https://homeostasis.scs.carleton.ca/wiki/api.php?action=feedcontributions&feedformat=atom&user=Mchou2Soma-notes - User contributions [en]2026-05-01T15:10:57ZUser contributionsMediaWiki 1.42.1https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=9238DistOS-2011W Justice2011-04-11T01:49:44Z<p>Mchou2: /* Conclusion */</p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
[[https://docs.google.com/present/edit?id=0AQJ2IGOeo68XZGhuNnJ0YjRfM2doZDg3Ymc5&hl=en&authkey=CK7Mk4YO Presentation]]<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four malicious acts; comment spam, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame, this might allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementations=<br />
Designing a complete justice system implementation is far beyond the scope of this project. This does not mean it is not important to describe the important features that a fully functional system would require and outline the potential benefits and shortcomings of the system. In fact, we were unable to come up with one unique system that would be feasible; instead we propose two potential implementations each with its own advantages and downsides. Although the implementations have different (and somewhat mutually exclusive) modes of operation, they both take a teleologic-retributive approach to justice. This means that punishments are viewed as necessary but they are imposed immediately if doing so would result in negatively impacting the performance or stability of the overall system. <br />
<br />
The remainder of this section details the two justice system implementations at a high level and describe how each system could handle three deviant behaviour scenarios; Comment Spam, Denial of Service Attacks and Phishing.<br />
<br />
==Local Implementation (Justice Web) ==<br />
<br />
===Overview===<br />
<br />
The implementation described in this section takes the above discussion involving justice, and applies it to the management of a computer network. The implementation is designed to be incrementally-deployable, so that it would be realistic for a network to use the proposed system. The implementation is entitled the “Justice Web”. <br />
<br />
The purpose of the Justice Web is to protect public-facing services from attacks coming from outside the network. This is accomplished by keeping a record of the criminal acts made by connections, and allowing the services access to these records. Criminal acts in this case are actions done by a connection that is considered harmful to the network. The record kept by the network is a “Morality Rating”, which is an integer meant to reflect the severity of the crime committed.<br />
<br />
===Assumptions===<br />
<br />
Certain assumptions must be made regarding the other class projects in order for this implementation to be deployable. Most importantly, it is assumed that there is some way in which the network can uniquely identify a computer that connects to the network. This allows the Justice Web to keep a criminal log of clients, and recognize if an offender is attempting to connect.<br />
<br />
===Morality Rating===<br />
<br />
Morality Rating (MR) is an integer assigned to computers that have connected to a service within the Justice Web. The purpose of the MR is to keep track of a computer’s past offenses, and allow services to restrict access using thresholds. For instance, a service within the Justice Web could restrict access to those above -100 MR.<br />
<br />
While the primary purpose of the Justice Web is to protect against attackers from outside the network, every node in the Justice Web is assigned an MR, which increases and decreases based on their actions within the network. Ideally, those with higher MR are allowed access to more shared resources, though this would be implementation specific.<br />
<br />
The MR assigned to a computer is local to the Justice Web that assigned the rating. For example, if two separate networks deploy a Justice Web, the ratings they assign do not affect the other network’s ratings.<br />
<br />
===Judges===<br />
<br />
In order to assign MR to offenders, an authority figure is needed to declare if a crime has been committed. In the Justice Web, this role is taken by the Judges, who may be one or more computers within the network. It is the Judges’ responsibility to create the rules of the network, gather the evidence when a claim is made, declare if a crime has been committed, and assign a new MR based on the ruling.<br />
<br />
How a Judge is picked isn’t set in stone, but in general it would be the node(s) in the network with the highest MR. Alternatively, the Judges could be picked through some democratic process.<br />
<br />
The judgments made are mostly automated, based on the rules of the network. However, it can be specified that certain crimes, such as a claim of a phishing scam being committed, be dealt with by a human.<br />
<br />
===Master List===<br />
<br />
The Justice Web is a virtual network, in that the nodes are not necessarily connected or even anywhere near each other. Because of this, it would be inconvenient and potentially harmful to have services look up a computer’s MR on every connection attempt. To prevent this, MR will be stored in a central location, but propagated throughout the network.<br />
<br />
This is done using a master-slave approach to database replication. The Judges of the network store the “Master List”, and propagate the data to the “Slave Lists” stored by the services within the network. The records stored by the Slave Lists is decided by the thresholds that the specific service has put in place. As mentioned in the Morality Rating subsection, a service can set thresholds to determine if a computer should be allowed access. In the example, an MR of -100 would be blocked from the service. If a service were to have only this threshold in place, it would only need to be aware of computers with -100 MR, and so would only store that data in its Slave List. Other approaches to distributing the list could leverage existing research in distributed file systems [15, 16].<br />
<br />
===Rules===<br />
<br />
Judges define and use rules to determine whether a crime has been committed. A rule consists of three parts: The offense, the proof needed, and the severity of the punishment. The offense is a name assigned to the crime, which services can claim has been committed. The proof is the required information for the judges to be able to make a conviction. The severity of the punishment is an integer value to negate from the offender’s current MR.<br />
<br />
Each network deploying a Justice Web specifies their own set of rules. These rules are made available to the public so that services within the network are aware of the crimes they can report. This is akin to a human justice system, where everyone under that legal system can see what actions constitute a crime (e.g., [http://laws-lois.justice.gc.ca/eng/acts/C-46/ the criminal code of Canada]).<br />
<br />
===Evidence===<br />
<br />
Evidence is used by the Justice Web to determine if a crime has been committed. Evidence is stored in encrypted logs located on a service’s computer, and submitted to the judges when a claim is made.<br />
<br />
Evidence logs are required to prove the occurrence of a rule violation. The Justice Web therefore requires hosts to keep logs of recent network (e.g., packet captures) and application layer activity (e.g., web server logs). We require these logs to be digitally signed or encrypted to ensure that the computer making the claim or any other system in the chain of custody does not tamper with evidence. When evidence is received by judges, the logs are decrypted and reviewed.<br />
The type of evidence required is varied, and is defined by the Judges of a network. For a DDoS attack, the Justice Web would potential be able to look at the evidence logs and determine which computers were actively involved in the attack, and which was legitimate traffic through the analysis of statistical evidence[17].<br />
<br />
===Membership===<br />
<br />
Membership of a Justice Web would be primarily public-facing services seeking protection from attacks. However, because there is the capability of sharing resources based on a node’s MR, there is reason for computers to join the network simply for accessing to these resources.<br />
<br />
==Global Implementation==<br />
===Overview===<br />
Extrapolating the concept of the local Justice Web to a multi-network environment is non-trivial. The Internet as we know it today is built by millions of interconnected local networks (hence the term ''Internet''). If we attempt to replicate the properties of the local Justice Web at a larger scale, we notice a few important issues:<br />
<br />
*'''Where should the master morality list be stored?''' - Distributed storage at a global level is possible, but is subject to tampering or simply denial of service (refusal to respond with the morality rating of a given host). <br />
<br />
*'''How are judges elected?''' - Self-governing entities often have a common set of laws. However, these laws are not necessarily the same laws as different self-governing entities. In the real world, cross-jurisdiction legal systems are known to exist. For example, the United Nations (UN) and the North Atlantic Treaty Organization (NATO) are organizations where countries participate in so-called "global councils". Generally in these types of councils, each participating member country appoints one or more people to represent the country's interests in the council. <br />
<br />
Due to these restrictions, we do not believe there is a possible incrementally deployable implementation such as the Justice Web, where hosts opt-in. This section briefly discuss a different approach to the Justice Web that attempts to deal with some of the restrictions mentioned above, at the expense of losing incremental deployability.<br />
<br />
=== Morality Rating ===<br />
<br />
The global implementation still requires the existence of a morality rating, but in a global setting, we require that all hosts have a morality rating built-in. By having each host store its own morality rating, we obsolete the concept of a "master list" or a "slave list" or morality ratings. The obvious requirement for a built-in morality rating is that the host itself should not be able to arbitrarily modify the value. One possible mechanism could be the use of a Trusted Platform (http://www.trustedcomputinggroup.org/developers/ TPM]) which allows encryption and decryption of data, but noes not allow the extraction of the private encryption key. Indeed, storing the morality rating within hosts rather than on external lists alleviates the need for distributed storage and allows better scalability, but also requires all hosts to be compliant with the mechanism. <br />
<br />
=== Connection management ===<br />
<br />
Due to the modified morality rating storage, there is no longer the need to look-up the morality rating of a host upon incoming connections. We therefore need a way to transmit the morality rating on each outgoing connection, so that the destination host (i.e., the server) can decide whether or not to allow the connection. A change of this type would mean changing underlying networking protocols to include a new field (the morality rating). If morality ratings are stored locally and transmitted as part of the network protocol, there would be far less overhead than in the Justice Web. <br />
<br />
=== Rules and Judges ===<br />
<br />
Similar to the Justice Web, there would need to be a standard set of rules that all hosts agree to. In the global implementation, agreeing upon a standard set of rules might prove to be difficult, since not all hosts/users at the global level have the same views on justice. The problem of judge election also becomes difficult at a global level. We leave this problem to future research. <br />
<br />
In summary, the global implementation could offer the same benefits as the Justice Web with much less overhead, but would require a full reboot of the Internet as well a new hardware, making it a realistically unlikely solution.<br />
<br />
==Use Cases==<br />
<br />
This section reviews three common attacks and describes how the computer-based justice system would deal with them <br />
<br />
===Case 1: Comment Spam===<br />
The first deviant act we investigate is comment spam. This type of spam is typically generated by automated scripts which insert comments on blogs or other sites. Posted comments will generally contain links to other websites which attempt to sell a product or trick the user into revealing banking credentials. Although usually annoying, these comments can direct users to locations where malicious code may be downloaded, even if the original site hosting the comment was initially trusted. <br />
<br />
==== Solution ====<br />
Web servers that allow open comments can adjust the required minimum morality rating to post a comment. Additionally, if comment spam is detected by another user or the site administrator, the message and the ID of the host that posted the comment is reported. This results in a host losing morality rating for posting comment spam which may limit its ability to post in the future. In the global implementation, web servers would reject access to the service altogether from the first initial connection. <br />
<br />
===Case 2: Denial of Service===<br />
Denial of service is the act in which a service that is normally available is accessed by a large number of hosts, or a small number of hosts with high frequency. Services under a denial of service (DoS) or distributed denial of service (DDoS) attack are no longer able to serve legitimate requests [14].<br />
<br />
==== Solution ====<br />
<br />
In the Justice Web, the server will have to look up the morality rating for each host that is participating in the attack which may further increase the load on the server. The global implementation would see the morality ratings of each incoming connection and could filter (for e.g., at a firewall level) hosts that have a certain rating. While Dos is generally regarded as a very difficult problem to solve, the morality rating of hosts participating would be lowered, possibly limiting their ability to perform an attack in the future. <br />
<br />
===Case 3: Phishing===<br />
Phishing provides an interesting challenge for a justice system as the deviant act involves a website that is perfectly legal. A phishing attack occurs when a malicious site pretends to be a legitimate site, tricking users into revealing banking or personal information.<br />
<br />
==== Solution ====<br />
Similar to the comment spam attack, once a phishing site is reported and verified by the judges, the morality rating of the hosting node is lowered.<br />
<br />
<br />
=Conclusion=<br />
Applying justice to a distributed system requires an understanding of how society runs in a teleologic or retributive method of punishments, as well as knowing the range between purposely and negligently participating in such an act. Discussions of punishment and intent brought up another social construct that exists in society - morality. When looking at a single computer, it is hard for us to consider that that computer had "intended" on doing something, or even that it had felt badly if we made it do a bunch or repetitive operations as a form of punishment. Even though implementing emotions and a care for self preservation is difficult for a computer, we can at least apply a morality value to each computer node, so that it may be judged by any individual that plans on communicating/interacting with that node. By discussing specific cases in which a justice system would take part in a distributed system, we can conceptualize a basis upon which a future implementation of justice on computers might be possible. Given the advantages and the disadvantages of implementing such a system on a local and global scale, it is evident that there requires a more in depth look into how some technical aspects, as well as the assumptions to be supported by the other factors on the internet(attribution, reputation, contracts), must be upheld in order to seek the means to fight injustice, and to turn fear against those who prey on the fearful, as malicious users do to users who do not have protection - this is what the justice web is for.<br />
<br />
=Resources=<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)<br />
<br />
[14] Roger.M.Needham, ''Denial of Service'',ACM, New York, USA ,1993,[http://portal.acm.org/citation.cfm?id=168607 PDF]<br />
<br />
[15] C.A. Thekkath, T. Mann, and E.K. Lee, ''Frangipani: A scalable distributed file system'', in Proceedings of ACM SIGOPS Operating Systems Review 1997.<br />
<br />
[16] S. Ghemawat, H. Gobioff, and S.T. Leung, ''The Google File System'', in Proceedings of the ACM SIGOPS Operating Systems Review. 2003<br />
<br />
[17] S. Yu, W. Zhou, R. Doss, ''Information theory based detection against network behavior mimicking DDoS attacks'', IEEE, April 2008, [http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4489680&tag=1]. Last visited April 2011.</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=9150DistOS-2011W Justice2011-04-09T18:15:18Z<p>Mchou2: /* Conclusion */</p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
[[https://docs.google.com/present/edit?id=0AQJ2IGOeo68XZGhuNnJ0YjRfM2doZDg3Ymc5&hl=en&authkey=CK7Mk4YO Presentation]]<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four malicious acts; comment spam, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame, this might allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementations=<br />
Designing a complete justice system implementation is far beyond the scope of this project. This does not mean it is not important to describe the important features that a fully functional system would require and outline the potential benefits and shortcomings of the system. In fact, we were unable to come up with one unique system that would be feasible; instead we propose two potential implementations each with its own advantages and downsides. Although the implementations have different (and somewhat mutually exclusive) modes of operation, they both take a teleologic-retributive approach to justice. This means that punishments are viewed as necessary but they are imposed immediately if doing so would result in negatively impacting the performance or stability of the overall system. <br />
<br />
The remainder of this section details the two justice system implementations at a high level and describe how each system could handle three deviant behaviour scenarios; Comment Spam, Denial of Service Attacks and Phishing.<br />
<br />
==Local Implementation (Justice Web) ==<br />
<br />
===Overview===<br />
<br />
The implementation described in this section takes the above discussion involving justice, and applies it to the management of a computer network. The implementation is designed to be incrementally-deployable, so that it would be realistic for a network to use the proposed system. The implementation is entitled the “Justice Web”. <br />
<br />
The purpose of the Justice Web is to protect public-facing services from attacks coming from outside the network. This is accomplished by keeping a record of the criminal acts made by connections, and allowing the services access to these records. Criminal acts in this case are actions done by a connection that is considered harmful to the network. The record kept by the network is a “Morality Rating”, which is an integer meant to reflect the severity of the crime committed.<br />
<br />
===Assumptions===<br />
<br />
Certain assumptions must be made regarding the other class projects in order for this implementation to be deployable. Most importantly, it is assumed that there is some way in which the network can uniquely identify a computer that connects to the network. This allows the Justice Web to keep a criminal log of clients, and recognize if an offender is attempting to connect.<br />
<br />
===Morality Rating===<br />
<br />
Morality Rating (MR) is an integer assigned to computers that have connected to a service within the Justice Web. The purpose of the MR is to keep track of a computer’s past offenses, and allow services to restrict access using thresholds. For instance, a service within the Justice Web could restrict access to those above -100 MR.<br />
<br />
While the primary purpose of the Justice Web is to protect against attackers from outside the network, every node in the Justice Web is assigned an MR, which increases and decreases based on their actions within the network. Ideally, those with higher MR are allowed access to more shared resources, though this would be implementation specific.<br />
