Software Quality and Infrastructure Protection for Diffuse...
Transcript of Software Quality and Infrastructure Protection for Diffuse...
Software Quality and Infrastructure Protection for
Diffuse Computing
FY2001 ONR CIP/SW URI
Principal Investigator: Andre ScedrovInstitution: University of Pennsylvania
URL: http://www.cis.upenn.edu/spyce
OPTION STARTED IN MAY 2004
The SPYCE Team
Joan Feigenbaum (Yale)Joseph Y. Halpern (Cornell)Patrick D. Lincoln John C. Mitchell (Stanford)Andre Scedrov (U Penn)Jonathan M. Smith (U Penn) (until December 2003)
External Collaborators
Cynthia Dwork (Microsoft)Tim Griffin (Intel)Vitaly Shmatikov (SRI)Paul Syverson (NRL)
URI ObjectiveAlgorithms to model, manage and maintain Algorithms to model, manage and maintain a computational a computational infrastuctureinfrastucture, distributed , distributed among many heterogeneous nodes that do among many heterogeneous nodes that do not trust each other completely and maynot trust each other completely and mayhave incentives (needs, priorities).have incentives (needs, priorities).
DoD Capabilities
Reduced cost, improved performance, and higher reliability for networked operations across untrusted networks
Scientific/Technical ApproachesComputing and networking elements
diffusing into the environment need:• Local incentive-compatibility
in global distributed computing• Scalable authorization mechanisms• Assured communication• Experimental evidence
URI, May 2001 August 17, 2004
Software Quality and Infrastructure Protection for Diffuse ComputingU Penn, Stanford, Cornell, Yale
Smart devices diffuse into the environment….
… with control and assurance
Desktop ‘80s
Room ‘40s
Wearable ‘90s
Pervasive ‘00s
Email: [email protected] WWW: http://www.cis.upenn.edu/spyce/
Secure services through heterogeneous overlay networks
Communication CooperationIncentivesDelivery
MissionAnalysis5.3.1
JFHQ
DevelopCOAE
5.3.4
JFHQ
PlanningGuidance
5.3.2
CDR
EndState 5.3.3
CDR
AnalyzeCOAE
5.3.5
JFHQ
RedTeamInputs
0.0Red
Team
SelectCOAE
5.3.7
CDR
PrepareETO
5.3.9
JFHQ
JFHQFunctional
Inputs 5.3.4
JFHQ
Collaborative Planning Environment
externalFunctional
Inputs0.0
COE
ReviseONA JFHQ
TaskMission CINC
PrepareONA JFHQ
PrepareCONPLAN
w/FDOs5.3.9JFHQ
DetermineDesired
End State CINC
SharpenONA JIC
DevelopLogisticsSupport JFHQ
Command
5.4JFHQ
ProjectFuture
OperationsJFHQ
CompareMoE
0.0JFHQ
CompareMoP 0.0
JFHQ
5.3.6
JFHQ
5.3.8
CDR
JPOTF
DIA
NAVFOR Element
MARFOR Element
JF HQ
JPG
AFFOR Element
ARFOR Element
JFACC
JFLCC
DOCC
JFMCC
JSOTF
POC
JCSNMCC
SPSTF
COC
Theater JIC/JAC
NMJIC
NCAUnified CINC
USAF
SupportCommands
Theater
USMCNavy
Army
JCCC
JLRC
JOCJISE
JPRC
JPRC
ACE
JISE (JFLCC)
JISE/J2 (JSOTF)
JISE/J2 Watch (JFACC)
MTACC/ACE
JFHQ OPFAC Interfaces in Wartime Scenario
TRANSCOM
SPACECOM
STRATCOM
SPOC
JIOC
JWAC
AFSPOCARSPOC
NAVSPOC
MI
CP Main
CP Fwd
CINC IMO
JCCCJCCC
NOC
NOCNOC
NOC
TCCCIO Cell
DISAGNOSC
RNOSC RNOSC
Other AgenciesNRO
NSA
NSA
JMCGAOC
JAOC
JISE/J2 (JFMCC)JMOC
CVIC/CDCTFCC
JCCC
JOC (JFLCC)
JCCC
TOC
JRTOC
JOC
JLRC
JPGJCCC
JISENIST
NRO
JOC (JSOTF)
JF HQ
JFLCC
JFMCC
JFACC
Unified CINC
AFFOR Element
MARFOR Element
NAVFOR Element
ARFOR Element
JSOTF
Theater JIC/JAC
National CINC JFHQ Staff JF Component Service Component
NCA
DIA
NRO
NSA
JCS
NIMA
SOCOM
TacticalAssets
TRANSCOM
SPACECOM
STRATCOM
JWAC
DLA
CIA
Academia
Coast Guard Element
JFHQ CINC Plug
C4ISR ArchitectureCommand, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance
Diffuse Computing
Paradigm developing rapidly as a result of - commercial computing markets - now-recognized potential of
peer-to-peer computing and grid computing- the need for distributed network-centric systems
Raises challenges for - system design- software production - the development of mechanisms ensuring stable
equilibria of diffuse systems
SPYCE Objective:Scalable Distributed Assurance
Develop fundamental understanding, models, algorithms, and network testbed, in order to reduce cost, improve performance, and provide higher reliability for networked operations across untrusted networks.
