Upload
donovan-williams
View
32
Download
1
Tags:
Embed Size (px)
DESCRIPTION
SeT: Secure Service Technology for Dependable e-Business/Government Applications. Jie Xu, Keith Bennett and Malcolm Munro The SeTech Centre Department of Computer Science University of Durham. The SeTech Centre at Durham. Funding Sources: EPSRC/DTI, NEeS Centre - PowerPoint PPT Presentation
Citation preview
125-27/11/02 Pisa
SeT: SeT: Secure Service Technology Secure Service Technology
for Dependable e-Business/Government Applicationsfor Dependable e-Business/Government Applications
Jie Xu, Keith Bennett and Malcolm Munro
The SeTech Centre
Department of Computer Science
University of Durham
225-27/11/02 Pisa
The SeTech Centre at DurhamThe SeTech Centre at DurhamFunding Sources: EPSRC/DTI, NEeS CentreIndustrial Partners (Sun, Sharp, Sparkle etc)
Technical Board:Jie Xu (Distributed Systems & Dependability)Keith Bennett (Service-Based Architecture)Malcolm Munro & Nick Holliman (Visualisation)
Research Staff:6 Academic Staff Members + 12 Research Staff Members
Hardware Testbed:A Sun 32 CPU UltraGrid computer connected to a network of Sun servers and workstations with an upgraded Gigabit link between Durham and Newcastle
Close Collaborations: The Pennine Group, EU and USA univ. & insti.
325-27/11/02 Pisa
The SeTech Centre BuildingThe SeTech Centre Building
425-27/11/02 Pisa
Problems and ChallengesProblems and Challenges
The Problem
- Coordinated resource sharing & problem solving in large- scale, dynamic, multi-institutional virtual organisations
Major Technical Obstacles
- Inflexible, protocol-specific architectures & approaches- Difficulty in structuring and writing such large-scale programs- Security risks and malicious attacks- Many risks and problems rooted in software
525-27/11/02 Pisa
ee-Demand:-Demand: A Software-BasedA Software-Based SolutionSolution
The Demand-Led Service-Based Architecture - New service-based model for organising flexible e-business/ government applications - An instance of the architecture to be implementedGeneric Services, e.g. our unique SIR technique - Support for secure and attack-tolerant information sharing - 3D visualisation service for program/information comprehension
Fault-Injection-Based System Evaluation - The FITMVS tool, supported by clusters of workstations - Evaluation with respect to faults/attacks/performance
625-27/11/02 Pisa
Architectural EvolutionArchitectural Evolution
Applications
Transport
Internet
Link
Internet Architecture
Resources
Connectivity
Resource Management
Coordination ofMultiple Resources
Applications
Protocol-Based Architecture
e-Actions
Service-Based Architecture
ISPs, CSPs, SPs
Information, NegotiationSettlement, After-Services
Generic Services:Security, FTVisualisation
725-27/11/02 Pisa
Service-Based Architectural ModelService-Based Architectural Model
Contractor/assemblyservice provider
Contractor/assemblyservice provider
Catalogue/ontologyprovider
Catalogue/ontologyprovider
Serviceconsumer
Service/solutionprovider
Demand
Provision
Ultra-Late Binding
Finding
Publishing
e-Action service
Attack-tolerance service
Auto-3D service
825-27/11/02 Pisa
The Attack-Tolerant PIR SchemeThe Attack-Tolerant PIR Scheme Private Information Retrieval (PIR) - Normal query to a (remote) database: give me the record x - PIR query: compute functions F1, F2, …, Fk for me over x, y, z, ...
(reconstruct x locally based on the results of F1, F2, …, Fk) Attack/Failure Models of Remote DB Servers - Honest-but-Curious (HbC): query with K functions (computing tasks) - HbC & loss of results: query with K + L functions - Malicious hosts (may change the results deliberately): 2 different queries (i.e. 2K functions for detection) or (f + 2) queries for tolerating f attacks/failures
New Approach: a query with K signed functions (detection) for tolerating f attacks/failures
Application Domains: critical information services, healthcare etc.
925-27/11/02 Pisa
The System Architecture The System Architecture
A11 A12 A1m
A21 A22 A2m
An1 An2 Anm
request manager
mobile code dispatcher
request
A1A2
An
(local host)user application
A1, A2 … An
result manager
mobile code collector
result
A1, A2 … An
Internet
host 1 host 2 host m
(pieces of code)
1025-27/11/02 Pisa
An Implementation for Real DBsAn Implementation for Real DBs (Mobile Code Enabled) Network Environment
IncomingDaemon
IncomingDaemon
Arrival
OutgoingDaemon
OutgoingDaemon
Dispatching
RequestProcess
RequestProcess
RemoteServices(e.g. databases)
IncomingDaemon
IncomingDaemon
Arrival
OutgoingDaemon
OutgoingDaemon
Dispatching
RequestProcess
RequestProcess
RemoteServices(e.g. databases)
IncomingDaemon
IncomingDaemon
Arrival
OutgoingDaemon
OutgoingDaemon
Dispatching
RequestProcess
RequestProcess
RemoteServices(e.g. databases)
H1 H2Hm
SeCode ServicesSeCode Services
User ApplicationUser Application
REQUEST RESULT
Local Host
pieces of code pieces of code
Private Information Retrieval Computation over Finite Field
0
20000
40000
60000
80000
100000
120000
140000
160000
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Length of quries
Pro
ces
sin
g t
ime
(m
s)
s
k
n
primeS
F0
Time
Length of Queries vs.Execution Time