<br />
The MR assigned to a computer is local to the Justice Web that assigned the rating. For example, if two separate networks deploy a Justice Web, the ratings they assign do not affect the other network’s ratings.<br />
<br />
===Judges===<br />
<br />
In order to assign MR to offenders, an authority figure is needed to declare if a crime has been committed. In the Justice Web, this role is taken by the Judges, who may be one or more computers within the network. It is the Judges’ responsibility to create the rules of the network, gather the evidence when a claim is made, declare if a crime has been committed, and assign a new MR based on the ruling.<br />
<br />
How a Judge is picked isn’t set in stone, but in general it would be the node(s) in the network with the highest MR. Alternatively, the Judges could be picked through some democratic process.<br />
<br />
The judgments made are mostly automated, based on the rules of the network. However, it can be specified that certain crimes, such as a claim of a phishing scam being committed, be dealt with by a human.<br />
<br />
===Master List===<br />
<br />
The Justice Web is a virtual network, in that the nodes are not necessarily connected or even anywhere near each other. Because of this, it would be inconvenient and potentially harmful to have services look up a computer’s MR on every connection attempt. To prevent this, MR will be stored in a central location, but propagated throughout the network.<br />
<br />
This is done using a master-slave approach to database replication. The Judges of the network store the “Master List”, and propagate the data to the “Slave Lists” stored by the services within the network. The records stored by the Slave Lists is decided by the thresholds that the specific service has put in place. As mentioned in the Morality Rating subsection, a service can set thresholds to determine if a computer should be allowed access. In the example, an MR of -100 would be blocked from the service. If a service were to have only this threshold in place, it would only need to be aware of computers with -100 MR, and so would only store that data in its Slave List. Other approaches to distributing the list could leverage existing research in distributed file systems [15, 16].<br />
<br />
===Rules===<br />
<br />
Judges define and use rules to determine whether a crime has been committed. A rule consists of three parts: The offense, the proof needed, and the severity of the punishment. The offense is a name assigned to the crime, which services can claim has been committed. The proof is the required information for the judges to be able to make a conviction. The severity of the punishment is an integer value to negate from the offender’s current MR.<br />
<br />
Each network deploying a Justice Web specifies their own set of rules. These rules are made available to the public so that services within the network are aware of the crimes they can report. This is akin to a human justice system, where everyone under that legal system can see what actions constitute a crime (e.g., [http://laws-lois.justice.gc.ca/eng/acts/C-46/ the criminal code of Canada]).<br />
<br />
===Evidence===<br />
<br />
Evidence is used by the Justice Web to determine if a crime has been committed. Evidence is stored in encrypted logs located on a service’s computer, and submitted to the judges when a claim is made.<br />
<br />
Evidence logs are required to prove the occurrence of a rule violation. The Justice Web therefore requires hosts to keep logs of recent network (e.g., packet captures) and application layer activity (e.g., web server logs). We require these logs to be digitally signed or encrypted to ensure that the computer making the claim or any other system in the chain of custody does not tamper with evidence. When evidence is received by judges, the logs are decrypted and reviewed.<br />
The type of evidence required is varied, and is defined by the Judges of a network. For a DDoS attack, the Justice Web would potential be able to look at the evidence logs and determine which computers were actively involved in the attack, and which was legitimate traffic through the analysis of statistical evidence[17].<br />
<br />
===Membership===<br />
<br />
Membership of a Justice Web would be primarily public-facing services seeking protection from attacks. However, because there is the capability of sharing resources based on a node’s MR, there is reason for computers to join the network simply for accessing to these resources.<br />
<br />
==Global Implementation==<br />
===Overview===<br />
Extrapolating the concept of the local Justice Web to a multi-network environment is non-trivial. The Internet as we know it today is built by millions of interconnected local networks (hence the term ''Internet''). If we attempt to replicate the properties of the local Justice Web at a larger scale, we notice a few important issues:<br />
<br />
*'''Where should the master morality list be stored?''' - Distributed storage at a global level is possible, but is subject to tampering or simply denial of service (refusal to respond with the morality rating of a given host). <br />
<br />
*'''How are judges elected?''' - Self-governing entities often have a common set of laws. However, these laws are not necessarily the same laws as different self-governing entities. In the real world, cross-jurisdiction legal systems are known to exist. For example, the United Nations (UN) and the North Atlantic Treaty Organization (NATO) are organizations where countries participate in so-called "global councils". Generally in these types of councils, each participating member country appoints one or more people to represent the country's interests in the council. <br />
<br />
Due to these restrictions, we do not believe there is a possible incrementally deployable implementation such as the Justice Web, where hosts opt-in. This section briefly discuss a different approach to the Justice Web that attempts to deal with some of the restrictions mentioned above, at the expense of losing incremental deployability.<br />
<br />
=== Morality Rating ===<br />
<br />
The global implementation still requires the existence of a morality rating, but in a global setting, we require that all hosts have a morality rating built-in. By having each host store its own morality rating, we obsolete the concept of a "master list" or a "slave list" or morality ratings. The obvious requirement for a built-in morality rating is that the host itself should not be able to arbitrarily modify the value. One possible mechanism could be the use of a Trusted Platform (http://www.trustedcomputinggroup.org/developers/ TPM]) which allows encryption and decryption of data, but noes not allow the extraction of the private encryption key. Indeed, storing the morality rating within hosts rather than on external lists alleviates the need for distributed storage and allows better scalability, but also requires all hosts to be compliant with the mechanism. <br />
<br />
=== Connection management ===<br />
<br />
Due to the modified morality rating storage, there is no longer the need to look-up the morality rating of a host upon incoming connections. We therefore need a way to transmit the morality rating on each outgoing connection, so that the destination host (i.e., the server) can decide whether or not to allow the connection. A change of this type would mean changing underlying networking protocols to include a new field (the morality rating). If morality ratings are stored locally and transmitted as part of the network protocol, there would be far less overhead than in the Justice Web. <br />
<br />
=== Rules and Judges ===<br />
<br />
Similar to the Justice Web, there would need to be a standard set of rules that all hosts agree to. In the global implementation, agreeing upon a standard set of rules might prove to be difficult, since not all hosts/users at the global level have the same views on justice. The problem of judge election also becomes difficult at a global level. We leave this problem to future research. <br />
<br />
In summary, the global implementation could offer the same benefits as the Justice Web with much less overhead, but would require a full reboot of the Internet as well a new hardware, making it a realistically unlikely solution.<br />
<br />
==Use Cases==<br />
<br />
This section reviews three common attacks and describes how the computer-based justice system would deal with them <br />
<br />
===Case 1: Comment Spam===<br />
The first deviant act we investigate is comment spam. This type of spam is typically generated by automated scripts which insert comments on blogs or other sites. Posted comments will generally contain links to other websites which attempt to sell a product or trick the user into revealing banking credentials. Although usually annoying, these comments can direct users to locations where malicious code may be downloaded, even if the original site hosting the comment was initially trusted. <br />
<br />
==== Solution ====<br />
Web servers that allow open comments can adjust the required minimum morality rating to post a comment. Additionally, if comment spam is detected by another user or the site administrator, the message and the ID of the host that posted the comment is reported. This results in a host losing morality rating for posting comment spam which may limit its ability to post in the future. In the global implementation, web servers would reject access to the service altogether from the first initial connection. <br />
<br />
===Case 2: Denial of Service===<br />
Denial of service is the act in which a service that is normally available is accessed by a large number of hosts, or a small number of hosts with high frequency. Services under a denial of service (DoS) or distributed denial of service (DDoS) attack are no longer able to serve legitimate requests [14].<br />
<br />
==== Solution ====<br />
<br />
In the Justice Web, the server will have to look up the morality rating for each host that is participating in the attack which may further increase the load on the server. The global implementation would see the morality ratings of each incoming connection and could filter (for e.g., at a firewall level) hosts that have a certain rating. While Dos is generally regarded as a very difficult problem to solve, the morality rating of hosts participating would be lowered, possibly limiting their ability to perform an attack in the future. <br />
<br />
===Case 3: Phishing===<br />
Phishing provides an interesting challenge for a justice system as the deviant act involves a website that is perfectly legal. A phishing attack occurs when a malicious site pretends to be a legitimate site, tricking users into revealing banking or personal information.<br />
<br />
==== Solution ====<br />
Similar to the comment spam attack, once a phishing site is reported and verified by the judges, the morality rating of the hosting node is lowered.<br />
<br />
<br />
=Conclusion=<br />
Applying justice to a distributed system requires an understanding of how society runs in a teleologic or retributive method of punishments, as well as knowing the range between purposely and negligently participating in such an act. Discussions of punishment and intent brought up another social construct that exists in society - morality. When looking at a single computer, it is hard for us to consider that that computer had "intended" on doing something, or even that it had felt badly if we made it do a bunch or repetitive operations as a form of punishment. Even though implementing emotions and a care for self preservation is difficult for a computer, we can at least apply a morality value to each computer node, so that it may be judged by any individual that plans on communicating/interacting with that node.<br />
<br />
=Resources=<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)<br />
<br />
[14] Roger.M.Needham, ''Denial of Service'',ACM, New York, USA ,1993,[http://portal.acm.org/citation.cfm?id=168607 PDF]<br />
<br />
[15] C.A. Thekkath, T. Mann, and E.K. Lee, ''Frangipani: A scalable distributed file system'', in Proceedings of ACM SIGOPS Operating Systems Review 1997.<br />
<br />
[16] S. Ghemawat, H. Gobioff, and S.T. Leung, ''The Google File System'', in Proceedings of the ACM SIGOPS Operating Systems Review. 2003<br />
<br />
[17] S. Yu, W. Zhou, R. Doss, ''Information theory based detection against network behavior mimicking DDoS attacks'', IEEE, April 2008, [http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4489680&tag=1]. Last visited April 2011.</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=9147DistOS-2011W Justice2011-04-09T18:04:37Z<p>Mchou2: </p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
[[https://docs.google.com/present/edit?id=0AQJ2IGOeo68XZGhuNnJ0YjRfM2doZDg3Ymc5&hl=en&authkey=CK7Mk4YO Presentation]]<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four malicious acts; comment spam, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame, this might allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementations=<br />
Designing a complete justice system implementation is far beyond the scope of this project. This does not mean it is not important to describe the important features that a fully functional system would require and outline the potential benefits and shortcomings of the system. In fact, we were unable to come up with one unique system that would be feasible; instead we propose two potential implementations each with its own advantages and downsides. Although the implementations have different (and somewhat mutually exclusive) modes of operation, they both take a teleologic-retributive approach to justice. This means that punishments are viewed as necessary but they are imposed immediately if doing so would result in negatively impacting the performance or stability of the overall system. <br />
<br />
The remainder of this section details the two justice system implementations at a high level and describe how each system could handle three deviant behaviour scenarios; Comment Spam, Denial of Service Attacks and Phishing.<br />
<br />
==Local Implementation (Justice Web) ==<br />
<br />
===Overview===<br />
<br />
The implementation described in this section takes the above discussion involving justice, and applies it to the management of a computer network. The implementation is designed to be incrementally-deployable, so that it would be realistic for a network to use the proposed system. The implementation is entitled the “Justice Web”. <br />
<br />
The purpose of the Justice Web is to protect public-facing services from attacks coming from outside the network. This is accomplished by keeping a record of the criminal acts made by connections, and allowing the services access to these records. Criminal acts in this case are actions done by a connection that is considered harmful to the network. The record kept by the network is a “Morality Rating”, which is an integer meant to reflect the severity of the crime committed.<br />
<br />
===Assumptions===<br />
<br />
Certain assumptions must be made regarding the other class projects in order for this implementation to be deployable. Most importantly, it is assumed that there is some way in which the network can uniquely identify a computer that connects to the network. This allows the Justice Web to keep a criminal log of clients, and recognize if an offender is attempting to connect.<br />
<br />
===Morality Rating===<br />
<br />
Morality Rating (MR) is an integer assigned to computers that have connected to a service within the Justice Web. The purpose of the MR is to keep track of a computer’s past offenses, and allow services to restrict access using thresholds. For instance, a service within the Justice Web could restrict access to those above -100 MR.<br />
<br />
While the primary purpose of the Justice Web is to protect against attackers from outside the network, every node in the Justice Web is assigned an MR, which increases and decreases based on their actions within the network. Ideally, those with higher MR are allowed access to more shared resources, though this would be implementation specific.<br />
<br />
The MR assigned to a computer is local to the Justice Web that assigned the rating. For example, if two separate networks deploy a Justice Web, the ratings they assign do not affect the other network’s ratings.<br />
<br />
===Judges===<br />
<br />
In order to assign MR to offenders, an authority figure is needed to declare if a crime has been committed. In the Justice Web, this role is taken by the Judges, who may be one or more computers within the network. It is the Judges’ responsibility to create the rules of the network, gather the evidence when a claim is made, declare if a crime has been committed, and assign a new MR based on the ruling.<br />
<br />
How a Judge is picked isn’t set in stone, but in general it would be the node(s) in the network with the highest MR. Alternatively, the Judges could be picked through some democratic process.<br />
<br />
The judgments made are mostly automated, based on the rules of the network. However, it can be specified that certain crimes, such as a claim of a phishing scam being committed, be dealt with by a human.<br />
<br />
===Master List===<br />
<br />
The Justice Web is a virtual network, in that the nodes are not necessarily connected or even anywhere near each other. Because of this, it would be inconvenient and potentially harmful to have services look up a computer’s MR on every connection attempt. To prevent this, MR will be stored in a central location, but propagated throughout the network.<br />
<br />
This is done using a master-slave approach to database replication. The Judges of the network store the “Master List”, and propagate the data to the “Slave Lists” stored by the services within the network. The records stored by the Slave Lists is decided by the thresholds that the specific service has put in place. As mentioned in the Morality Rating subsection, a service can set thresholds to determine if a computer should be allowed access. In the example, an MR of -100 would be blocked from the service. If a service were to have only this threshold in place, it would only need to be aware of computers with -100 MR, and so would only store that data in its Slave List. Other approaches to distributing the list could leverage existing research in distributed file systems [15, 16].<br />
<br />
===Rules===<br />
<br />
Judges define and use rules to determine whether a crime has been committed. A rule consists of three parts: The offense, the proof needed, and the severity of the punishment. The offense is a name assigned to the crime, which services can claim has been committed. The proof is the required information for the judges to be able to make a conviction. The severity of the punishment is an integer value to negate from the offender’s current MR.<br />
<br />
Each network deploying a Justice Web specifies their own set of rules. These rules are made available to the public so that services within the network are aware of the crimes they can report. This is akin to a human justice system, where everyone under that legal system can see what actions constitute a crime (e.g., [http://laws-lois.justice.gc.ca/eng/acts/C-46/ the criminal code of Canada]).<br />
<br />
===Evidence===<br />
<br />
Evidence is used by the Justice Web to determine if a crime has been committed. Evidence is stored in encrypted logs located on a service’s computer, and submitted to the judges when a claim is made.<br />
<br />
Evidence logs are required to prove the occurrence of a rule violation. The Justice Web therefore requires hosts to keep logs of recent network (e.g., packet captures) and application layer activity (e.g., web server logs). We require these logs to be digitally signed or encrypted to ensure that the computer making the claim or any other system in the chain of custody does not tamper with evidence. When evidence is received by judges, the logs are decrypted and reviewed.<br />
The type of evidence required is varied, and is defined by the Judges of a network. For a DDoS attack, the Justice Web would potential be able to look at the evidence logs and determine which computers were actively involved in the attack, and which was legitimate traffic through the analysis of statistical evidence[17].<br />
<br />
===Membership===<br />
<br />