Incentives, Privacy, and Anonymity
Protocol Design and Analysis
Trust Management
Network Architecture
Smart devices diffuse into the environment….
… with control and assurance
Desktop ‘80s
Room ‘40s
Wearable ‘90s
Pervasive ‘00s
Software Quality and Infrastructure Protection for Diffuse ComputingU Penn, Stanford, Cornell, Yale
Scientific Accomplishments• Interdomain routing
Path vector protocols [Penn-Yale-Intel]Local conditions for stable routes [Yale]
• Analysis of cryptographic protocolsFormal methods for cryptography [Penn-Stanford]Kerberos 5 analysis [Penn-NRL]
• Logic for reasoning about policies [Cornell]• SPAM reduction algorithms [Microsoft-Stanford]• Privacy in databases [SRI-Microsoft]• Anonymity and information hiding [Cornell-NRL]• Content transcoding for heterogeneous clients [Penn]• Flexible Lightweight Active Measuring Environment [Penn]
Project Contact Information• PI: Prof. Andre Scedrov
co-PIs: Prof. Joan Feigenbaum, Prof. Joseph Halpern, Dr. Patrick Lincoln, Prof. John Mitchell
• Prof. Andre ScedrovDepartment of MathematicsUniversity of Pennsylvania209 South 33rd StreetPhiladelphia, PA, 19104-6395
Educational Accomplishments• Enhanced the ability to educate and train students in science
and engineering and perform CIP/SW relevant research
• 10 refereed journal publications
• 55 refereed conference proceedings
• 5 prototypes
• 7 PhD students graduated, 16 PhD students supported
• Members of NAS Computer Science and Telecommunications Board, Defense Science Board Task Force on Science and Technology, ACM Fellows, AAAI Fellows, …
August 17, 2004WWW: http://www.cis.upenn.edu/spyceEmail: [email protected], May 2001
Sample Plans for Option (1)
Secure, reliable network infrastructure- Combine security mechanism and incentives- Examples: BGP, DNS, NTP, …
General theory of computational mechanism- Mechanism specification and verification- Computational complexity analysis combining
network communication and incentivesDiscrete information management- Multicentric information delivery and retrieval- Access control, anonymity, and privacy
Sample Plans for Option (2)Further investigation of practical protocolsAutomating verificationAdding utilities to specifications Verifying mechanisms- mechanism = set of rules for playing a game,
designed to encourage “good” behaviore.g., tax system, type of auction
Sample Plans for Option (3)
• Combine the study of incentives, privacy, and anonymity
• Derive hardness results in diffuse computing • Hardness stems from interplay of computational
requirements and incentive-compatibility requirements (as in budget-balanced MCS).
• Use hardness as a building block in private algorithmic mechanisms or anonymous algorithmic mechanisms.
SPYCE Objective:Scalable Distributed Assurance
Develop fundamental understanding, models, algorithms, and network testbed, in order to reduce cost, improve performance, and provide higher reliability for networked operations across untrusted networks.
Incentives, Privacy, and Anonymity
Protocol Design and Analysis
Trust Management
Network Architecture
Smart devices diffuse into the environment….
… with control and assurance
Desktop ‘80s
Room ‘40s
Wearable ‘90s
Pervasive ‘00s