Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trustless Grid Computing in Bor-Yuh Evan Chang, Karl Crary, Margaret DeLap, Robert Harper, Jason Liszka, Tom Murphy VII, Frank Pfenning

Published byJerome Watson Modified over 9 years ago

Similar presentations

Presentation on theme: "Trustless Grid Computing in Bor-Yuh Evan Chang, Karl Crary, Margaret DeLap, Robert Harper, Jason Liszka, Tom Murphy VII, Frank Pfenning"— Presentation transcript:

1 Trustless Grid Computing in Bor-Yuh Evan Chang, Karl Crary, Margaret DeLap, Robert Harper, Jason Liszka, Tom Murphy VII, Frank Pfenning http://www.cs.cmu.edu/~concert/

2 2 The ConCert Project Create a system and technologies for trustless grid computing in ad hoc, peer-to-peer networks. – Trust model based on code certification. – Grid framework using this model. – Advanced languages for grid computing. – Applications of trustless grid computing. Interplay between basic research in type theory and logic, programming practice. This talk: code certification, grid framework

3 3 Why Peer-to-Peer? Symmetric view of the network (giant computer with many keyboards: any programmer can run tasks on the grid) Enables ad-hoc collaboration No single point of failure Lots of hard research problems!

4 4 Establishing Trust Relationships Fundamental difficulty in peer-to-peer grid computing: establishing trust. Code may be malicious (or simply buggy) Cycle volunteers must trust that the code is safe to run Native code is desirable: grid applications cycle-bound (other ideas such as authentication …)

5 5 Safety Policies The ConCert system is policy-based. “I only accept code that …” “… is memory safe.” “… does not write to my disk.” “… uses parsimonious resources.” etc.

6 6 Certifiable Policies Certifiable now: Memory safety, control-flow safety Compliance with abstraction boundaries From these, many others (by controlled access to APIs and system calls) Work in progress: Resource usage (CPU, memory) Privacy and information-flow properties … how exactly are these certified?

7 7 Certification Mathematical certification of policies Proof (“certificate”) that the donor’s policy is met Based on intrinsic properties of code, not the code producer’s reputation Proofs in a specific machine-checkable form. Basic technology: Certified Code

8 8 Certified Code Source language enjoys safety properties. Java, Standard ML, Safe C, … Compiler transfers safety properties to object code. (But we don’t need to trust the compiler!) The compiler “knows why” the object code is safe Compiler produces the proof of safety No extra burden on the app developer (Bonus: great engineering benefits for compiler writers)

9 9 Certified Code Several certified code systems. Proof Carrying Code (PCC: Necula, Lee): Compiler produces a safety proof in logic Verification consists of proof checking Typed Assembly Language (TAL: Morrisett, Crary et al.): Compiler produces type annotations for the machine code that imply safety Verification is type-checking Both technologies work with native code No expensive/complicated JIT compilation step Allows for hand-tuned/proved inner loops

10 10 Typed Assembly Language A taste of TAL code: _fact: LABELTYPE MOV EDX, DWORD PTR [ESP+4] MOV EAX, subsume(,1) MOV ECX, subsume(,2) FALLTHRU forTest4: LABELTYPE CMP ECX, EDX JGE forEnd6 IMUL EAX, ECX ADD ECX, 1 JMP tapp(forTest4, ) forEnd6: RETN int fact(int i) { int r = 1; for(int j = 2; j < i; j ++) r *= j; return r; }

11 11 Typed Assembly Language A taste of TAL code: _fact: MOV EDX, DWORD PTR [ESP+4] MOV EAX, subsume(,1) MOV ECX, subsume(,2) FALLTHRU forTest4: LABELTYPE CMP ECX, EDX JGE forEnd6 IMUL EAX, ECX ADD ECX, 1 JMP tapp(forTest4, ) forEnd6: RETN int fact(int i) { int r = 1; for(int j = 2; j < i; j ++) r *= j; return r; }

12 12 Typed Assembly Language Size of certificates is a point of concern For TAL, |certificate|  |code| lightharp.o (stripped) 122.5k lightharp.to 92.3k Working on techniques to reduce this overhead Code is cached; certificate can be deleted after it is verified once

13 13 Checkpoint! A certified code system is: A way of supplying a proof that object code meets a safety policy A way of verifying that proof Next: A peer-to-peer grid framework based around this technology.

14 14 The ConCert Framework Difficult distributed computing task: Thousands of nodes Trustless environment High failure rate Our engineering strategy: Intensely simple network abstraction Programming languages provide more convenient abstractions on top of the network

15 15 The ConCert Framework The ConCert network looks like this: A number of symmetric grid peers, that serve and run the work. Result: 120 Clients, that submit the initial work and collect and display the results.

