r
r
C
20
Objects
  • We already know
  • Objects are type-less hulls of dynamic data and
    co-located with their subjects
  • Identities are special objects
  • Further concepts
  • For efficiency, only object references
    transferred in internal communication, but whole
    objects in external communication
  • Migration of subjects through special objects
    called clones

21
Clones
  • s(c) source, d(c) destination
  • s.create(c) d(c)p(s)
  • s.create(c i) d(c)s(i)
  • s.create(s c)

22
Working with objects
  • Initialization of objectsobj new Object
    (removes all old info)obj1 obj2 not possible
    (else access conflicts!)
  • Initialization of a new variable in object
    objint obj.var1 1float obj.var2 0.2
    string obj.var3 name
  • Test of defined variableif obj.name NULL then

var1 1
23
Working with objects
  • Copy-operationobj1.name1 obj2.name2
  • Move-operationobj1.name1 lt- obj2.name2
    obj2.name2 set to NULL
  • Referencingapproach store variable names in
    variablesvar1 2 some lokal variable in
    subjectobj.var1 1 obj.var1 resolves
    to obj.2 var2 name obj.var2 1
    obj.var2 resolves to obj.name
  • Delete-operationobj.name NULL

24
Better resource control
  • Additional commands open and close.
  • open(Subject s) activates s
  • close(Subject s) freezes (and saves) s
  • open(Relay r) activates r
  • close(Relay r) freezes (and saves) r
  • open(Object o) opens o for operations
  • close(Object o) closes (and saves) o
  • New subjects/relays/objects initially open.

25
Better resource control
  • In addition, use policies
  • Policies for permitted calls along links.
  • Policies for resource use of subject and its
    descendents.
  • Still under development

26
Nice features
  • Rigorous designs of systems possible that are
    robust against identity theft and DoS attacks
  • Secure grid computing
  • Digital rights management
  • Anonymity and privacy
  • BUT How to realize subjects environment?

27
Implementation
User
Internet
ISP
  • User subjects internal relay points
  • ISP external relay points (quota)

28
Questions? Contact scheideler_at_in.tum.de
Write a Comment
User Comments (0)
About PowerShow.com