Membership of a Justice Web would be primarily public-facing services seeking protection from attacks. However, because there is the capability of sharing resources based on a node’s MR, there is reason for computers to join the network simply for accessing to these resources.<br />
<br />
==Global Implementation==<br />
===Overview===<br />
Extrapolating the concept of the local Justice Web to a multi-network environment is non-trivial. The Internet as we know it today is built by millions of interconnected local networks (hence the term ''Internet''). If we attempt to replicate the properties of the local Justice Web at a larger scale, we notice a few important issues:<br />
<br />
*'''Where should the master morality list be stored?''' - Distributed storage at a global level is possible, but is subject to tampering or simply denial of service (refusal to respond with the morality rating of a given host). <br />
<br />
*'''How are judges elected?''' - Self-governing entities often have a common set of laws. However, these laws are not necessarily the same laws as different self-governing entities. In the real world, cross-jurisdiction legal systems are known to exist. For example, the United Nations (UN) and the North Atlantic Treaty Organization (NATO) are organizations where countries participate in so-called "global councils". Generally in these types of councils, each participating member country appoints one or more people to represent the country's interests in the council. <br />
<br />
Due to these restrictions, we do not believe there is a possible incrementally deployable implementation such as the Justice Web, where hosts opt-in. This section briefly discuss a different approach to the Justice Web that attempts to deal with some of the restrictions mentioned above, at the expense of losing incremental deployability.<br />
<br />
=== Morality Rating ===<br />
<br />
The global implementation still requires the existence of a morality rating, but in a global setting, we require that all hosts have a morality rating built-in. By having each host store its own morality rating, we obsolete the concept of a "master list" or a "slave list" or morality ratings. The obvious requirement for a built-in morality rating is that the host itself should not be able to arbitrarily modify the value. One possible mechanism could be the use of a Trusted Platform (http://www.trustedcomputinggroup.org/developers/ TPM]) which allows encryption and decryption of data, but noes not allow the extraction of the private encryption key. Indeed, storing the morality rating within hosts rather than on external lists alleviates the need for distributed storage and allows better scalability, but also requires all hosts to be compliant with the mechanism. <br />
<br />
=== Connection management ===<br />
<br />
Due to the modified morality rating storage, there is no longer the need to look-up the morality rating of a host upon incoming connections. We therefore need a way to transmit the morality rating on each outgoing connection, so that the destination host (i.e., the server) can decide whether or not to allow the connection. A change of this type would mean changing underlying networking protocols to include a new field (the morality rating). If morality ratings are stored locally and transmitted as part of the network protocol, there would be far less overhead than in the Justice Web. <br />
<br />
=== Rules and Judges ===<br />
<br />
Similar to the Justice Web, there would need to be a standard set of rules that all hosts agree to. In the global implementation, agreeing upon a standard set of rules might prove to be difficult, since not all hosts/users at the global level have the same views on justice. The problem of judge election also becomes difficult at a global level. We leave this problem to future research. <br />
<br />
In summary, the global implementation could offer the same benefits as the Justice Web with much less overhead, but would require a full reboot of the Internet as well a new hardware, making it a realistically unlikely solution.<br />
<br />
==Use Cases==<br />
<br />
This section reviews three common attacks and describes how the computer-based justice system would deal with them <br />
<br />
===Case 1: Comment Spam===<br />
The first deviant act we investigate is comment spam. This type of spam is typically generated by automated scripts which insert comments on blogs or other sites. Posted comments will generally contain links to other websites which attempt to sell a product or trick the user into revealing banking credentials. Although usually annoying, these comments can direct users to locations where malicious code may be downloaded, even if the original site hosting the comment was initially trusted. <br />
<br />
==== Solution ====<br />
Web servers that allow open comments can adjust the required minimum morality rating to post a comment. Additionally, if comment spam is detected by another user or the site administrator, the message and the ID of the host that posted the comment is reported. This results in a host losing morality rating for posting comment spam which may limit its ability to post in the future. In the global implementation, web servers would reject access to the service altogether from the first initial connection. <br />
<br />
===Case 2: Denial of Service===<br />
Denial of service is the act in which a service that is normally available is accessed by a large number of hosts, or a small number of hosts with high frequency. Services under a denial of service (DoS) or distributed denial of service (DDoS) attack are no longer able to serve legitimate requests [14].<br />
<br />
==== Solution ====<br />
<br />
In the Justice Web, the server will have to look up the morality rating for each host that is participating in the attack which may further increase the load on the server. The global implementation would see the morality ratings of each incoming connection and could filter (for e.g., at a firewall level) hosts that have a certain rating. While Dos is generally regarded as a very difficult problem to solve, the morality rating of hosts participating would be lowered, possibly limiting their ability to perform an attack in the future. <br />
<br />
===Case 3: Phishing===<br />
Phishing provides an interesting challenge for a justice system as the deviant act involves a website that is perfectly legal. A phishing attack occurs when a malicious site pretends to be a legitimate site, tricking users into revealing banking or personal information.<br />
<br />
==== Solution ====<br />
Similar to the comment spam attack, once a phishing site is reported and verified by the judges, the morality rating of the hosting node is lowered.<br />
<br />
<br />
=Conclusion=<br />
Applying justice to a distributed system requires an understanding of how society runs in a teleologic or retributive method of punishments, as well as knowing the difference between <br />
<br />
=Resources=<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)<br />
<br />
[14] Roger.M.Needham, ''Denial of Service'',ACM, New York, USA ,1993,[http://portal.acm.org/citation.cfm?id=168607 PDF]<br />
<br />
[15] C.A. Thekkath, T. Mann, and E.K. Lee, ''Frangipani: A scalable distributed file system'', in Proceedings of ACM SIGOPS Operating Systems Review 1997.<br />
<br />
[16] S. Ghemawat, H. Gobioff, and S.T. Leung, ''The Google File System'', in Proceedings of the ACM SIGOPS Operating Systems Review. 2003<br />
<br />
[17] S. Yu, W. Zhou, R. Doss, ''Information theory based detection against network behavior mimicking DDoS attacks'', IEEE, April 2008, [http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4489680&tag=1]. Last visited April 2011.</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=9099DistOS-2011W Justice2011-04-05T08:46:22Z<p>Mchou2: /* Abstract */</p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four malicious acts; comment spam, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame, this might allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementations=<br />
Designing a complete justice system implementation is far beyond the scope of this project. This does not mean it is not important to describe the important features that a fully functional system would require and outline the potential benefits and shortcomings of the system. In fact, we were unable to come up with one unique system that would be feasible; instead we propose two potential implementations each with its own advantages and downsides. Although the implementations have different (and somewhat mutually exclusive) modes of operation, they both take a teleologic-retributive approach to justice. This means that punishments are viewed as necessary but they are imposed immediately if doing so would result in negatively impacting the performance or stability of the overall system. <br />
<br />
The remainder of this section details the two justice system implementations at a high level and describe how each system could handle three deviant behaviour scenarios; Comment Spam, Denial of Service Attacks and Phishing.<br />
<br />
==Local Implementation (Justice Web) ==<br />
<br />
===Overview===<br />
<br />
The implementation described in this section takes the above discussion involving justice, and applies it to the management of a computer network. The implementation is designed to be incrementally-deployable, so that it would be realistic for a network to use the proposed system. The implementation is entitled the “Justice Web”. <br />
<br />
The purpose of the Justice Web is to protect public-facing services from attacks coming from outside the network. This is accomplished by keeping a record of the criminal acts made by connections, and allowing the services access to these records. Criminal acts in this case are actions done by a connection that is considered harmful to the network. The record kept by the network is a “Morality Rating”, which is an integer meant to reflect the severity of the crime committed.<br />
<br />
===Assumptions===<br />
<br />
Certain assumptions must be made regarding the other class projects in order for this implementation to be deployable. Most importantly, it is assumed that there is some way in which the network can uniquely identify a computer that connects to the network. This allows the Justice Web to keep a criminal log of clients, and recognize if an offender is attempting to connect.<br />
<br />
===Morality Rating===<br />
<br />
Morality Rating (MR) is an integer assigned to computers that have connected to a service within the Justice Web. The purpose of the MR is to keep track of a computer’s past offenses, and allow services to restrict access using thresholds. For instance, a service within the Justice Web could restrict access to those above -100 MR.<br />
<br />
While the primary purpose of the Justice Web is to protect against attackers from outside the network, every node in the Justice Web is assigned an MR, which increases and decreases based on their actions within the network. Ideally, those with higher MR are allowed access to more shared resources, though this would be implementation specific.<br />
<br />
The MR assigned to a computer is local to the Justice Web that assigned the rating. For example, if two separate networks deploy a Justice Web, the ratings they assign do not affect the other network’s ratings.<br />
<br />
===Judges===<br />
<br />
In order to assign MR to offenders, an authority figure is needed to declare if a crime has been committed. In the Justice Web, this role is taken by the Judges, who may be one or more computers within the network. It is the Judges’ responsibility to create the rules of the network, gather the evidence when a claim is made, declare if a crime has been committed, and assign a new MR based on the ruling.<br />
<br />
How a Judge is picked isn’t set in stone, but in general it would be the node(s) in the network with the highest MR. Alternatively, the Judges could be picked through some democratic process.<br />
<br />
The judgments made are mostly automated, based on the rules of the network. However, it can be specified that certain crimes, such as a claim of a phishing scam being committed, be dealt with by a human.<br />
<br />
===Master List===<br />
<br />
The Justice Web is a virtual network, in that the nodes are not necessarily connected or even anywhere near each other. Because of this, it would be inconvenient and potentially harmful to have services look up a computer’s MR on every connection attempt. To prevent this, MR will be stored in a central location, but propagated throughout the network.<br />
<br />
This is done using a master-slave approach to database replication. The Judges of the network store the “Master List”, and propagate the data to the “Slave Lists” stored by the services within the network. The records stored by the Slave Lists is decided by the thresholds that the specific service has put in place. As mentioned in the Morality Rating subsection, a service can set thresholds to determine if a computer should be allowed access. In the example, an MR of -100 would be blocked from the service. If a service were to have only this threshold in place, it would only need to be aware of computers with -100 MR, and so would only store that data in its Slave List. Other approaches to distributing the list could leverage existing research in distributed file systems [15, 16].<br />
<br />
===Rules===<br />
<br />
Judges define and use rules to determine whether a crime has been committed. A rule consists of three parts: The offense, the proof needed, and the severity of the punishment. The offense is a name assigned to the crime, which services can claim has been committed. The proof is the required information for the judges to be able to make a conviction. The severity of the punishment is an integer value to negate from the offender’s current MR.<br />
<br />
Each network deploying a Justice Web specifies their own set of rules. These rules are made available to the public so that services within the network are aware of the crimes they can report. This is akin to a human justice system, where everyone under that legal system can see what actions constitute a crime (e.g., [http://laws-lois.justice.gc.ca/eng/acts/C-46/ the criminal code of Canada]).<br />
<br />
===Evidence===<br />
<br />
Evidence is used by the Justice Web to determine if a crime has been committed. Evidence is stored in encrypted logs located on a service’s computer, and submitted to the judges when a claim is made.<br />
<br />
Evidence logs are required to prove the occurrence of a rule violation. The Justice Web therefore requires hosts to keep logs of recent network (e.g., packet captures) and application layer activity (e.g., web server logs). We require these logs to be digitally signed or encrypted to ensure that the computer making the claim or any other system in the chain of custody does not tamper with evidence. When evidence is received by judges, the logs are decrypted and reviewed.<br />
The type of evidence required is varied, and is defined by the Judges of a network. For a DDoS attack, the Justice Web would be able to look at the evidence logs and determine which computers were actively involved in the attack, and which was legitimate traffic, as described in \\link paper here.<br />
<br />
===Membership===<br />
<br />
Membership of a Justice Web would be primarily public-facing services seeking protection from attacks. However, because there is the capability of sharing resources based on a node’s MR, there is reason for computers to join the network simply for accessing to these resources.<br />
<br />
==Global Implementation==<br />
===Overview===<br />
Extrapolating the concept of the local Justice Web to a multi-network environment is non-trivial. The Internet as we know it today is built by millions of interconnected local networks (hence the term ''Internet''). If we attempt to replicate the properties of the local Justice Web at a larger scale, we notice a few important issues:<br />
<br />
*'''Where should the master morality list be stored?''' - Distributed storage at a global level is possible, but is subject to tampering or simply denial of service (refusal to respond with the morality rating of a given host). <br />
<br />
*'''How are judges elected?''' - Self-governing entities often have a common set of laws. However, these laws are not necessarily the same laws as different self-governing entities. In the real world, cross-jurisdiction legal systems are known to exist. For example, the United Nations (UN) and the North Atlantic Treaty Organization (NATO) are organizations where countries participate in so-called "global councils". Generally in these types of councils, each participating member country appoints one or more people to represent the country's interests in the council. <br />
<br />
Due to these restrictions, we do not believe there is a possible incrementally deployable implementation such as the Justice Web, where hosts opt-in. This section briefly discuss a different approach to the Justice Web that attempts to deal with some of the restrictions mentioned above, at the expense of losing incremental deployability.<br />
<br />
=== Morality Rating ===<br />
<br />
The global implementation still requires the existence of a morality rating, but in a global setting, we require that all hosts have a morality rating built-in. By having each host store its own morality rating, we obsolete the concept of a "master list" or a "slave list" or morality ratings. The obvious requirement for a built-in morality rating is that the host itself should not be able to arbitrarily modify the value. One possible mechanism could be the use of a Trusted Platform (http://www.trustedcomputinggroup.org/developers/ TPM]) which allows encryption and decryption of data, but noes not allow the extraction of the private encryption key. Indeed, storing the morality rating within hosts rather than on external lists alleviates the need for distributed storage and allows better scalability, but also requires all hosts to be compliant with the mechanism. <br />
<br />
=== Connection management ===<br />
<br />
Due to the modified morality rating storage, there is no longer the need to look-up the morality rating of a host upon incoming connections. We therefore need a way to transmit the morality rating on each outgoing connection, so that the destination host (i.e., the server) can decide whether or not to allow the connection. A change of this type would mean changing underlying networking protocols to include a new field (the morality rating). If morality ratings are stored locally and transmitted as part of the network protocol, there would be far less overhead than in the Justice Web. <br />
<br />
=== Rules and Judges ===<br />
<br />
Similar to the Justice Web, there would need to be a standard set of rules that all hosts agree to. In the global implementation, agreeing upon a standard set of rules might prove to be difficult, since not all hosts/users at the global level have the same views on justice. The problem of judge election also becomes difficult at a global level. We leave this problem to future research. <br />
<br />
In summary, the global implementation could offer the same benefits as the Justice Web with much less overhead, but would require a full reboot of the Internet as well a new hardware, making it a realistically unlikely solution.<br />
<br />
==Use Cases==<br />
<br />
This section reviews three common attacks and describes how the computer-based justice system would deal with them <br />
<br />
===Case 1: Comment Spam===<br />
The first deviant act we investigate is comment spam. This type of spam is typically generated by automated scripts which insert comments on blogs or other sites. Posted comments will generally contain links to other websites which attempt to sell a product or trick the user into revealing banking credentials. Although usually annoying, these comments can direct users to locations where malicious code may be downloaded, even if the original site hosting the comment was initially trusted. <br />
<br />
==== Solution ====<br />
Web servers that allow open comments can adjust the required minimum morality rating to post a comment. Additionally, if comment spam is detected by another user or the site administrator, the message and the ID of the host that posted the comment is reported. This results in a host losing morality rating for posting comment spam which may limit its ability to post in the future. In the global implementation, web servers would reject access to the service altogether from the first initial connection. <br />
