Computer Laboratory

Technical reports

Trust for resource control: Self-enforcing automatic rational contracts between computers

Brian Ninham Shand

August 2004, 154 pages

This technical report is based on a dissertation submitted February 2004 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Jesus College.

This research was supported by ICL, now part of Fujitsu, through the Computer Laboratory's ICL studentship, and by the Overseas Research Students award scheme, the Cambridge Commonwealth Trust, and the SECURE EU consortium.

Abstract

Computer systems need to control access to their resources, in order to give precedence to urgent or important tasks. This is increasingly important in networked applications, which need to interact with other machines but may be subject to abuse unless protected from attack. To do this effectively, they need an explicit resource model, and a way to assess others’ actions in terms of it. This dissertation shows how the actions can be represented using resource-based computational contracts, together with a rich trust model which monitors and enforces contract compliance.

Related research in the area has focused on individual aspects of this problem, such as resource pricing and auctions, trust modelling and reputation systems, or resource-constrained computing and resource-aware middleware. These need to be integrated into a single model, in order to provide a general framework for computing by contract.

This work explores automatic computerized contracts for negotiating and controlling resource usage in a distributed system. Contracts express the terms under which client and server promise to exchange resources, such as processor time in exchange for money, using a constrained language which can be automatically interpreted. A novel, distributed trust model is used to enforce these promises, and this also supports trust delegation through cryptographic certificates. The model is formally proved to have appropriate properties of safety and liveness, which ensure that cheats cannot systematically gain resources by deceit, and that mutually profitable contracts continue to be supported.

The contract framework has many applications, in automating distributed services and in limiting the disruptiveness of users’ programs. Applications such as resource-constrained sandboxes, operating system multimedia support and automatic distribution of personal address book entries can all treat the user’s time as a scarce resource, to trade off computational costs against user distraction. Similarly, commercial Grid services can prioritise computations with contracts, while a cooperative service such as distributed composite event detection can use contracts for detector placement and load balancing. Thus the contract framework provides a general purpose tool for managing distributed computation, allowing participants to take calculated risks and rationally choose which contracts to perform.

Full text

PDF (1.1 MB)

BibTeX record

@TechReport{UCAM-CL-TR-600,
  author =	 {Shand, Brian Ninham},
  title = 	 {{Trust for resource control: Self-enforcing automatic
         	   rational contracts between computers}},
  year = 	 2004,
  month = 	 aug,
  url = 	 {http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-600.pdf},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-600}
}