lightweight consistency enforcement schemes for distributed proofs with hidden subtrees adam j. lee,...
TRANSCRIPT
![Page 1: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/1.jpg)
Lightweight Consistency Enforcement Schemes for
Distributed Proofs with Hidden Subtrees
Adam J. Lee, Kazuhiro Minami, and Marianne Winslett
University of Illinois at Urbana-ChampaignJune 21, 2007
http://dais.cs.uiuc.edu/dais/security
![Page 2: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/2.jpg)
2
Knowledgebase
Knowledgebase
Knowledgebase
Knowledgebase
P0 P1
P2
P3
Distributed proof system
Construct a proof in a peer-to-peer way Each peer maintains local security
policies
![Page 3: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/3.jpg)
3
P0 P1
P2
P3
Distributed proof system
Construct a proof in a peer-to-peer way Each peer maintains local security
policies
![Page 4: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/4.jpg)
4
Securitypolicies
Securitypolicies
Securitypolicies
Securitypolicies
P0 P1
P2
P3
Distributed proof system
Construct a proof in a peer-to-peer way Each peer maintains local security
policies
domain A domain Bdomain d
domain C
![Page 5: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/5.jpg)
5
P0 P1
?grant(alice, database)
true
√Querier
P2
P3
?location(alice, hospital)
?role(alice,doctor)
true
true
Locationserver
Roleserver
Distributed proof system
Construct a proof in a peer-to-peer way Each peer maintains local security
policies
![Page 6: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/6.jpg)
6
Policy Directed Proof Construction
Integrity trust Confidentiality trust
![Page 7: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/7.jpg)
7
Policy Directed Proof Construction
Confidentiality trust
![Page 8: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/8.jpg)
8
Projector
Room 2124
Temporal Consistency Issue in Distributed Proving
Show medical recordsif only Alice is in the roomand the door is locked.
Access control policy
![Page 9: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/9.jpg)
9
Consistency Issue in Distributed Proving
P0 P1
P2
?occupancy_one(2124, alice)
P3
Locationserver
Doorsensor
?grant(alice, projector)
Alice
Bob
Door(open)
Time: T1
trueRoom 2124
Alice
![Page 10: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/10.jpg)
10
Consistency Issue in Distributed Proving
P0 P1
P2
?occupancy_one(2124, alice)
P3
Locationserver
Doorsensor
?grant(alice, projector)
AliceBob
Door(locked)
Time: T2
trueRoom 2124
![Page 11: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/11.jpg)
11
Consistency Issue in Distributed Proving
P0 P1
P2
?occupancy_one(2124, alice)
P3
?locked(2124)
Locationserver
Doorsensor
?grant(alice, projector)
Bob
Time: T3
true
true
true
Alice
Door(locked)
√
Medicalrecords
![Page 12: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/12.jpg)
12
Incremental evaluation of fact validity may not be
enough
Only Aicein room 2124
Door locked
√
T1 T2
√
T3
![Page 13: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/13.jpg)
13
View Consistency Problem
How to enforce temporal consistency based on the local view of a querier?