<br />
===Case 2: Denial of Service===<br />
Denial of service is the act in which a service that is normally available is accessed by a large number of hosts, or a small number of hosts with high frequency. Services under a denial of service (DoS) or distributed denial of service (DDoS) attack are no longer able to serve legitimate requests [14].<br />
<br />
==== Solution ====<br />
<br />
In the Justice Web, the server will have to look up the morality rating for each host that is participating in the attack which may further increase the load on the server. The global implementation would see the morality ratings of each incoming connection and could filter (for e.g., at a firewall level) hosts that have a certain rating. While Dos is generally regarded as a very difficult problem to solve, the morality rating of hosts participating would be lowered, possibly limiting their ability to perform an attack in the future. <br />
<br />
===Case 3: Phishing===<br />
Phishing provides an interesting challenge for a justice system as the deviant act involves a website that is perfectly legal. A phishing attack occurs when a malicious site pretends to be a legitimate site, tricking users into revealing banking or personal information.<br />
<br />
==== Solution ====<br />
Similar to the comment spam attack, once a phishing site is reported and verified by the judges, the morality rating of the hosting node is lowered.<br />
<br />
=Resources=<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)<br />
<br />
[14] Roger.M.Needham, ''Denial of Service'',ACM, New York, USA ,1993,[http://portal.acm.org/citation.cfm?id=168607 PDF]<br />
<br />
[15] C.A. Thekkath, T. Mann, and E.K. Lee, ''Frangipani: A scalable distributed file system'', in Proceedings of ACM SIGOPS Operating Systems Review 1997.<br />
<br />
[16] S. Ghemawat, H. Gobioff, and S.T. Leung, ''The Google File System'', in Proceedings of the ACM SIGOPS Operating Systems Review. 2003</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8970DistOS-2011W Justice2011-03-28T16:31:00Z<p>Mchou2: /* Resources */</p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four deviant acts; comment spam, unauthorized access, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame, this might allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementation=<br />
Designing a complete justice system implementation is far beyond the scope of this project. This does not mean it is not important to describe the important features that a fully functional system would require and outline the potential benefits and shortcomings of the system. In fact, our team could not come up with one complete system that would be feasible; instead we have two potential implementations each with there own positives and negatives. Although the implementations have separate modes of operation, they both take a teleologic-retributive approach to punishment; by this we mean punishment is necessary but we will not inflict punishmnets that will negatively affect the performance or stability of the distributed system.<br />
<br />
The remainder of this article will detail the two justice system implementations at a high level and describe how each system could handle three deviant behaviour scenarios; Comment Spam, Denial of Serice Attacks and Phishing.<br />
<br />
==Local "Justice Web" Implementation==<br />
* provide details of implementation here.<br />
<br />
==Global Implementation==<br />
* provide details of implementation here.<br />
<br />
==Use Case Investigation==<br />
<br />
===Case 1: Comment Spam:===<br />
The first deviant act we will investigate is comment spam. The type of spam we are focusing on are usually automated scripts which insert the same comment, usually including links to other destination websites, on forums of public sites. Although usually annoying, these comments can direct users to locations where malicious code may be introduced to unsuspecting users who trust the content of the original site where the forum was hosted. <br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
===Case 2: Denial of Service:===<br />
Denial of service is the act in which a service that is normally available is being accessed by either numerous ip's through ip spoofing or a distributed DoS attack which has multiple valid ip's, which in turn, bog down the system because the service capacity is being constrained. By either maxing out or flooding a service by multiple requests, a system will either be shutdown or very difficult to use, regardless, the outcome is a denial of that service. We have come up with some solutions to how to punish the computers that participate in such an attack, voluntary or not.[14]<br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
===Case 3: Phishing:===<br />
Phishing provides an interesting challenge for a justice system as the deviant act involves a website that is perfectly legal. A phishing attack occurs when a user visits a website and enters information/clicks on a link expecting the site he/she is visiting to be secure. Unfortunately the site they have been directed to has been designed to imitate the appearance and behaviour of the site the user wishes to visit, but it is not actually the real webpage. As a result, a user may expose private information to parties that are not legally entitled to view the data. Although it is not illegal for the "fake site" to exist, the usage of the site is an act that must be addressed by the justice system.<br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
=Resources=<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)<br />
<br />
[14] Roger.M.Needham, ''Denial of Service'',ACM, New York, USA ,1993,[http://portal.acm.org/citation.cfm?id=168607 PDF]</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8969DistOS-2011W Justice2011-03-28T16:30:27Z<p>Mchou2: /* Resources */</p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four deviant acts; comment spam, unauthorized access, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame, this might allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementation=<br />
Designing a complete justice system implementation is far beyond the scope of this project. This does not mean it is not important to describe the important features that a fully functional system would require and outline the potential benefits and shortcomings of the system. In fact, our team could not come up with one complete system that would be feasible; instead we have two potential implementations each with there own positives and negatives. Although the implementations have separate modes of operation, they both take a teleologic-retributive approach to punishment; by this we mean punishment is necessary but we will not inflict punishmnets that will negatively affect the performance or stability of the distributed system.<br />
<br />
The remainder of this article will detail the two justice system implementations at a high level and describe how each system could handle three deviant behaviour scenarios; Comment Spam, Denial of Serice Attacks and Phishing.<br />
<br />
==Local "Justice Web" Implementation==<br />
* provide details of implementation here.<br />
<br />
==Global Implementation==<br />
* provide details of implementation here.<br />
<br />
==Use Case Investigation==<br />
<br />
===Case 1: Comment Spam:===<br />
The first deviant act we will investigate is comment spam. The type of spam we are focusing on are usually automated scripts which insert the same comment, usually including links to other destination websites, on forums of public sites. Although usually annoying, these comments can direct users to locations where malicious code may be introduced to unsuspecting users who trust the content of the original site where the forum was hosted. <br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
===Case 2: Denial of Service:===<br />
Denial of service is the act in which a service that is normally available is being accessed by either numerous ip's through ip spoofing or a distributed DoS attack which has multiple valid ip's, which in turn, bog down the system because the service capacity is being constrained. By either maxing out or flooding a service by multiple requests, a system will either be shutdown or very difficult to use, regardless, the outcome is a denial of that service. We have come up with some solutions to how to punish the computers that participate in such an attack, voluntary or not.[14]<br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
===Case 3: Phishing:===<br />
Phishing provides an interesting challenge for a justice system as the deviant act involves a website that is perfectly legal. A phishing attack occurs when a user visits a website and enters information/clicks on a link expecting the site he/she is visiting to be secure. Unfortunately the site they have been directed to has been designed to imitate the appearance and behaviour of the site the user wishes to visit, but it is not actually the real webpage. As a result, a user may expose private information to parties that are not legally entitled to view the data. Although it is not illegal for the "fake site" to exist, the usage of the site is an act that must be addressed by the justice system.<br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
=Resources=<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)<br />
<br />
[14] Roger.M.Needham, ''Denial of Service'',ACM, New York, USA ,1993,[http://portal.acm.org/citation.cfm?id=168607]</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8968DistOS-2011W Justice2011-03-28T16:26:44Z<p>Mchou2: /* Case 2: Denial of Service: */</p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four deviant acts; comment spam, unauthorized access, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame, this might allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementation=<br />
Designing a complete justice system implementation is far beyond the scope of this project. This does not mean it is not important to describe the important features that a fully functional system would require and outline the potential benefits and shortcomings of the system. In fact, our team could not come up with one complete system that would be feasible; instead we have two potential implementations each with there own positives and negatives. Although the implementations have separate modes of operation, they both take a teleologic-retributive approach to punishment; by this we mean punishment is necessary but we will not inflict punishmnets that will negatively affect the performance or stability of the distributed system.<br />
<br />
The remainder of this article will detail the two justice system implementations at a high level and describe how each system could handle three deviant behaviour scenarios; Comment Spam, Denial of Serice Attacks and Phishing.<br />
<br />
==Local "Justice Web" Implementation==<br />
* provide details of implementation here.<br />
<br />
==Global Implementation==<br />
* provide details of implementation here.<br />
<br />
==Use Case Investigation==<br />
<br />
===Case 1: Comment Spam:===<br />
The first deviant act we will investigate is comment spam. The type of spam we are focusing on are usually automated scripts which insert the same comment, usually including links to other destination websites, on forums of public sites. Although usually annoying, these comments can direct users to locations where malicious code may be introduced to unsuspecting users who trust the content of the original site where the forum was hosted. <br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
===Case 2: Denial of Service:===<br />
Denial of service is the act in which a service that is normally available is being accessed by either numerous ip's through ip spoofing or a distributed DoS attack which has multiple valid ip's, which in turn, bog down the system because the service capacity is being constrained. By either maxing out or flooding a service by multiple requests, a system will either be shutdown or very difficult to use, regardless, the outcome is a denial of that service. We have come up with some solutions to how to punish the computers that participate in such an attack, voluntary or not.[14]<br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
===Case 3: Phishing:===<br />
Phishing provides an interesting challenge for a justice system as the deviant act involves a website that is perfectly legal. A phishing attack occurs when a user visits a website and enters information/clicks on a link expecting the site he/she is visiting to be secure. Unfortunately the site they have been directed to has been designed to imitate the appearance and behaviour of the site the user wishes to visit, but it is not actually the real webpage. As a result, a user may expose private information to parties that are not legally entitled to view the data. Although it is not illegal for the "fake site" to exist, the usage of the site is an act that must be addressed by the justice system.<br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
=Resources=<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8967DistOS-2011W Justice2011-03-28T16:26:29Z<p>Mchou2: /* Case 2: Denial of Service: */</p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four deviant acts; comment spam, unauthorized access, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame, this might allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementation=<br />
Designing a complete justice system implementation is far beyond the scope of this project. This does not mean it is not important to describe the important features that a fully functional system would require and outline the potential benefits and shortcomings of the system. In fact, our team could not come up with one complete system that would be feasible; instead we have two potential implementations each with there own positives and negatives. Although the implementations have separate modes of operation, they both take a teleologic-retributive approach to punishment; by this we mean punishment is necessary but we will not inflict punishmnets that will negatively affect the performance or stability of the distributed system.<br />
<br />
The remainder of this article will detail the two justice system implementations at a high level and describe how each system could handle three deviant behaviour scenarios; Comment Spam, Denial of Serice Attacks and Phishing.<br />
<br />
==Local "Justice Web" Implementation==<br />
* provide details of implementation here.<br />
<br />
==Global Implementation==<br />
* provide details of implementation here.<br />
<br />
==Use Case Investigation==<br />
<br />
===Case 1: Comment Spam:===<br />
The first deviant act we will investigate is comment spam. The type of spam we are focusing on are usually automated scripts which insert the same comment, usually including links to other destination websites, on forums of public sites. Although usually annoying, these comments can direct users to locations where malicious code may be introduced to unsuspecting users who trust the content of the original site where the forum was hosted. <br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
===Case 2: Denial of Service:===<br />
Denial of service is the act in which a service that is normally available is being accessed by either numerous ip's through ip spoofing or a distributed DoS attack which has multiple valid ip's, which in turn, bog down the system because the service capacity is being constrained. By either maxing out or flooding a service by multiple requests, a system will either be shutdown or very difficult to use, regardless, the outcome is a denial of that service. We have come up with some solutions to how to punish the computers that participate in such an attack, voluntary or not.[13]<br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
===Case 3: Phishing:===<br />
Phishing provides an interesting challenge for a justice system as the deviant act involves a website that is perfectly legal. A phishing attack occurs when a user visits a website and enters information/clicks on a link expecting the site he/she is visiting to be secure. Unfortunately the site they have been directed to has been designed to imitate the appearance and behaviour of the site the user wishes to visit, but it is not actually the real webpage. As a result, a user may expose private information to parties that are not legally entitled to view the data. Although it is not illegal for the "fake site" to exist, the usage of the site is an act that must be addressed by the justice system.<br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
=Resources=<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8966DistOS-2011W Justice2011-03-28T16:26:00Z<p>Mchou2: /* Case 2: Denial of Service: */</p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four deviant acts; comment spam, unauthorized access, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame, this might allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementation=<br />
Designing a complete justice system implementation is far beyond the scope of this project. This does not mean it is not important to describe the important features that a fully functional system would require and outline the potential benefits and shortcomings of the system. In fact, our team could not come up with one complete system that would be feasible; instead we have two potential implementations each with there own positives and negatives. Although the implementations have separate modes of operation, they both take a teleologic-retributive approach to punishment; by this we mean punishment is necessary but we will not inflict punishmnets that will negatively affect the performance or stability of the distributed system.<br />
<br />
The remainder of this article will detail the two justice system implementations at a high level and describe how each system could handle three deviant behaviour scenarios; Comment Spam, Denial of Serice Attacks and Phishing.<br />
<br />
==Local "Justice Web" Implementation==<br />
* provide details of implementation here.<br />
<br />
==Global Implementation==<br />
* provide details of implementation here.<br />
<br />
==Use Case Investigation==<br />
<br />
===Case 1: Comment Spam:===<br />
The first deviant act we will investigate is comment spam. The type of spam we are focusing on are usually automated scripts which insert the same comment, usually including links to other destination websites, on forums of public sites. Although usually annoying, these comments can direct users to locations where malicious code may be introduced to unsuspecting users who trust the content of the original site where the forum was hosted. <br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
===Case 2: Denial of Service:===<br />
Denial of service is the act in which a service that is normally available is being accessed by either numerous ip's through ip spoofing or a distributed DoS attack which has multiple valid ip's, which in turn, bog down the system because the service capacity is being constrained. By either maxing out or flooding a service by multiple requests, a system will either be shutdown or very difficult to use, regardless, the outcome is a denial of that service. We have come up with some solutions to how to punish the computers that participate in such an attack, voluntary or not.<br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
===Case 3: Phishing:===<br />
Phishing provides an interesting challenge for a justice system as the deviant act involves a website that is perfectly legal. A phishing attack occurs when a user visits a website and enters information/clicks on a link expecting the site he/she is visiting to be secure. Unfortunately the site they have been directed to has been designed to imitate the appearance and behaviour of the site the user wishes to visit, but it is not actually the real webpage. As a result, a user may expose private information to parties that are not legally entitled to view the data. Although it is not illegal for the "fake site" to exist, the usage of the site is an act that must be addressed by the justice system.<br />
<br />
====<u><i>Local Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
====<u><i>Global Implementation Solution:</i></u>====<br />
* provide details<br />
<br />
=Resources=<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8852DistOS-2011W Justice2011-03-22T13:27:48Z<p>Mchou2: /* Applying justice to computers */</p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four deviant acts; comment spam, unauthorized access, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame, this might allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementation=<br />
