![Page 1: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/1.jpg)
Addressing the Trust AsymmetryProblem In Grid Computing with
Encrypted Computation
Peter A. DindaPrescience Lab
Department of Computer Science
Northwestern University
http://plab.cs.northwestern.edu
![Page 2: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/2.jpg)
2
Takeaway
• Trust asymmetry is a core, unresolved problem in scalable computing
• Encrypted computation is the right approach
• This community is the right one to solve this problem
![Page 3: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/3.jpg)
3
Outline
• Trust asymmetry problem
• Critique of approaches
• Encrypted computation scheme– Boolean circuits– Basic blocks– Control flow
• Discussion
![Page 4: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/4.jpg)
4
Trust Asymmetry
Input
Program
![Page 5: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/5.jpg)
5
Trust Asymmetry
Input
Program
Secure Channel
![Page 6: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/6.jpg)
6
Trust Asymmetry
Input
Program
Secure Channel
Output
![Page 7: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/7.jpg)
7
Trust Asymmetry
Input
Program
Secure Channel
OutputOutput
![Page 8: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/8.jpg)
8
Trust Asymmetry
Input
Program
Secure Channel
OutputOutput
Protected Execution Environment
![Page 9: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/9.jpg)
9
Trust Asymmetry
Input
Program
Secure Channel
OutputOutput
Protected Execution Environment
![Page 10: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/10.jpg)
10
Trust Asymmetry
• Provider need not trust user at all
• User must trust provider completely
![Page 11: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/11.jpg)
11
Consequences
• Scaling limited to machines user trusts
• Very large scale domain limited to low stakes applications
• SETI@HOME, DESCHALL, etc.
• High stakes applications have limited provider pool
• IBM, Sun, other vendors willing to do indemnification
• Economic inefficiency
![Page 12: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/12.jpg)
12
Approaches
• Trust chains
• Attestation
• Obfuscation
• Encrypted computation
![Page 13: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/13.jpg)
13
Trust Chains
• No direct protection of input, code, or output
• I trust X to do A because Y, who I trust, says I can– Chains of such trust assertions– Digital certificates– Example: SSL Certificates on the web– Example: Grid Certificates [Globus]
![Page 14: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/14.jpg)
14
Problems
• Human in the loop…– Slow
• Or human has to write policy– Easy to get wrong
• Trust chains are complex to understand and evaluate against policy– Area of current research!
• Revocation
![Page 15: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/15.jpg)
15
Attestation
• Certificate chain rooted in trusted hardware attests to software stack of machine [Terra, Paladium]
• Run only if you trust the software stack
![Page 16: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/16.jpg)
16
Problems
• How do you know a software stack is OK?– Human in the loop…– Or writing policy
• What happens when stack changes?– Patches– “Semantic attestation”
![Page 17: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/17.jpg)
17
Obfuscation
• Use compiler optimization technology to make code confusing [Collberg]
![Page 18: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/18.jpg)
18
Problems
• No protection of input or output
• No proofs of difficulty of subversion
![Page 19: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/19.jpg)
19
Encrypted Computation
• Apply techniques invented for encrypted communication
• Algorithm-specific techniques [Sander,Song]
• General purpose techniques– Typically focuses on Boolean circuit
![Page 20: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/20.jpg)
20
General Purpose Encrypted Computation
• Seminal work: Abadi&Feigenbaum– Secure evaluation of Boolean circuit– “Interactive”
• More recently: Non-interactive– Sander and Tschudin: polynomials– Loureiro: Boolean circuits
![Page 21: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/21.jpg)
