Trust Propagation using Cellular Automata for UbiComp
28th May 2004
——————
Dr. David Llewellyn-Jones, Prof. Madjid Merabti, Dr. Qi Shi, Dr. Bob Askwith
——————
School of Computing and Mathematical Statistics
Liverpool John Moores University
James Parsons Building
Byrom Street
Liverpool, L3 3AF, UK
{D.Llewellyn-Jones, M.Merabti, Q.Shi, R.Askwith}@livjm.ac.uk
http://www.cms.livjm.ac.uk/PUCsec/
Problem
• Traditional security applied to– Individual computers
– Domains of computers
• Improved by allowing multiple computers to work together– Particularly relevant in a UbiComp environment
Trust
• How can a large number of loosely affiliated devices trust each other?
• We propose a simple, scalable method for propagating trust in a UbiComp environment
• Example – using direct connections
Trust
• If a does not trust b, it is useful to propagate this information• Developed to allow distributed analysis of components for
maintaining security• Could be used
– to ensure correct analysis of components (is b returning correct results?)
– to prevent viruses spreading (does b have a virus?)
– to improve privacy through encryption (is b encrypting data?)
Solution
• We use a system of cellular automata to maintain and propagate trust information around the network
• What are cellular automata?– Studied mathematically, e.g. by John von Neumann (1949), Stephen
Wolfram (1983)
– Used to discretely model differential equations and real world systems
– Each cell has a state and transition function
– A cell applies its transition function to its state and the state of the cells around it
– Every cell does this at each step
Cellular Automata
• Important properties:– Cells only need to know about a small neighbourhood – e.g. adjacent cells
– Transition functions are very simple
– With many cells, produces complex emergent behaviour
The whole is more than the sum of its parts• Example: Conway’s “Game of Life”
Cellular Automata
• Important properties:– Cells only need to know about a small neighbourhood – e.g. adjacent cells
– Transition functions are very simple
– With many cells, produces complex emergent behaviour
The whole is more than the sum of its parts• Example: Conway’s “Game of Life”
Cellular Automata
• Important properties:– Cells only need to know about a small neighbourhood – e.g. adjacent cells
– Transition functions are very simple
– With many cells, produces complex emergent behaviour
The whole is more than the sum of its parts• Example: Conway’s “Game of Life”
–Created by John Conway in 1970
–Studied by mathematicians and computer scientists
–Very simple rules, but complex result
Cellular Automata
• How can we use cellular automata?– Each node in the UbiComp environment represents a cell of the cellular
automaton
– Each node executes a simple transition function
– We want to harness the complex emergent properties to manage and distribute the trust information
• The “Game of Life” network
Cellular Automata
• For an effective system, we must choose the correct transition function
• This will determine the emergent behaviour
Emergent Behaviour
• A security breach causes a reduction of the trust in the node• The effect is like pulling down on an elasticated blanket
• This localises the effect of a security breach
Generating Networks
• Networks are normally far more complex than nodes arranged in a grid– For an effective system, more complex structures must be considered
– Transition function is updated to handle such structures
• Experiments used the Klemm-Eguíluz method for generating a network topology– Small-World graph
– Small average distance between nodes
– High clustering coefficient
– Scale-free network
– Satisfies power-law connectivity distribution
Experimental results
• Malicious code propagation experiment– Malicious code reproduces itself to neighbouring nodes
– Some nodes are able to detect the malicious code
– Nodes only spend a certain proportion of time checking for malicious code
– If detected, the nodes trust is adversely affected
• Experiment details– 19600 node Klemm-Eguíluz network
– Control experiment: same network but no Cellular Automata effect
– Initially malicious code added to five random nodes
– Experimental run of 2000 cycles
Experimental results
100% enabled, fast propagation
Experimental results
85% enabled, fast propagation
Experimental results
85% enabled, fast propagation, 20% active
Conclusion
• Initial tests show that trust can be effectively propagated using cellular automata techniques
• The process relies on the emergent properties of the system• There is little theory properly relating transition functions
with emergent properties in a network environment
• We hope to use the system described to allow distributed code analysis in a UbiComp environment
The End
Thankyou for your time
www.cms.livjm.ac.uk/PUCsec