<br />
==Components Necessary for a Distributed Computer Justice System==<br />
<br />
===Reporting System===<br />
* needs to be limited so that it can not be spammed....maybe only a certain number of reports can be logged per day, per hour, etc.<br />
* all users need to be able to report a crime based on the known laws of the distributed system.<br />
<br />
===Evidence Logging System===<br />
<br />
===Morality Reputation (Rap Sheet)===<br />
<br />
<br />
==Proposed Implentation==<br />
<br />
===Case 1: Comment Spam:===<br />
<br />
===Case 2: Unauthorized Access:===<br />
<br />
===Case 3: Denial of Service:===<br />
<br />
===Case 4: Phishing:===<br />
<br />
<br />
<br />
=Resources=<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:DistOS-2011W_Justice&diff=8625Talk:DistOS-2011W Justice2011-03-17T02:44:49Z<p>Mchou2: </p>
<hr />
<div>==Meetings==<br />
<br />
===<u>Mar 01</u>===<br />
Early discussions on how we would define justice:<br />
* what are the components of justice?<br />
* should justice involve preventative measure or should it be strictly reactive?<br />
<br />
How would evidence be collected and logged?<br />
<br />
Discussions on what "punishment" means when referring to computers:<br />
* What can we do to punish or penalize computers?<br />
* Does it make sense to punish computers?<br />
<br />
Discussions on how human penal systems work:<br />
* do we want computer justice to be used to dissuade deviant behaviour or should it be used to punish those who have committed "bad" acts?<br />
* should we implement a system that catches/punishes all bad acts or just punish reported acts?<br />
* how will we classify deviant behaviour?<br />
** by the act itself <br />
** by the results of the act<br />
<br />
Discussed how there would need to be some sort of hierarchical justice system with figure heads who manage justice activities for their specific region:<br />
* collective internet justice: <b>Justice Web</b> or <b>JLA</b> (Justice Link Assessment)<br />
* each region patrolled by a justice managing unit:<br />
** Internet Batman (Gotham), Internet Superman (Metropolis), etc.<br />
<br />
Divided the task of finding research papers into 3 sections:<br />
* current ways to "punish" computers (Matthew)<br />
* ways to collect, log, categorize evidence of inappropriate behaviour (Thomas)<br />
* human methods of justice, various penal systems in our current and historical societies (Mike)<br />
<br />
===<u>Mar 03</u>===<br />
Initial discussions focused on how we were having difficulty finding papers related to the concept of justice in computers, so we focused on trying to determine exactly what justice should be in the realm of distributed computing:<br />
* punishing computers is difficult as computers do not care what task they are given, they just complete computations.<br />
* punishing people is not really the focus we need as that is what human laws are for.<br />
* if there is some way to punish a computer, does it make sense to punish computers that are being used for "bad" actions if the owner of the computer is unaware of this activity.<br />
** does this punishment really have a greater effect on the owner of the computer than the computer itself?<br />
<br />
Our new focus is to try and narrow down if the concept of justice actually has a place in distributed computing:<br />
* determine what purpose justice would serve...why would we have it?<br />
** if we decide justice is a necessary concept, the focus will become what is a "fair" way to apply punishment for "bad" actions.<br />
** if justice does not have a useful purpose then we must detail the reason that it is not beneficial.<br />
<br />
===<u>Mar 08</u>===<br />
*'''Definition of Justice''' - Can we separate the computer punishment from the user punishment?<br />
*'''Transparency''' - keeping "rap sheets" on what systems are doing/have done. If you were wrongfully accused for participating in a malicious attack, this can be clarified<br />
*'''Punishment''' - Computational puzzles for fighting unsolicited inbound traffic. <br />
*'''Morality rating''' - Systems get a "moral rating" that can go up or down. Based on this rating, more or less trust can be given to that system.<br />
<br />
<br />
<br />
Capital punishment? <br />
Financial sanction or imprisonment are our current way of punishment. they're expensive (maintain databases, keeping state, paying for prisons). <br />
<br />
bodily harm - limited time to perform. the fact that they've been punished is visible. losing hands, losing eyes, people can see that. information propagates because the authorities make an example of someone. <br />
<br />
maybe the solution is to restrict protocols if you have a low morality rating. for e.g., you can restrict encryption and compression, which means anything you do will be publicly visible.<br />
<br />
===<u>Mar 10</u>===<br />
<br />
* Offender Registration: Global list of morality registered for perusal of other networks.<br />
* Encrypted logs on client-side<br />
** Reporting with tangible evidence<br />
* Compensation for crimes<br />
* virus notification<br />
* detrimental to attacker buying a new computer, rather than total prevention<br />
** assumption that computer can always be identified<br />
* virus as umbrella group for mobile code<br />
** active attackers punished differently from passive attackers<br />
* Research Topics:<br />
** What is Justice?<br />
*** Mike<br />
** Justice in terms of computers.<br />
*** Matthew<br />
** Crime and Punishment.<br />
*** David<br />
** Justice Web<br />
*** Thomas McMahon<br />
<br />
==Research Documentation==<br />
<br />
===Virtual Punishment===<br />
I am currently reading a part of this book for some details on virtual punishment and a bit of history that this guy wrote about, but not sure if there is much there yet. [http://books.google.ca/books?hl=en&lr=&id=KacfpI0zYAUC&oi=fnd&pg=PA206&dq=punishing+computers&ots=YhI8lfMo1F&sig=c7MqOVjR-9QKjj5_ANi0yyxYiAA#v=onepage&q=punishing%20computers&f=false link] --[[User:Mchou2|Mchou2]] 03:29, 3 March 2011 (UTC)<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.101.2723&rep=rep1&type=pdf Responsible Computers?]<br />
<br />
===Theory of Justice===<br />
<br />
Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
* This book provides a view of Justice that may serve the purpose of distributed computing. Rawls describes justice as serving two primary functions; <br />
1. Assign rights and duties for the basic institutions of society.<br />
2. Describe the best way to distribute the benefits and burdens of society.<br />
*If we take this view of justice, as opposed to a penalty-centric view, then justice may have a place in distributed computing. For our purposes, justice could be the basic guidelines to which all members of a distributed society must conform in order for the system to be stable and efficient. Obviously this view is an "all-in" type approach and may be more difficult to describe in terms of being incrementally deployable.<br />
<br />
<br />
===The Birth of Prison===<br />
Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
* Foucault's book focuses on how punishment evolved from medevil methods "draw and quarter" to modern prison methods. These two methods of justiceare differentiated by the way in which punishment is carried out. For medevil, or "Monarchical Punishment", the population is discouraged from doing bad acts by the public, and brutal, way that punishment is exacted. The punishments included torture and executions. On the other hand, Foucault discusses "Disciplinary Punishment" where there are people deemed as experts who have power over the perpetrator of a "bad" act and handle the punishment of the individual. An example of this is a prison guard who determines how long a prisoner stays in jail.<br />
*For a distributed computing system, this provides a couple of ways that justice could be enforced. If we think of the general distributed system as a free zone in which computers can act how they wish but there are laws in place to describe "bad" acts. If a computer is caught and convicted of doing something against the described laws, then the computer could be tortured (forced to provide more resources to other computers), executed (completly removed from the system) or potentially placed under the care of a supervisor computer who will allow the "bad" computer to continue to participate in certain, restricted actions until the professional (supervisor) computer approves of releasing the "bad" computer back to the general system. The supervisor computer may actually be controlled by a human who is trying to resolve the issue on the offending computer.<br />
* Another concept worth investigating is that of Foucault's "Panopticon" which is a prison in which everything can be seen. This can also be extended from the strictly prison sense to the level of daily interactions between people and the idea of shame. Most rules are followed because of the knowledge that those around you will see what you have done and their view of you will change, you will have a social stygma. If this is adopted by the computers, through some reputation mechanism, then maybe distributed computing relationships could be formed and altered based on the actions conducted by individual computers.<br />
<br />
<br />
===Ecce Homo & The Anarchist===<br />
Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
* If we were going to add shame/stygma to computers, there would need to be some mechanism to manage what is good and what is bad. Nietzsche's work could provide a basis for this computer moral code as he describes two different forms of morality based on two different social position: "master-morality" and "slave-morality".<br />
** Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic.<br />
** Slave-morality is split on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.<br />
* Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
*If this morality was tied to the reputation component, then all computers would be able to know how other computers "socially" behave. This would further allow punishment methods, as described in the above Foucault section, to be handed out based on how "bad" a computer is and the affending computer can only be released when it's morality is deemed appropriate by the supervising (professional) computer.<br />
<br />
=== Crime and Punishment ===<br />
This is just a little placeholder for some thoughts before I post them to the main page. <br />
<br />
'''Limiting capabilities'''<br />
Anil mentioned in class the possibility of revoking or limiting capabilities if a user/computer has been found to be guilty of a crime. For example, the computer could somehow lose its ability to perform encryption or secure communications. Somewhat related is the idea of cpu-throttling by performing additional work (explained in the section below). <br />
<br />
'''Proof-of-Work'''<br />
There has been a lot of research done in the area of computational puzzles to fight spam. The idea is that there is currently very little cost associated with sending spam (much less than .01c per email), so we want to make it a bit more "expensive" for spammers to achieve their goal. One solution is to have any email-sending computer perform some type of computational puzzle every time an email is sent. The result of the computation is appended to the email and can be verified by the recipient. One example is to find a string that when hashed gives a result smaller or larger than a specific value. You can statistically predict how long such a computation would take, and you could tweak it to be some particular value (10s, 1m, etc). <br />
<br />
I see this as being related to justice, because each self-governing entity can set up these proof-of-work requirements and adjust the difficulty for "trusted" entities and "untrusted" ones. The difficulty can also be increased for entities that misbehave, resulting in a kind of punishment. These punished systems would have to do more computation (e.g., 10m, 1hr) before they're allowed to communicate with someone else. <br />
<br />
I have some ideas on how you could technically do this, which we can discuss in class. And now some links:<br />
<br />
[https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6 https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6]<br />
[http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx]<br />
<br />
'''Unique identifiers''' <br />
How are machines identified? Although this problem is related to attribution and there's another team working on it, we can make some basic assumptions that each machine is identifiable. This identifier should be able to survive a reformat, but buying a new machine would get you a new identifier. We might argue that this is fine, because all we're trying to do is raise the price an attacker has to pay to commit a crime (i.e., buy more machines).<br />
<br />
===Gathering Evidence===<br />
<br />
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4489680&tag=1<br />
<br />
Above is a paper that proposes using statistical data to differentiate between legitimate and illegitimate traffic during a DDoS attack. While the paper proposes the statistics to be used for blocking bad traffic, the same logic can be applied to gathering evidence against the attackers of a DDoS. It gets pretty heavy into the statistical analysis, so it'd probably be better to read the paper than me attempting to explain it. <br />
Basically, it's meant to detect a DDoS that is purposefully disguised as a traffic flood. This means that Justice can be properly served to malicious computers as opposed to too many computers wanting your resources.<br />
<br />
http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=01219052<br />
<br />
Above is a paper that discusses the idea of computer forensics, and what is needed in order to gather and manage evidence. Although it is meant to be applied to a human level of judgement, computers may be capable of processing this evidence effectively. Logs maintained by routers and local devices may be used as evidence, provided that there be a way to encrypt the data in a way that preserves the original form. It also discusses the challenge of presenting computer related evidence to non-technical jurors, but this is not a concern for computer level management. All that is required for computer forensics to work is additional software being run on select computers to process and preserve any evidence gathered.<br />
<br />
===CFAA Computer Fraud and Abuse Act===<br />
<br />
In terms of justice, there has been an act that has specifications to what cyber crimes and of what caliber they should be categorized in. One fundamental idea that is followed is the mens rea, which is defined as the "mental state" of a crime. "The Model Penal Code ("MPC") lists four levels of mens rea -- purposely, knowingly, recklessly, and negligently. The MPC categories range from the highest level, purposely, to the lowest level, negligently. These mens rea levels are further divided into high and low mens rea requirements. The high mens rea levels include acts criminals do intentionally and knowingly. The low mens rea levels include acts criminals do recklessly, negligently, and with strict liability. Criminals have a higher level of mens rea when their intent is more specific; therefore, they are more blameworthy. With these differing mens rea categories in mind, Congress drafted CFAA to address computer crimes occurring on the Internet."[http://www.lawtechjournal.com/archives/blt/i3-hh.html]<br />
<br />
Reading into the decisions they have made to update the CFAA brings up topics of how users who "intentionally" do harm, as well as users unknowingly participating, or even attempting to help the system by hurting it and fixing it ([http://scholar.google.com/scholar_case?case=551386241451639668 Morris]).<br />
<br />
Another note is that how there are laws and rules being made for humans to be penalized for such negative cyber actions, but even before penalty, it is important to setup a secure enough system that will try to mitigate such negative actions that can take place.Just as how workers in a business must be educated on detecting malicious software and other vulnerabilities in order to further secure the system. By setting up stand alone protection on each system would prevent the need to punish certain acts since they would be impossible to occur. [http://www.witsa.org/papers/McConnell-cybercrime.pdf Law is only part of the answer]<br />
<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
<br />
[http://www.computer.org/portal/web/csdl/doi/10.1109/ICDCS.2006.78 Prevent DOS by preventing spoofing]<br />
<br />
Also looking at Ingress filtering is also another good method to prevent users on a network from spoofing ips for DOS attacks. [http://delivery.acm.org.proxy.library.carleton.ca/10.1145/350000/347560/p295-savage.pdf?key1=347560&key2=5289230031&coll=DL&dl=ACM&ip=134.117.10.200&CFID=14033754&CFTOKEN=82498533 link]</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:DistOS-2011W_Justice&diff=8624Talk:DistOS-2011W Justice2011-03-17T02:44:37Z<p>Mchou2: </p>
<hr />
<div>==Meetings==<br />
<br />
===<u>Mar 01</u>===<br />
Early discussions on how we would define justice:<br />
* what are the components of justice?<br />
* should justice involve preventative measure or should it be strictly reactive?<br />
<br />
How would evidence be collected and logged?<br />
<br />
Discussions on what "punishment" means when referring to computers:<br />
* What can we do to punish or penalize computers?<br />
* Does it make sense to punish computers?<br />
<br />
Discussions on how human penal systems work:<br />
* do we want computer justice to be used to dissuade deviant behaviour or should it be used to punish those who have committed "bad" acts?<br />
* should we implement a system that catches/punishes all bad acts or just punish reported acts?<br />
* how will we classify deviant behaviour?<br />
** by the act itself <br />
** by the results of the act<br />
<br />
Discussed how there would need to be some sort of hierarchical justice system with figure heads who manage justice activities for their specific region:<br />
* collective internet justice: <b>Justice Web</b> or <b>JLA</b> (Justice Link Assessment)<br />
* each region patrolled by a justice managing unit:<br />
** Internet Batman (Gotham), Internet Superman (Metropolis), etc.<br />
<br />
Divided the task of finding research papers into 3 sections:<br />
* current ways to "punish" computers (Matthew)<br />
* ways to collect, log, categorize evidence of inappropriate behaviour (Thomas)<br />
* human methods of justice, various penal systems in our current and historical societies (Mike)<br />
<br />
===<u>Mar 03</u>===<br />
Initial discussions focused on how we were having difficulty finding papers related to the concept of justice in computers, so we focused on trying to determine exactly what justice should be in the realm of distributed computing:<br />
* punishing computers is difficult as computers do not care what task they are given, they just complete computations.<br />
* punishing people is not really the focus we need as that is what human laws are for.<br />
* if there is some way to punish a computer, does it make sense to punish computers that are being used for "bad" actions if the owner of the computer is unaware of this activity.<br />
** does this punishment really have a greater effect on the owner of the computer than the computer itself?<br />
<br />
Our new focus is to try and narrow down if the concept of justice actually has a place in distributed computing:<br />
* determine what purpose justice would serve...why would we have it?<br />
** if we decide justice is a necessary concept, the focus will become what is a "fair" way to apply punishment for "bad" actions.<br />
** if justice does not have a useful purpose then we must detail the reason that it is not beneficial.<br />
<br />
===<u>Mar 08</u>===<br />
*'''Definition of Justice''' - Can we separate the computer punishment from the user punishment?<br />
*'''Transparency''' - keeping "rap sheets" on what systems are doing/have done. If you were wrongfully accused for participating in a malicious attack, this can be clarified<br />
*'''Punishment''' - Computational puzzles for fighting unsolicited inbound traffic. <br />
*'''Morality rating''' - Systems get a "moral rating" that can go up or down. Based on this rating, more or less trust can be given to that system.<br />
