Foundations of Secure Networked Computing

Participants:Chen-Nee ChuahJoan Feigenbaum

Russell ImpagliazzoMatti Kaariainen

Karl LevittScott ShenkerSalil Vadhan

Directions

• Problems raised by networks to be solved by ToNC.

More exciting:• Networking problems can lead ToNC to develop new

theoretical frameworks.

• ToNC can provide new paradigms for thinking about networking.

Where do security & reliability fit?

• First: building & running networks– Security-aware network architecture– Preventing, detecting, and recovering from attacks/failures

• Then: secure applications!– Modern crypto allows information to be used without revealing it– Google: Web search, e-mail, remote data storage– Auctions– E-voting– Databases, datamining– Real-time computing/control– Outsourced/grid computation– And much more…

Cryptography

• Crypto not limited to “transforming data”.

• ToC takes a broad view: secure multiparty computation9 protocols for performing any task in face of adversarial behavior

• Security questions not traditionally addressed – What tasks to allow (privacy)– Denial of service– Cascading failures (critical infrastructure)– Malware (worms, viruses)

Why? Conservative tendency

Extending Scope of Cryptography

• Model of adversary/faults: – monolithic vs. non-colluding– Byzantine vs. random vs. selfish

• Notions of “security”– Traditional crypto: black & white– Quantitative measures – tradeoffs between security, privacy,

reliability, utility, resource depletion– System-wide vs. individual guarantees– What are we protecting - data, resources, channel?

• Want formal models, proofs of security– Don’t forget lessons learned (why we are so conservative)

Security Infrastructure/Architecture

What can be built into a “clean-slate” architecture to enable security & reliability? [FIND/GENI]

• Can make difference between impossible & possible.

• Examples: secure logger, crypto “set-up” assumptions, key infrastructure, randomness beacons, micropayments, anonymous channels, …

• Separation of concerns (protecting channel vs. data, mechanism vs. policy, long-term vs. short-term)

Interactions between Protocols

“Stand-alone” security/reliability/performance not necessarily maintained when protocols executed concurrently in complex network environment.

• Crypto community studying concurrent security, “universal composability”. Far from fully understood.

• Overlay networks optimizing resources (Chen-Nee).

• Dependency graph, predict what will happen.

Specifying/monitoring/verifying security & reliability properties

• Need language for expressing desired properties, and automatic tools for verifying (or designing) protocols & configuration

• Both static properties & real-time behavior– What to measure?– Decide what to monitor when designing architecture/protocols

• Bridge between logic/formal methods, probabilistic/learning models, and crypto.

• Troubleshooting & fault isolation

More

• Network Models– Wireless, optical switches, time-varying– How do these affect security, reliability?

• New Threats– Spam, DoS, clutter– Cascading failures (critical infrastructure)– Worms, viruses, intrusion