16 16 Cords Cords are the unit of work on the grid. Break up a program into smaller parts Can be scheduled more easily Can support failure recovery Like compiler’s “basic blocks” Split by communication structure, not jmp s Usually containing significant computation “… factor the number n.” “… evaluate this chess position 3 moves deep.”

17 17 certificate code A70381…108F3B…0A311E… dependencies result Cords Identified by MD5 hash of code, certificate, dependencies. (talk about dependencies)

18 18 Cords Cords obey three rules: Once a cord is ready to run, it does not block No “waiting” for another cord’s result Cords are idempotent Failed cords can be re-run Cords don’t rely on effects of other cords Communication explicit through dependencies

19 19 Cords Not as restrictive as they may seem: Cords can create new cords. (This is where certified code is really important!) Some styles of parallelism can be coded up Continuation passing style  fork-join parallelism Compiler should be able to do this for you Not yet clear what grid apps require more This is validated by our prototype applications.

20 20 Locator Scheduler Worker(s) A Grid Participant (the Conductor software) Discover other Participants Maintain a set of cords that are ready to run (dependencies filled); Manage results returned by workers Contact local and remote Schedulers to find cords. Download, verify the certificates, and run the code. Return the result.

21 21 Applications Several Applications in the ConCert framework: Lightharp: Ray Tracer Trivial branching with depth = 1 External client “joins” on the cords it inserts Iktara: Theorem Prover for Linear Logic Sophisticated communication requirements Only runs on simulator now Tempo: Chess Player Jamboree algorithm (cite?) Fork-join style, depth > 1

22 22 Related/Future: Programming Languages How to write grid applications? Language primitives for mobile code Code transformations and compilation techniques Compiler does the dirty work

23 23 Related/Future: Answer Verification Certified code establishes trust in one direction. But what about malicious volunteers? Might always give the same, wrong answer. Might collude with other donors to coordinate attacks! Some problems have self-certifying results. Factorization: check that n * m = k Theorem proving: proof checking is easy For other problems, use cryptography and voting or other techniques. (?) A work in progress!

24 24 Conclusion Certified Code is the enabling technology for ad hoc peer-to-peer Grid computing. ConCert is a policy-based framework where code comes with a proof (certificate) of safety within that policy. Proofs can be generated automatically by the compiler. Cords are an appropriate basic unit of abstraction for such a network: They provide sufficient expressiveness while supporting failure recovery and straightforward scheduling algorithms.

25 25 http://www.cs.cmu.edu/~concert/

Download ppt "Trustless Grid Computing in Bor-Yuh Evan Chang, Karl Crary, Margaret DeLap, Robert Harper, Jason Liszka, Tom Murphy VII, Frank Pfenning"

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.
Code Optimization and Performance Chapter 5 CS 105 Tour of the Black Holes of Computing.

Code Optimization and Performance Chapter 5 CS 105 Tour of the Black Holes of Computing.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Trustless Grid Computing in Bor-Yuh Evan Chang, Karl Crary, Margaret DeLap, Robert Harper, Jason Liszka, Tom Murphy VII, Frank Pfenning

Trustless Grid Computing in Bor-Yuh Evan Chang, Karl Crary, Margaret DeLap, Robert Harper, Jason Liszka, Tom Murphy VII, Frank Pfenning
Type Analysis and Typed Compilation Stephanie Weirich Cornell University.

Type Analysis and Typed Compilation Stephanie Weirich Cornell University.
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.

Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 20: Total Correctness; Proof-

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 20: Total Correctness; Proof-
March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.

March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.
ESP: A Language for Programmable Devices Sanjeev Kumar, Yitzhak Mandelbaum, Xiang Yu, Kai Li Princeton University.

ESP: A Language for Programmable Devices Sanjeev Kumar, Yitzhak Mandelbaum, Xiang Yu, Kai Li Princeton University.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.

Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu

Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)

An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)
The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI 297 5.31.2005.

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI
Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.

Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.
Assurance through Enhanced Design Methodology Orlando, FL 5 December 2012 Nirav Davé SRI International This effort is sponsored by the Defense Advanced.

Assurance through Enhanced Design Methodology Orlando, FL 5 December 2012 Nirav Davé SRI International This effort is sponsored by the Defense Advanced.
Trustless Grid Computing in ConCert (Progress Report) Robert Harper Carnegie Mellon University.

Trustless Grid Computing in ConCert (Progress Report) Robert Harper Carnegie Mellon University.

Similar presentations

Ads by Google