<br />
<br />
<br />
Capital punishment? <br />
Financial sanction or imprisonment are our current way of punishment. they're expensive (maintain databases, keeping state, paying for prisons). <br />
<br />
bodily harm - limited time to perform. the fact that they've been punished is visible. losing hands, losing eyes, people can see that. information propagates because the authorities make an example of someone. <br />
<br />
maybe the solution is to restrict protocols if you have a low morality rating. for e.g., you can restrict encryption and compression, which means anything you do will be publicly visible.<br />
<br />
===<u>Mar 10</u>===<br />
<br />
* Offender Registration: Global list of morality registered for perusal of other networks.<br />
* Encrypted logs on client-side<br />
** Reporting with tangible evidence<br />
* Compensation for crimes<br />
* virus notification<br />
* detrimental to attacker buying a new computer, rather than total prevention<br />
** assumption that computer can always be identified<br />
* virus as umbrella group for mobile code<br />
** active attackers punished differently from passive attackers<br />
* Research Topics:<br />
** What is Justice?<br />
*** Mike<br />
** Justice in terms of computers.<br />
*** Matthew<br />
** Crime and Punishment.<br />
*** David<br />
** Justice Web<br />
*** Thomas McMahon<br />
<br />
==Research Documentation==<br />
<br />
===Virtual Punishment===<br />
I am currently reading a part of this book for some details on virtual punishment and a bit of history that this guy wrote about, but not sure if there is much there yet. [http://books.google.ca/books?hl=en&lr=&id=KacfpI0zYAUC&oi=fnd&pg=PA206&dq=punishing+computers&ots=YhI8lfMo1F&sig=c7MqOVjR-9QKjj5_ANi0yyxYiAA#v=onepage&q=punishing%20computers&f=false link] --[[User:Mchou2|Mchou2]] 03:29, 3 March 2011 (UTC)<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.101.2723&rep=rep1&type=pdf Responsible Computers?]<br />
<br />
===Theory of Justice===<br />
<br />
Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
* This book provides a view of Justice that may serve the purpose of distributed computing. Rawls describes justice as serving two primary functions; <br />
1. Assign rights and duties for the basic institutions of society.<br />
2. Describe the best way to distribute the benefits and burdens of society.<br />
*If we take this view of justice, as opposed to a penalty-centric view, then justice may have a place in distributed computing. For our purposes, justice could be the basic guidelines to which all members of a distributed society must conform in order for the system to be stable and efficient. Obviously this view is an "all-in" type approach and may be more difficult to describe in terms of being incrementally deployable.<br />
<br />
<br />
===The Birth of Prison===<br />
Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
* Foucault's book focuses on how punishment evolved from medevil methods "draw and quarter" to modern prison methods. These two methods of justiceare differentiated by the way in which punishment is carried out. For medevil, or "Monarchical Punishment", the population is discouraged from doing bad acts by the public, and brutal, way that punishment is exacted. The punishments included torture and executions. On the other hand, Foucault discusses "Disciplinary Punishment" where there are people deemed as experts who have power over the perpetrator of a "bad" act and handle the punishment of the individual. An example of this is a prison guard who determines how long a prisoner stays in jail.<br />
*For a distributed computing system, this provides a couple of ways that justice could be enforced. If we think of the general distributed system as a free zone in which computers can act how they wish but there are laws in place to describe "bad" acts. If a computer is caught and convicted of doing something against the described laws, then the computer could be tortured (forced to provide more resources to other computers), executed (completly removed from the system) or potentially placed under the care of a supervisor computer who will allow the "bad" computer to continue to participate in certain, restricted actions until the professional (supervisor) computer approves of releasing the "bad" computer back to the general system. The supervisor computer may actually be controlled by a human who is trying to resolve the issue on the offending computer.<br />
* Another concept worth investigating is that of Foucault's "Panopticon" which is a prison in which everything can be seen. This can also be extended from the strictly prison sense to the level of daily interactions between people and the idea of shame. Most rules are followed because of the knowledge that those around you will see what you have done and their view of you will change, you will have a social stygma. If this is adopted by the computers, through some reputation mechanism, then maybe distributed computing relationships could be formed and altered based on the actions conducted by individual computers.<br />
<br />
<br />
===Ecce Homo & The Anarchist===<br />
Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
* If we were going to add shame/stygma to computers, there would need to be some mechanism to manage what is good and what is bad. Nietzsche's work could provide a basis for this computer moral code as he describes two different forms of morality based on two different social position: "master-morality" and "slave-morality".<br />
** Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic.<br />
** Slave-morality is split on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.<br />
* Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
*If this morality was tied to the reputation component, then all computers would be able to know how other computers "socially" behave. This would further allow punishment methods, as described in the above Foucault section, to be handed out based on how "bad" a computer is and the affending computer can only be released when it's morality is deemed appropriate by the supervising (professional) computer.<br />
<br />
=== Crime and Punishment ===<br />
This is just a little placeholder for some thoughts before I post them to the main page. <br />
<br />
'''Limiting capabilities'''<br />
Anil mentioned in class the possibility of revoking or limiting capabilities if a user/computer has been found to be guilty of a crime. For example, the computer could somehow lose its ability to perform encryption or secure communications. Somewhat related is the idea of cpu-throttling by performing additional work (explained in the section below). <br />
<br />
'''Proof-of-Work'''<br />
There has been a lot of research done in the area of computational puzzles to fight spam. The idea is that there is currently very little cost associated with sending spam (much less than .01c per email), so we want to make it a bit more "expensive" for spammers to achieve their goal. One solution is to have any email-sending computer perform some type of computational puzzle every time an email is sent. The result of the computation is appended to the email and can be verified by the recipient. One example is to find a string that when hashed gives a result smaller or larger than a specific value. You can statistically predict how long such a computation would take, and you could tweak it to be some particular value (10s, 1m, etc). <br />
<br />
I see this as being related to justice, because each self-governing entity can set up these proof-of-work requirements and adjust the difficulty for "trusted" entities and "untrusted" ones. The difficulty can also be increased for entities that misbehave, resulting in a kind of punishment. These punished systems would have to do more computation (e.g., 10m, 1hr) before they're allowed to communicate with someone else. <br />
<br />
I have some ideas on how you could technically do this, which we can discuss in class. And now some links:<br />
<br />
[https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6 https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6]<br />
[http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx]<br />
<br />
'''Unique identifiers''' <br />
How are machines identified? Although this problem is related to attribution and there's another team working on it, we can make some basic assumptions that each machine is identifiable. This identifier should be able to survive a reformat, but buying a new machine would get you a new identifier. We might argue that this is fine, because all we're trying to do is raise the price an attacker has to pay to commit a crime (i.e., buy more machines).<br />
<br />
===Gathering Evidence===<br />
<br />
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4489680&tag=1<br />
<br />
Above is a paper that proposes using statistical data to differentiate between legitimate and illegitimate traffic during a DDoS attack. While the paper proposes the statistics to be used for blocking bad traffic, the same logic can be applied to gathering evidence against the attackers of a DDoS. It gets pretty heavy into the statistical analysis, so it'd probably be better to read the paper than me attempting to explain it. <br />
Basically, it's meant to detect a DDoS that is purposefully disguised as a traffic flood. This means that Justice can be properly served to malicious computers as opposed to too many computers wanting your resources.<br />
<br />
http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=01219052<br />
<br />
Above is a paper that discusses the idea of computer forensics, and what is needed in order to gather and manage evidence. Although it is meant to be applied to a human level of judgement, computers may be capable of processing this evidence effectively. Logs maintained by routers and local devices may be used as evidence, provided that there be a way to encrypt the data in a way that preserves the original form. It also discusses the challenge of presenting computer related evidence to non-technical jurors, but this is not a concern for computer level management. All that is required for computer forensics to work is additional software being run on select computers to process and preserve any evidence gathered.<br />
<br />
===CFAA Computer Fraud and Abuse Act===<br />
<br />
In terms of justice, there has been an act that has specifications to what cyber crimes and of what caliber they should be categorized in. One fundamental idea that is followed is the mens rea, which is defined as the "mental state" of a crime. "The Model Penal Code ("MPC") lists four levels of mens rea -- purposely, knowingly, recklessly, and negligently. The MPC categories range from the highest level, purposely, to the lowest level, negligently. These mens rea levels are further divided into high and low mens rea requirements. The high mens rea levels include acts criminals do intentionally and knowingly. The low mens rea levels include acts criminals do recklessly, negligently, and with strict liability. Criminals have a higher level of mens rea when their intent is more specific; therefore, they are more blameworthy. With these differing mens rea categories in mind, Congress drafted CFAA to address computer crimes occurring on the Internet."[http://www.lawtechjournal.com/archives/blt/i3-hh.html]<br />
<br />
Reading into the decisions they have made to update the CFAA brings up topics of how users who "intentionally" do harm, as well as users unknowingly participating, or even attempting to help the system by hurting it and fixing it ([http://scholar.google.com/scholar_case?case=551386241451639668 Morris]).<br />
<br />
Another note is that how there are laws and rules being made for humans to be penalized for such negative cyber actions, but even before penalty, it is important to setup a secure enough system that will try to mitigate such negative actions that can take place.Just as how workers in a business must be educated on detecting malicious software and other vulnerabilities in order to further secure the system. By setting up stand alone protection on each system would prevent the need to punish certain acts since they would be impossible to occur. [http://www.witsa.org/papers/McConnell-cybercrime.pdf Law is only part of the answer]<br />
<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
<br />
[http://www.computer.org/portal/web/csdl/doi/10.1109/ICDCS.2006.78 Prevent DOS by preventing spoofing]<br />
Also looking at Ingress filtering is also another good method to prevent users on a network from spoofing ips for DOS attacks. [http://delivery.acm.org.proxy.library.carleton.ca/10.1145/350000/347560/p295-savage.pdf?key1=347560&key2=5289230031&coll=DL&dl=ACM&ip=134.117.10.200&CFID=14033754&CFTOKEN=82498533 link]</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:DistOS-2011W_Justice&diff=8623Talk:DistOS-2011W Justice2011-03-17T02:40:56Z<p>Mchou2: </p>
<hr />
<div>==Meetings==<br />
<br />
===<u>Mar 01</u>===<br />
Early discussions on how we would define justice:<br />
* what are the components of justice?<br />
* should justice involve preventative measure or should it be strictly reactive?<br />
<br />
How would evidence be collected and logged?<br />
<br />
Discussions on what "punishment" means when referring to computers:<br />
* What can we do to punish or penalize computers?<br />
* Does it make sense to punish computers?<br />
<br />
Discussions on how human penal systems work:<br />
* do we want computer justice to be used to dissuade deviant behaviour or should it be used to punish those who have committed "bad" acts?<br />
* should we implement a system that catches/punishes all bad acts or just punish reported acts?<br />
* how will we classify deviant behaviour?<br />
** by the act itself <br />
** by the results of the act<br />
<br />
Discussed how there would need to be some sort of hierarchical justice system with figure heads who manage justice activities for their specific region:<br />
* collective internet justice: <b>Justice Web</b> or <b>JLA</b> (Justice Link Assessment)<br />
* each region patrolled by a justice managing unit:<br />
** Internet Batman (Gotham), Internet Superman (Metropolis), etc.<br />
<br />
Divided the task of finding research papers into 3 sections:<br />
* current ways to "punish" computers (Matthew)<br />
* ways to collect, log, categorize evidence of inappropriate behaviour (Thomas)<br />
* human methods of justice, various penal systems in our current and historical societies (Mike)<br />
<br />
===<u>Mar 03</u>===<br />
Initial discussions focused on how we were having difficulty finding papers related to the concept of justice in computers, so we focused on trying to determine exactly what justice should be in the realm of distributed computing:<br />
* punishing computers is difficult as computers do not care what task they are given, they just complete computations.<br />
* punishing people is not really the focus we need as that is what human laws are for.<br />
* if there is some way to punish a computer, does it make sense to punish computers that are being used for "bad" actions if the owner of the computer is unaware of this activity.<br />
** does this punishment really have a greater effect on the owner of the computer than the computer itself?<br />
<br />
Our new focus is to try and narrow down if the concept of justice actually has a place in distributed computing:<br />
* determine what purpose justice would serve...why would we have it?<br />
** if we decide justice is a necessary concept, the focus will become what is a "fair" way to apply punishment for "bad" actions.<br />
** if justice does not have a useful purpose then we must detail the reason that it is not beneficial.<br />
<br />
===<u>Mar 08</u>===<br />
*'''Definition of Justice''' - Can we separate the computer punishment from the user punishment?<br />
*'''Transparency''' - keeping "rap sheets" on what systems are doing/have done. If you were wrongfully accused for participating in a malicious attack, this can be clarified<br />
*'''Punishment''' - Computational puzzles for fighting unsolicited inbound traffic. <br />
*'''Morality rating''' - Systems get a "moral rating" that can go up or down. Based on this rating, more or less trust can be given to that system.<br />
<br />
<br />
<br />
Capital punishment? <br />
Financial sanction or imprisonment are our current way of punishment. they're expensive (maintain databases, keeping state, paying for prisons). <br />
<br />
bodily harm - limited time to perform. the fact that they've been punished is visible. losing hands, losing eyes, people can see that. information propagates because the authorities make an example of someone. <br />
<br />
maybe the solution is to restrict protocols if you have a low morality rating. for e.g., you can restrict encryption and compression, which means anything you do will be publicly visible.<br />
<br />
===<u>Mar 10</u>===<br />
<br />
* Offender Registration: Global list of morality registered for perusal of other networks.<br />
* Encrypted logs on client-side<br />
** Reporting with tangible evidence<br />
* Compensation for crimes<br />
* virus notification<br />
* detrimental to attacker buying a new computer, rather than total prevention<br />
** assumption that computer can always be identified<br />
* virus as umbrella group for mobile code<br />
** active attackers punished differently from passive attackers<br />
* Research Topics:<br />
** What is Justice?<br />
*** Mike<br />
** Justice in terms of computers.<br />
*** Matthew<br />
** Crime and Punishment.<br />
*** David<br />
** Justice Web<br />
*** Thomas McMahon<br />
<br />
==Research Documentation==<br />
<br />
===Virtual Punishment===<br />
I am currently reading a part of this book for some details on virtual punishment and a bit of history that this guy wrote about, but not sure if there is much there yet. [http://books.google.ca/books?hl=en&lr=&id=KacfpI0zYAUC&oi=fnd&pg=PA206&dq=punishing+computers&ots=YhI8lfMo1F&sig=c7MqOVjR-9QKjj5_ANi0yyxYiAA#v=onepage&q=punishing%20computers&f=false link] --[[User:Mchou2|Mchou2]] 03:29, 3 March 2011 (UTC)<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.101.2723&rep=rep1&type=pdf Responsible Computers?]<br />
<br />
===Theory of Justice===<br />
<br />
Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
* This book provides a view of Justice that may serve the purpose of distributed computing. Rawls describes justice as serving two primary functions; <br />
1. Assign rights and duties for the basic institutions of society.<br />
2. Describe the best way to distribute the benefits and burdens of society.<br />
*If we take this view of justice, as opposed to a penalty-centric view, then justice may have a place in distributed computing. For our purposes, justice could be the basic guidelines to which all members of a distributed society must conform in order for the system to be stable and efficient. Obviously this view is an "all-in" type approach and may be more difficult to describe in terms of being incrementally deployable.<br />
<br />
<br />
===The Birth of Prison===<br />
Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
* Foucault's book focuses on how punishment evolved from medevil methods "draw and quarter" to modern prison methods. These two methods of justiceare differentiated by the way in which punishment is carried out. For medevil, or "Monarchical Punishment", the population is discouraged from doing bad acts by the public, and brutal, way that punishment is exacted. The punishments included torture and executions. On the other hand, Foucault discusses "Disciplinary Punishment" where there are people deemed as experts who have power over the perpetrator of a "bad" act and handle the punishment of the individual. An example of this is a prison guard who determines how long a prisoner stays in jail.<br />
*For a distributed computing system, this provides a couple of ways that justice could be enforced. If we think of the general distributed system as a free zone in which computers can act how they wish but there are laws in place to describe "bad" acts. If a computer is caught and convicted of doing something against the described laws, then the computer could be tortured (forced to provide more resources to other computers), executed (completly removed from the system) or potentially placed under the care of a supervisor computer who will allow the "bad" computer to continue to participate in certain, restricted actions until the professional (supervisor) computer approves of releasing the "bad" computer back to the general system. The supervisor computer may actually be controlled by a human who is trying to resolve the issue on the offending computer.<br />
