1 / 28

Towards a Paradigm for Robust Distributed Programming

This talk by Christian Scheideler explores the topic of robust distributed programming, discussing the four commandments of distributed computing and countermeasures for violations. The talk also addresses the fundamental dilemma of scalability versus robustness and proposes a new model for distributed computing that prioritizes efficiency and universality while ensuring robustness.

sdubois
Télécharger la présentation

Towards a Paradigm for Robust Distributed Programming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards a Paradigm for Robust Distributed Programming Christian Scheideler Institute for Computer Science Technical University of Munich

  2. Performance measures • Classical research area:Efficient algorithms and data structures • Distributed computing:Efficiency is not everything!Robustness against adversarial behavior increasingly pressing issue. Topic of this talk Robust Distributed Programming

  3. Four Commandments of Distributed Computing • You shall not sleep. • You shall not lie. • You shall not steal • You shall not kill Countermeasures for violations: • Algorithmic solutions if majority is prompt. • Secure multiparty computation, filtering. • No intrusion possible, then cryptographic mechanisms protect against identity theft. • Serious problem! Denial-of-Service attacks! Robust Distributed Programming

  4. Fundamental Dilemma • Scalability: minimize resources needed for operations • Robustness:maximize resources needed for attack Scalable solutions easy to attack!!! Robust Distributed Programming

  5. Consequence We need a new model! NOT: What is the current state?Current distributed computing environment fundamentally flawed. What is a realizable state? Algorithms can be powerful advocates! Robust Distributed Programming

  6. Towards a new paradigm Requirements: • Universality:wide range of comp./comm. environments • Simplicity:simple to state, realize and apply • Efficiency:inexpensive to realize and apply • Robustness:??? Robust Distributed Programming

  7. Laws of Robustness [K. Cameron: The laws of identity, D. Epp: The eight rules of security,…] • User consent and control:user should have full control over its resources at any time • Minimal exposure:only give enough information to perform task • Minimal authority:only give enough authority for task (principle of least privilege/authority) Robust Distributed Programming

  8. Medical privacy [EU Rec. on Protection of Medical Data 1997, U.S. OCR HIPAA Regulations] • User consent and control:patients should have knowledge of /control over their medical data • Minimal exposure:only store/reveal information necessary for diagnosis or treatment • Minimal authority:only give enough authority for task (principle of least privilege/authority) Robust Distributed Programming

  9. Towards a new paradigm Requirements: • Universality:wide range of comp./comm. environments • Simplicity:simple to state, realize and apply • Efficiency:inexpensive to realize and apply • Robustness:three laws Robust Distributed Programming

  10. Universal Models • Turing machine:easy to state and realize but not to apply • von Neumann machine:easy to state but not to realize in distributed environment • Pointer models:looks like most promising direction… Robust Distributed Programming

  11. Subject-oriented approach • Subjects: active entities (no dynamic data!) • Objects: passive entities (no methods!)(hulls for dynamic data) • no global user-accessible references to subjects or objects (minimizes exposure) • Subjects and objects atomic • Every object accessible by only one subject at any time and must be co-located with it • Information exchange through exchange of objects along relay points Robust Distributed Programming

  12. Subject-oriented approach • Precursor: Hewitt’s Actor model 1973 • Since then: mostly work in programming languages (E Language by Miller et al.) • Simplicity: concurreny is difficult! )concurrency only outsideofsubjects ) only strictly non-blocking primitives ) no global read and write! Robust Distributed Programming

  13. Subject-oriented approach Ingredients: • Subjects: threads with static data • Objects: hulls of dynamic data • Relay points: communication • Identities: objects for authorization Robust Distributed Programming

  14. Laws of Robustness • User consent and control:- subjects & objects are atomic, subjects tied to site and objects co-located with subjects - parents are responsible for children • Minimal exposure:- subjects & objects have no identity, only relays- no sensitive information (keys) revealed • Minimal authority:any connection/access requires permission Realize these through create & delete Robust Distributed Programming

  15. delete s s‘ verb(args) Subjects • p(s): parent of s (cannot be changed!) • s.create(s‘):s=p(s‘) • s.delete(s‘): if s=p(s‘) then delete s‘ and all of its descendents Robust Distributed Programming

  16. s r s s‘ i r‘ r r‘ Relay points • h(r): home of relay r (cannot be changed!) • s.create(r): • s.create(r | i): if d(i)=s • s.delete(r): if h(r)=s then delete r outgoing link can not be changed s Robust Distributed Programming

  17. i 1 s s s i r r Identities • d(i) 2 R [1: destination • s.create(i):d(i)=1 (public identity) • s.create(i | r):d(i)=p(s) • s.create(i | r,i‘):d(i)=s(i‘) (s: source of i‘) • s.delete(i) Robust Distributed Programming

  18. 1 s s s‘ r r‘ s r‘ First contact Robust Distributed Programming

  19. A B B r r A r‘ Introduction r r‘ C Robust Distributed Programming

  20. Objects We already know: • Objects are type-less hulls of dynamic data and co-located with their subjects • Identities are special objects Further concepts: • For efficiency, only object references transferred in internal communication, but whole objects in external communication • Migration of subjects through special objects called clones Robust Distributed Programming

  21. c s s s‘ Clones • s(c): source, d(c): destination • s.create(c):d(c)=p(s) • s.create(c | i):d(c)=s(i) • s.create(s‘ | c): Robust Distributed Programming

  22. Working with objects • Initialization of objects:obj := new Object; (removes all old info)obj1 := obj2; not possible (else access conflicts!) • Initialization of a new variable in object obj:int obj.var1 := 1;float obj.var2 := 0.2; string obj.var3 := “name“; • Test of defined variable:if obj.name = NULL then … var1: 1 Robust Distributed Programming

  23. Working with objects • Copy-operation:obj1.name1 := obj2.name2; • Move-operation:obj1.name1 <- obj2.name2; {obj2.name2 set to NULL} • Referencing:approach:store variable names in variablesvar1 := 2; {some lokal variable in subject}obj.[var1] := 1; {obj.[var1] resolves to obj.2} var2 := “name“; obj.[var2] := 1; {obj.[var2] resolves to obj.name} • Delete-operation:obj.name := NULL; Robust Distributed Programming

  24. Better resource control Additional commands open and close. • open(Subject s): activates s • close(Subject s): freezes (and saves) s • open(Relay r): activates r • close(Relay r): freezes (and saves) r • open(Object o): opens o for operations • close(Object o): closes (and saves) o New subjects/relays/objects initially open. Robust Distributed Programming

  25. Better resource control In addition, use policies: • Policies for permitted calls along links. • Policies for resource use of subject and its descendents. Still under development… Robust Distributed Programming

  26. Nice features • Rigorous designs of systems possible that are robust against identity theft and DoS attacks • Secure grid computing • Digital rights management • Anonymity and privacy • … BUT: How to realize subjects environment? Robust Distributed Programming

  27. Implementation User Internet ISP • User: subjects & internal relay points • ISP: external relay points (quota) Robust Distributed Programming

  28. Questions? Contact scheideler@in.tum.de Robust Distributed Programming

More Related