Challenges:• The validity of a statement fluctuates
dynamically• No clock synchronization across
different hosts• Possible hidden subproof from a querier
![Page 14: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/14.jpg)
14
View V is a set of fact states Fact state s is a tuple that contains• fact id• time interval• Interval type: {Concrete, Fuzzy}
• Concrete: fact f is valid all the times t in the interval
• Fuzzy: fact f is valid at some (possibly unknown) time in the interval
View and fact state
![Page 15: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/15.jpg)
15Three Levels of View Consistency
Incrementalconsistency
Query consistency
Intervalconsistency
View V
Restrictiveness
![Page 16: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/16.jpg)
16
Each fact provider returns a pair (f, d) where d is the duration of fact’s validity
Enforcement Algorithm for Query Consistency
Querier Fact provider
![Page 17: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/17.jpg)
17
Each fact provider returns a pair (f, d) where d is the duration of fact’s validity
Enforcement Algorithm for Query Consistency
Querier Fact provider
![Page 18: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/18.jpg)
18
The algorithm of query consistency could miss lots of valid proofs if proof construction takes long
May want to keep track of authorization continuously
Motivation towards Interval Consistency Enforcement
![Page 19: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/19.jpg)
19
The algorithm of query consistency could miss lots of valid proofs if proof construction takes long
May want to keep track of authorization continuously
Motivation towards Interval Consistency Enforcement
first responder
![Page 20: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/20.jpg)
20
Approach for Interval Consistency
Querier Fact provider
Query
True
Verify
True
Fuzzyinterval
Fuzzyinterval
Concreteinterval
Recheck the validity of a constructed proof
![Page 21: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/21.jpg)
21
Goals for Interval Consistency Enforcement
Recheck the validity of a proof efficiently
Preserve security policies of each peers
Querier
Proof
1. construct 2. verifyQuerier
Sub-proof
Leaf nodeentities
![Page 22: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/22.jpg)
22
Leaf Node Exposure Strategy
Recheck fact validity directly with leaf node entities
√
![Page 23: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/23.jpg)
23
Leaf Indirection Strategy
To preserve the privacy of leaf node entities, recheck fact validity by way of a trusted indirection entity
![Page 24: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/24.jpg)
24
Evaluation
Measure overhead latency for enforcing interval consistency
System consists of 12,500 lines of Java code• Java Cryptographic Extension
framework to implement RSA and TDES operations
25 node cluster with 100Mbit Ethernet
![Page 25: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/25.jpg)
25
Latency for Handling Queries
Number of nodes in a proof tree
Late
ncy
(ms)
Leaf indirectionLeaf exposureProof construction
10 - 15%overhead
![Page 26: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/26.jpg)
26
Latency for Handling Queries
Number of nodes in a proof tree
Late
ncy
(ms)
Leaf indirectionLeaf exposureProof construction
25 - 30%overhead
![Page 27: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/27.jpg)
27
Related Work
View consistency in automatic trust negotiation [Lee06]
Antigone Context Framework [McDaniel03]
Transaction management in distributed systems
Consistent snapshots [Chandy85]
![Page 28: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/28.jpg)
28
Summary
Formal definitions of view consistency in distributed proving
Safe and efficient enforcement algorithm
Modest overhead of our enforcement scheme for interval consistency
![Page 29: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/29.jpg)
29
Technical report: http://dais.cs.uiuc.edu/dais/security/tmcspubs.php
Questions?
![Page 30: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/30.jpg)
30
Backup
![Page 31: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/31.jpg)
31
Peer-to-Peer Proof Construction
Query Subproof
Peer
Peer Peer
Query
Subproof
Each peer consists of an inference engine and a knowledge base
Each peer constructs a part of a whole proof
![Page 32: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/32.jpg)
32
Distributed Proof Construction Algorithm by Minami and Kotz
Use Datalog as a logical language Express trust among principals in
terms of integrity and confidentiality
Querier Handler
Correctness of an answer(integrity)
Secrecy of facts(confidentiality)
![Page 33: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/33.jpg)
33Remote Query between Two principals
Host A Host B
grant(P, projector) location(P, room112)
?location(Bob, room112)
Integrity Policies
trust(location(P,L)) = {Host_B}
TRUE
request
User Bob Confidentiality Policies
acl(location(P,L)) = {Host_A}
F1 owner(bob, pda15)F2 deviceAt(pda15, room112)
R location(P,L) owner(P,D)deviceAt(D,L)
R
F1 F2
Prooftree
![Page 34: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/34.jpg)
34
Enforcement of Confidentiality Policies
![Page 35: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/35.jpg)
35
Hidden Leaf Nodes
Transparent from
Hidden leaf nodes
Leaf nodes transparent from the original querier
Example:
![Page 36: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/36.jpg)
36
Requery Strategy
Construct the same proof twice
Need caching at intermediate nodes
Involves high communication overhead
Cache
![Page 37: Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University](https://reader035.vdocument.in/reader035/viewer/2022062408/56649f0d5503460f94c21148/html5/thumbnails/37.jpg)
37
Each fact provider returns a pair (f, d) where d is the duration of fact’s validity
Enforcement Algorithm for Query Consistency
Querier Fact provider
Query
Proofwhere is the maximum clock drift
f’s validityduration