* Another concept worth investigating is that of Foucault's "Panopticon" which is a prison in which everything can be seen. This can also be extended from the strictly prison sense to the level of daily interactions between people and the idea of shame. Most rules are followed because of the knowledge that those around you will see what you have done and their view of you will change, you will have a social stygma. If this is adopted by the computers, through some reputation mechanism, then maybe distributed computing relationships could be formed and altered based on the actions conducted by individual computers.<br />
<br />
<br />
===Ecce Homo & The Anarchist===<br />
Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
* If we were going to add shame/stygma to computers, there would need to be some mechanism to manage what is good and what is bad. Nietzsche's work could provide a basis for this computer moral code as he describes two different forms of morality based on two different social position: "master-morality" and "slave-morality".<br />
** Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic.<br />
** Slave-morality is split on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.<br />
* Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
*If this morality was tied to the reputation component, then all computers would be able to know how other computers "socially" behave. This would further allow punishment methods, as described in the above Foucault section, to be handed out based on how "bad" a computer is and the affending computer can only be released when it's morality is deemed appropriate by the supervising (professional) computer.<br />
<br />
=== Crime and Punishment ===<br />
This is just a little placeholder for some thoughts before I post them to the main page. <br />
<br />
'''Limiting capabilities'''<br />
Anil mentioned in class the possibility of revoking or limiting capabilities if a user/computer has been found to be guilty of a crime. For example, the computer could somehow lose its ability to perform encryption or secure communications. Somewhat related is the idea of cpu-throttling by performing additional work (explained in the section below). <br />
<br />
'''Proof-of-Work'''<br />
There has been a lot of research done in the area of computational puzzles to fight spam. The idea is that there is currently very little cost associated with sending spam (much less than .01c per email), so we want to make it a bit more "expensive" for spammers to achieve their goal. One solution is to have any email-sending computer perform some type of computational puzzle every time an email is sent. The result of the computation is appended to the email and can be verified by the recipient. One example is to find a string that when hashed gives a result smaller or larger than a specific value. You can statistically predict how long such a computation would take, and you could tweak it to be some particular value (10s, 1m, etc). <br />
<br />
I see this as being related to justice, because each self-governing entity can set up these proof-of-work requirements and adjust the difficulty for "trusted" entities and "untrusted" ones. The difficulty can also be increased for entities that misbehave, resulting in a kind of punishment. These punished systems would have to do more computation (e.g., 10m, 1hr) before they're allowed to communicate with someone else. <br />
<br />
I have some ideas on how you could technically do this, which we can discuss in class. And now some links:<br />
<br />
[https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6 https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6]<br />
[http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx]<br />
<br />
'''Unique identifiers''' <br />
How are machines identified? Although this problem is related to attribution and there's another team working on it, we can make some basic assumptions that each machine is identifiable. This identifier should be able to survive a reformat, but buying a new machine would get you a new identifier. We might argue that this is fine, because all we're trying to do is raise the price an attacker has to pay to commit a crime (i.e., buy more machines).<br />
<br />
===Gathering Evidence===<br />
<br />
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4489680&tag=1<br />
<br />
Above is a paper that proposes using statistical data to differentiate between legitimate and illegitimate traffic during a DDoS attack. While the paper proposes the statistics to be used for blocking bad traffic, the same logic can be applied to gathering evidence against the attackers of a DDoS. It gets pretty heavy into the statistical analysis, so it'd probably be better to read the paper than me attempting to explain it. <br />
Basically, it's meant to detect a DDoS that is purposefully disguised as a traffic flood. This means that Justice can be properly served to malicious computers as opposed to too many computers wanting your resources.<br />
<br />
http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=01219052<br />
<br />
Above is a paper that discusses the idea of computer forensics, and what is needed in order to gather and manage evidence. Although it is meant to be applied to a human level of judgement, computers may be capable of processing this evidence effectively. Logs maintained by routers and local devices may be used as evidence, provided that there be a way to encrypt the data in a way that preserves the original form. It also discusses the challenge of presenting computer related evidence to non-technical jurors, but this is not a concern for computer level management. All that is required for computer forensics to work is additional software being run on select computers to process and preserve any evidence gathered.<br />
<br />
===CFAA Computer Fraud and Abuse Act===<br />
<br />
In terms of justice, there has been an act that has specifications to what cyber crimes and of what caliber they should be categorized in. One fundamental idea that is followed is the mens rea, which is defined as the "mental state" of a crime. "The Model Penal Code ("MPC") lists four levels of mens rea -- purposely, knowingly, recklessly, and negligently. The MPC categories range from the highest level, purposely, to the lowest level, negligently. These mens rea levels are further divided into high and low mens rea requirements. The high mens rea levels include acts criminals do intentionally and knowingly. The low mens rea levels include acts criminals do recklessly, negligently, and with strict liability. Criminals have a higher level of mens rea when their intent is more specific; therefore, they are more blameworthy. With these differing mens rea categories in mind, Congress drafted CFAA to address computer crimes occurring on the Internet."[http://www.lawtechjournal.com/archives/blt/i3-hh.html]<br />
<br />
Reading into the decisions they have made to update the CFAA brings up topics of how users who "intentionally" do harm, as well as users unknowingly participating, or even attempting to help the system by hurting it and fixing it ([http://scholar.google.com/scholar_case?case=551386241451639668 Morris]).<br />
<br />
Another note is that how there are laws and rules being made for humans to be penalized for such negative cyber actions, but even before penalty, it is important to setup a secure enough system that will try to mitigate such negative actions that can take place.Just as how workers in a business must be educated on detecting malicious software and other vulnerabilities in order to further secure the system. By setting up stand alone protection on each system would prevent the need to punish certain acts since they would be impossible to occur. [http://www.witsa.org/papers/McConnell-cybercrime.pdf Law is only part of the answer]<br />
<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
<br />
[http://www.computer.org/portal/web/csdl/doi/10.1109/ICDCS.2006.78 Prevent DOS by preventing spoofing]<br />
Also looking at Ingress filtering is also another good method to prevent users on a network from spoofing ips for DOS attacks.</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8622DistOS-2011W Justice2011-03-17T02:26:04Z<p>Mchou2: /* Applying justice to computers */</p>
<hr />
<div>=Members=<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
=Abstract=<br />
<br />
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence. <br />
<br />
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four deviant acts; comment spam, unauthorized access, denial of service, and phishing attacks.<br />
<br/><br />
<br/><br />
<br />
=Can Justice be Implemented on a Distributed Computing System: Discussion=<br />
<br />
In this section we present definitions of human justice and punishment. It is important to understand these concepts so that we can use them as a template to create a system of justice for a distributed computing environment. This section also includes definitions of key concepts related to justice and how they relate to potential justice in the realm of computers.<br />
<br/><br />
<br/><br />
==What is Justice?==<br />
<br />
===<u>Theory of Justice</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. <br />
<br />
In order for a society to uphold justice it must possess the ability to punish those who behave in a deviant manner. From a philosophical point of view, there are three main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
<br />
====Teleologic View of Punishment:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive View of Punishment:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive View of Punishment:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Morality:====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
<br />
====Intent:====<br />
=====Mens Rea - state of the mind:=====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
For a computer, there is no such thing as "intent", there is only computation. As such, discovering the intent of a computer is a meaningless task. To handle this issue a system of justice for computers can take one of two approaches; it can attempt to discover the intent of the user of the computer before distribution of punishment, or it can punish all perpetrators of an act with the same severity regardless of intent. If a computer justice system attempts to discover the intent of the human operating a computer then this system must involve a human who can decipher human reason. This would create a justice system that would have a bottleneck at the human investigation point. For our purposes, we propose that all perpetrators of a deviant act are punished with the same severity to prevent the need for human interventions/investigations.<br />
<br />
=====Computer Fraud and Abuse Act:=====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
==Justice Involving Computers==<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame will possible allow for a justice system to be implemented onto computers.<br />
<br />
=Possible Implementation=<br />
<br />
==Components Necessary for a Distributed Computer Justice System==<br />
<br />
===Reporting System===<br />
* needs to be limited so that it can not be spammed....maybe only a certain number of reports can be logged per day, per hour, etc.<br />
* all users need to be able to report a crime based on the known laws of the distributed system.<br />
<br />
===Evidence Logging System===<br />
<br />
===Morality Reputation (Rap Sheet)===<br />
<br />
<br />
==Proposed Implentation==<br />
<br />
===Case 1: Comment Spam:===<br />
<br />
===Case 2: Unauthorized Access:===<br />
<br />
===Case 3: Denial of Service:===<br />
<br />
===Case 4: Phishing:===<br />
<br />
<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8537DistOS-2011W Justice2011-03-15T16:13:31Z<p>Mchou2: /* Applying justice to computers */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Purpose of Justice:====<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
====Morality====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
<br />
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether the punishment to take place is teleological or retributive, the causing factor is the crime that has taken place. Before discussing about how justice can be applied to computers, it is important to understand the steps towards dealing justice to a human.<br />
<br />
===<u>Path to Justice for Humans</u>===<br />
<br />
====Mens Rea - state of the mind====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
====Computer Fraud and Abuse Act====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
====General Deterrence Theory (GDT)====<br />
<br />
In order to prevent some outcome from happening, there must be measures that have to be put into place to deter such an outcome. The idea of preventative measures is a common theme in management of crime and justice. Dating back to the days of when there was a king of Babylon named Hammurabi(1795-1750BC) who was well known for his code of laws. He had erected a black stone monument which could be viewed by the public. This stone monument had written upon it the laws that should be followed by man and society that were under his rule, including punishments that fit the crimes. This stone’s purpose was firstly to state what laws were to be followed, and secondly, by stating the laws and its consequences for not following, it was a sign of deterrence to whom might have done such things.[10] Deterrence has become a common idea when it comes to opposing forces/powers, as it was the basis behind the Cold War, one country building more weapons to deter the other from attacking, and the other way around too. [11] The GDT used in relation to cyber crimes mainly focuses on making rational decisions based on maximizing their benefits and minimizing the costs. <br />
<br />
( might be some more to write about here in this paper http://jrc.sagepub.com.proxy.library.carleton.ca/content/30/4/445.full.pdf+html)<br />
(more GDT And notes http://www.emeraldinsight.com/journals.htm?articleid=862814&show=abstract)<br />
<br />
Once the intent has been made and the actus reus is in place, the outcome that we are describing would be of the negative nature, where someone has now been maliciously attacked and is seeking out justice. In terms of computers, there are many human factors which limits our theme of justice in relation to computers.<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame will possible allow for a justice system to be implemented onto computers.<br />
<br />
(* talk about conclusion of how there is a partial solution using a morality counter between nodes, and check out http://www.witsa.org/papers/McConnell-cybercrime.pdf also)<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8517DistOS-2011W Justice2011-03-15T13:44:03Z<p>Mchou2: /* Applying justice to computers */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Purpose of Justice:====<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
====Morality====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
<br />
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether the punishment to take place is teleological or retributive, the causing factor is the crime that has taken place. Before discussing about how justice can be applied to computers, it is important to understand the steps towards dealing justice to a human.<br />
<br />
===<u>Path to Justice for Humans</u>===<br />
<br />
====Mens Rea - state of the mind====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
====Computer Fraud and Abuse Act====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
====General Deterrence Theory (GDT)====<br />
<br />
In order to prevent some outcome from happening, there must be measures that have to be put into place to deter such an outcome. The idea of preventative measures is a common theme in management of crime and justice. Dating back to the days of when there was a king of Babylon named Hammurabi(1795-1750BC) who was well known for his code of laws. He had erected a black stone monument which could be viewed by the public. This stone monument had written upon it the laws that should be followed by man and society that were under his rule, including punishments that fit the crimes. This stone’s purpose was firstly to state what laws were to be followed, and secondly, by stating the laws and its consequences for not following, it was a sign of deterrence to whom might have done such things.[10] Deterrence has become a common idea when it comes to opposing forces/powers, as it was the basis behind the Cold War, one country building more weapons to deter the other from attacking, and the other way around too. [11] The GDT used in relation to cyber crimes mainly focuses on making rational decisions based on maximizing their benefits and minimizing the costs. <br />
<br />
( might be some more to write about here in this paper http://jrc.sagepub.com.proxy.library.carleton.ca/content/30/4/445.full.pdf+html)<br />
(more GDT And notes http://www.emeraldinsight.com/journals.htm?articleid=862814&show=abstract)<br />
<br />
Once the intent has been made and the actus reus is in place, the outcome that we are describing would be of the negative nature, where someone has now been maliciously attacked and is seeking out justice. In terms of computers, there are many human factors which limits our theme of justice in relation to computers.<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will gain from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, as well as the performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
(* talk about conclusion of how there is a partial solution using a morality counter between nodes, and check out http://www.witsa.org/papers/McConnell-cybercrime.pdf also)<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8516DistOS-2011W Justice2011-03-15T13:42:33Z<p>Mchou2: /* Resources */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Purpose of Justice:====<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
====Morality====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
<br />
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether the punishment to take place is teleological or retributive, the causing factor is the crime that has taken place. Before discussing about how justice can be applied to computers, it is important to understand the steps towards dealing justice to a human.<br />
<br />
===<u>Path to Justice for Humans</u>===<br />
<br />
====Mens Rea - state of the mind====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
====Computer Fraud and Abuse Act====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
====General Deterrence Theory (GDT)====<br />
<br />
In order to prevent some outcome from happening, there must be measures that have to be put into place to deter such an outcome. The idea of preventative measures is a common theme in management of crime and justice. Dating back to the days of when there was a king of Babylon named Hammurabi(1795-1750BC) who was well known for his code of laws. He had erected a black stone monument which could be viewed by the public. This stone monument had written upon it the laws that should be followed by man and society that were under his rule, including punishments that fit the crimes. This stone’s purpose was firstly to state what laws were to be followed, and secondly, by stating the laws and its consequences for not following, it was a sign of deterrence to whom might have done such things.[10] Deterrence has become a common idea when it comes to opposing forces/powers, as it was the basis behind the Cold War, one country building more weapons to deter the other from attacking, and the other way around too. [11] The GDT used in relation to cyber crimes mainly focuses on making rational decisions based on maximizing their benefits and minimizing the costs. <br />
<br />
( might be some more to write about here in this paper http://jrc.sagepub.com.proxy.library.carleton.ca/content/30/4/445.full.pdf+html)<br />
(more GDT And notes http://www.emeraldinsight.com/journals.htm?articleid=862814&show=abstract)<br />
<br />
Once the intent has been made and the actus reus is in place, the outcome that we are describing would be of the negative nature, where someone has now been maliciously attacked and is seeking out justice. In terms of computers, there are many human factors which limits our theme of justice in relation to computers.<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. (**check out http://psycnet.apa.org/?fa=main.doiLanding&uid=1989-38473-001) The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will gain from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, as well as the performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