21
Desirable Properties
• Protect inputs, outputs, and algorithm
• No trust needed at all
• Detect lies
• Analogy with communication– We don’t have to trust an Internet path– Trust is limited to endpoints
![Page 22: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/22.jpg)
22
Problems
• Very abstract and theoretical– No implementations
• Unclear performance issues
• These are things the compiler community can help with
![Page 23: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/23.jpg)
23
Our Simple MethodFor Boolean
Circuits
X
f
Secure Channel
Y
Protected Execution Environment
![Page 24: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/24.jpg)
24
Our Simple Method For Boolean Circuits
X
f
Y
E DOne-time pads
f’E DX’ Y’
Remote Execution
![Page 25: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/25.jpg)
25
Example: Y = fXx1x2
x3
y1
y2
X1 X2 X3 Y1 Y2
0 0 0 0 0
0 0 1 1 0
0 1 0 0 1
0 1 1 1 0
1 0 0 1 0
1 0 1 1 1
1 1 0 0 1
1 1 1 0 1
![Page 26: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/26.jpg)
26
One-time Pad Refresher
• One of the oldest, but most secure encryption systems
• Have random bit sequence E
• Encrypt bit sequence X using X’ = X xor E
• Decrypt by X = X’ xor E
![Page 27: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/27.jpg)
27
XOR as Multiplexor
x
e
e
x
![Page 28: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/28.jpg)
28
Procedure
• Choose pads E and D
• Example– E = 1,0,1– D = 1,0
• Where bit is 1, double-invert
f’=DfE
fX
X’ Y’
Y
E E D D
f’=DfE
fX
X’ Y’
Y
E E D D
![Page 29: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/29.jpg)
29
x1x2
x3y1
y2
f’=DfEX X’ Y’
E E D D
Y
Y=DDfEEX
![Page 30: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/30.jpg)
30
Procedure
• Now “flatten” f’ back into sum of products and re-optimize
![Page 31: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/31.jpg)
31
x1’x2’
x3’y1’
y2’
X1’ X2’ X3’ Y1’ Y2’
0 0 0 0 1
0 0 1 0 0
0 1 0 1 0
0 1 1 1 1
1 0 0 0 0
1 0 1 1 0
1 1 0 0 0
1 1 1 1 1
f’=DfE
![Page 32: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/32.jpg)
32
x1x2
x3
y1
y2
X1 X2 X3 Y1 Y2
0 0 0 0 0
0 0 1 1 0
0 1 0 0 1
0 1 1 1 0
1 0 0 1 0
1 0 1 1 1
1 1 0 0 1
1 1 1 0 1
f
![Page 33: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/33.jpg)
33
Concerns
• Currently no proof of difficulty to subvert
• Circuit growth limit?
• Will an automatic optimizer simply find the original configuration?
• Detecting lies– Embedded test circuit with known behavior
“mixed” into circuit
• How much reuse can we have?
![Page 34: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/34.jpg)
34
Basic Blocks
• Obvious analog on data flow graph does not work
• Must convert data flow graph into Boolean circuit, apply technique, and then generate new basic block from the circuit
![Page 35: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/35.jpg)
35
Control Flow
• Generate Mealy or Moore machine
• Apply technique to combinational element
• Generate new code
![Page 36: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/36.jpg)
36
Concerns
• Code generation could “find” that the transparent implementation is best
• Efficient code generation from Boolean circuit
• Code size blowup
• Performance loss– Will determine in which regimes this is
practical
![Page 37: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/37.jpg)
37
Current Status
• Proving how difficult it is to “unfold” the collapsed circuit
• Working toward proof-of-concept implementation as binary-to-binary translator for .NET CLR
![Page 38: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/38.jpg)
38
Takeaway
• Trust asymmetry is a core, unresolved problem in scalable computing
• Encrypted computation is the right approach
• This community is the right one to solve this problem
Demonstrated straightforward scheme
![Page 39: Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern](https://reader037.vdocument.in/reader037/viewer/2022110319/56649c765503460f94929d08/html5/thumbnails/39.jpg)
39
For MoreInformation
• Prescience Lab– http://plab.cs.northwestern.edu
• Virtuoso– http://virtuoso.cs.northwestern.edu
• Join our user comfort study!– http://comfort.cs.northwestern.edu