(* talk about conclusion of how there is a partial solution using a morality counter between nodes, and check out http://www.witsa.org/papers/McConnell-cybercrime.pdf also)<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998), [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991, [http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998, [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991, [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939, [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8515DistOS-2011W Justice2011-03-15T13:41:45Z<p>Mchou2: /* Resources */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Purpose of Justice:====<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
====Morality====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
<br />
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether the punishment to take place is teleological or retributive, the causing factor is the crime that has taken place. Before discussing about how justice can be applied to computers, it is important to understand the steps towards dealing justice to a human.<br />
<br />
===<u>Path to Justice for Humans</u>===<br />
<br />
====Mens Rea - state of the mind====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
====Computer Fraud and Abuse Act====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
====General Deterrence Theory (GDT)====<br />
<br />
In order to prevent some outcome from happening, there must be measures that have to be put into place to deter such an outcome. The idea of preventative measures is a common theme in management of crime and justice. Dating back to the days of when there was a king of Babylon named Hammurabi(1795-1750BC) who was well known for his code of laws. He had erected a black stone monument which could be viewed by the public. This stone monument had written upon it the laws that should be followed by man and society that were under his rule, including punishments that fit the crimes. This stone’s purpose was firstly to state what laws were to be followed, and secondly, by stating the laws and its consequences for not following, it was a sign of deterrence to whom might have done such things.[10] Deterrence has become a common idea when it comes to opposing forces/powers, as it was the basis behind the Cold War, one country building more weapons to deter the other from attacking, and the other way around too. [11] The GDT used in relation to cyber crimes mainly focuses on making rational decisions based on maximizing their benefits and minimizing the costs. <br />
<br />
( might be some more to write about here in this paper http://jrc.sagepub.com.proxy.library.carleton.ca/content/30/4/445.full.pdf+html)<br />
(more GDT And notes http://www.emeraldinsight.com/journals.htm?articleid=862814&show=abstract)<br />
<br />
Once the intent has been made and the actus reus is in place, the outcome that we are describing would be of the negative nature, where someone has now been maliciously attacked and is seeking out justice. In terms of computers, there are many human factors which limits our theme of justice in relation to computers.<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. (**check out http://psycnet.apa.org/?fa=main.doiLanding&uid=1989-38473-001) The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will gain from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, as well as the performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
(* talk about conclusion of how there is a partial solution using a morality counter between nodes, and check out http://www.witsa.org/papers/McConnell-cybercrime.pdf also)<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998)[http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part A)<br />
<br />
[8] Haeji Hong, ''Hacking Through the Computer Fraud and Abuse Act'', originally published in 24 U.C. DAVIS L. REV. 283 (1998)[http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ HTML] (part B)<br />
<br />
[9] 928 F. 2d 504 - Court of Appeals, ''US v. Morris'', 2nd Circuit 1991 ,[http://scholar.google.com/scholar_case?case=551386241451639668 HTML] (case file)<br />
<br />
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, ''Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE'', Translated by L. W. King, Paul Halsall March 1998 [http://www.fordham.edu/halsall/ancient/hamcode.html HTML] (Internet History Sourcebook)<br />
<br />
[11] Scott D. Sagan, ''Review: History, Analogy, and Deterrence Theory'', The MIT Press, 1991 [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText HTML] (book link)<br />
<br />
[12]Rollin M. Perkins, ''A Rationale of Mens Rea'', Harvard Law Review, 1939 [http://www.jstor.org/pss/1334184 HTML] (book link)<br />
<br />
[13] Marquis Beccaria, ''Of Crimes and Punishments'', Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819 [http://www.constitution.org/cb/crim_pun12.htm HTML] (essay translation)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8514DistOS-2011W Justice2011-03-15T12:55:53Z<p>Mchou2: /* Justice Involving Computers */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Purpose of Justice:====<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
====Morality====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
<br />
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether the punishment to take place is teleological or retributive, the causing factor is the crime that has taken place. Before discussing about how justice can be applied to computers, it is important to understand the steps towards dealing justice to a human.<br />
<br />
===<u>Path to Justice for Humans</u>===<br />
<br />
====Mens Rea - state of the mind====<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
====Computer Fraud and Abuse Act====<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
====General Deterrence Theory (GDT)====<br />
<br />
In order to prevent some outcome from happening, there must be measures that have to be put into place to deter such an outcome. The idea of preventative measures is a common theme in management of crime and justice. Dating back to the days of when there was a king of Babylon named Hammurabi(1795-1750BC) who was well known for his code of laws. He had erected a black stone monument which could be viewed by the public. This stone monument had written upon it the laws that should be followed by man and society that were under his rule, including punishments that fit the crimes. This stone’s purpose was firstly to state what laws were to be followed, and secondly, by stating the laws and its consequences for not following, it was a sign of deterrence to whom might have done such things.[10] Deterrence has become a common idea when it comes to opposing forces/powers, as it was the basis behind the Cold War, one country building more weapons to deter the other from attacking, and the other way around too. [11] The GDT used in relation to cyber crimes mainly focuses on making rational decisions based on maximizing their benefits and minimizing the costs. <br />
<br />
( might be some more to write about here in this paper http://jrc.sagepub.com.proxy.library.carleton.ca/content/30/4/445.full.pdf+html)<br />
(more GDT And notes http://www.emeraldinsight.com/journals.htm?articleid=862814&show=abstract)<br />
<br />
Once the intent has been made and the actus reus is in place, the outcome that we are describing would be of the negative nature, where someone has now been maliciously attacked and is seeking out justice. In terms of computers, there are many human factors which limits our theme of justice in relation to computers.<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. (**check out http://psycnet.apa.org/?fa=main.doiLanding&uid=1989-38473-001) The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will gain from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, as well as the performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
(* talk about conclusion of how there is a partial solution using a morality counter between nodes, and check out http://www.witsa.org/papers/McConnell-cybercrime.pdf also)<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ Journal] part A<br />
<br />
[8] [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ Journal] part B<br />
<br />
[9] [http://scholar.google.com/scholar_case?case=551386241451639668 link]<br />
<br />
[10] [http://www.fordham.edu/halsall/ancient/hamcode.html]<br />
<br />
[11] [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText]<br />
<br />
[12] [http://www.jstor.org/pss/1334184]<br />
<br />
[13] [http://www.constitution.org/cb/crim_pun12.htm]</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8513DistOS-2011W Justice2011-03-15T12:54:53Z<p>Mchou2: /* Justice Involving Computers */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Purpose of Justice:====<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
====Morality====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
<br />
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether the punishment to take place is teleological or retributive, the causing factor is the crime that has taken place. Before discussing about how justice can be applied to computers, it is important to understand the steps towards dealing justice to a human.<br />
<br />
====<u>Path to Justice for Humans</u>====<br />
<br />
===Mens Rea - state of the mind===<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
===Computer Fraud and Abuse Act===<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
===General Deterrence Theory (GDT)===<br />
<br />
In order to prevent some outcome from happening, there must be measures that have to be put into place to deter such an outcome. The idea of preventative measures is a common theme in management of crime and justice. Dating back to the days of when there was a king of Babylon named Hammurabi(1795-1750BC) who was well known for his code of laws. He had erected a black stone monument which could be viewed by the public. This stone monument had written upon it the laws that should be followed by man and society that were under his rule, including punishments that fit the crimes. This stone’s purpose was firstly to state what laws were to be followed, and secondly, by stating the laws and its consequences for not following, it was a sign of deterrence to whom might have done such things.[10] Deterrence has become a common idea when it comes to opposing forces/powers, as it was the basis behind the Cold War, one country building more weapons to deter the other from attacking, and the other way around too. [11] The GDT used in relation to cyber crimes mainly focuses on making rational decisions based on maximizing their benefits and minimizing the costs. <br />
<br />
( might be some more to write about here in this paper http://jrc.sagepub.com.proxy.library.carleton.ca/content/30/4/445.full.pdf+html)<br />
(more GDT And notes http://www.emeraldinsight.com/journals.htm?articleid=862814&show=abstract)<br />
<br />
Once the intent has been made and the actus reus is in place, the outcome that we are describing would be of the negative nature, where someone has now been maliciously attacked and is seeking out justice. In terms of computers, there are many human factors which limits our theme of justice in relation to computers.<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. (**check out http://psycnet.apa.org/?fa=main.doiLanding&uid=1989-38473-001) The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will gain from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, as well as the performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
(* talk about conclusion of how there is a partial solution using a morality counter between nodes, and check out http://www.witsa.org/papers/McConnell-cybercrime.pdf also)<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ Journal] part A<br />
<br />
[8] [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ Journal] part B<br />
<br />
[9] [http://scholar.google.com/scholar_case?case=551386241451639668 link]<br />
<br />
[10] [http://www.fordham.edu/halsall/ancient/hamcode.html]<br />
<br />
[11] [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText]<br />
<br />
[12] [http://www.jstor.org/pss/1334184]<br />
<br />
[13] [http://www.constitution.org/cb/crim_pun12.htm]</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8512DistOS-2011W Justice2011-03-15T11:33:59Z<p>Mchou2: </p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Purpose of Justice:====<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
====Morality====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
<br />
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether the punishment to take place is teleological or retributive, the causing factor is the crime that has taken place. Before discussing about how justice can be applied to computers, it is important to understand the steps towards dealing justice to a human.<br />
<br />
===Mens Rea - state of the mind===<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]<br />
<br />
===Computer Fraud and Abuse Act===<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]<br />
<br />
===General Deterrence Theory (GDT)===<br />
<br />
In order to prevent some outcome from happening, there must be measures that have to be put into place to deter such an outcome. The idea of preventative measures is a common theme in management of crime and justice. Dating back to the days of when there was a king of Babylon named Hammurabi(1795-1750BC) who was well known for his code of laws. He had erected a black stone monument which could be viewed by the public. This stone monument had written upon it the laws that should be followed by man and society that were under his rule, including punishments that fit the crimes. This stone’s purpose was firstly to state what laws were to be followed, and secondly, by stating the laws and its consequences for not following, it was a sign of deterrence to whom might have done such things.[10] Deterrence has become a common idea when it comes to opposing forces/powers, as it was the basis behind the Cold War, one country building more weapons to deter the other from attacking, and the other way around too. [11] The GDT used in relation to cyber crimes mainly focuses on making rational decisions based on maximizing their benefits and minimizing the costs. <br />
<br />
( might be some more to write about here in this paper http://jrc.sagepub.com.proxy.library.carleton.ca/content/30/4/445.full.pdf+html)<br />
(more GDT And notes http://www.emeraldinsight.com/journals.htm?articleid=862814&show=abstract)<br />
<br />
Once the intent has been made and the actus reus is in place, the outcome that we are describing would be of the negative nature, where someone has now been maliciously attacked and is seeking out justice. In terms of computers, there are many human factors which limits our theme of justice in relation to computers.<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. (**check out http://psycnet.apa.org/?fa=main.doiLanding&uid=1989-38473-001) The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will gain from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, as well as the performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]<br />
<br />
(* talk about conclusion of how there is a partial solution using a morality counter between nodes, and check out http://www.witsa.org/papers/McConnell-cybercrime.pdf also)<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[7] [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ Journal] part A<br />
<br />
[8] [http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ Journal] part B<br />
<br />
[9] [http://scholar.google.com/scholar_case?case=551386241451639668 link]<br />
<br />
[10] [http://www.fordham.edu/halsall/ancient/hamcode.html]<br />
<br />
[11] [http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText]<br />
<br />
[12] [http://www.jstor.org/pss/1334184]<br />
<br />
[13] [http://www.constitution.org/cb/crim_pun12.htm]</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8511DistOS-2011W Justice2011-03-15T11:27:57Z<p>Mchou2: /* Justice Involving Computers */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Purpose of Justice:====<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
====Morality====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
<br />
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether the punishment to take place is teleological or retributive, the causing factor is the crime that has taken place. Before discussing about how justice can be applied to computers, it is important to understand the steps towards dealing justice to a human.<br />
<br />
===Mens Rea - state of the mind===<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident. [7 http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ part A]<br />
<br />
===Computer Fraud and Abuse Act===<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8 http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ part B]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea. [9 http://scholar.google.com/scholar_case?case=551386241451639668]<br />
<br />
===General Deterrence Theory (GDT)===<br />
<br />
In order to prevent some outcome from happening, there must be measures that have to be put into place to deter such an outcome. The idea of preventative measures is a common theme in management of crime and justice. Dating back to the days of when there was a king of Babylon named Hammurabi(1795-1750BC) who was well known for his code of laws. He had erected a black stone monument which could be viewed by the public. This stone monument had written upon it the laws that should be followed by man and society that were under his rule, including punishments that fit the crimes. This stone’s purpose was firstly to state what laws were to be followed, and secondly, by stating the laws and its consequences for not following, it was a sign of deterrence to whom might have done such things. [10 http://www.fordham.edu/halsall/ancient/hamcode.html] Deterrence has become a common idea when it comes to opposing forces/powers, as it was the basis behind the Cold War, one country building more weapons to deter the other from attacking, and the other way around too. [11 http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText] The GDT used in relation to cyber crimes mainly focuses on making rational decisions based on maximizing their benefits and minimizing the costs. ( might be some more to write about here in this paper http://jrc.sagepub.com.proxy.library.carleton.ca/content/30/4/445.full.pdf+html)<br />
(more GDT And notes http://www.emeraldinsight.com/journals.htm?articleid=862814&show=abstract)<br />
<br />
Once the intent has been made and the actus reus is in place, the outcome that we are describing would be of the negative nature, where someone has now been maliciously attacked and is seeking out justice. In terms of computers, there are many human factors which limits our theme of justice in relation to computers.<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent. (12 http://www.jstor.org/pss/1334184) With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. (**check out http://psycnet.apa.org/?fa=main.doiLanding&uid=1989-38473-001) The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will gain from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, as well as the performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal. [http://www.constitution.org/cb/crim_pun12.htm]<br />
<br />
(* talk about conclusion of how there is a partial solution using a morality counter between nodes, and check out http://www.witsa.org/papers/McConnell-cybercrime.pdf also)<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8510DistOS-2011W Justice2011-03-15T11:25:50Z<p>Mchou2: /* Justice Involving Computers */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Purpose of Justice:====<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
====Morality====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
<br />
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether the punishment to take place is teleological or retributive, the causing factor is the crime that has taken place. Before discussing about how justice can be applied to computers, it is important to understand the steps towards dealing justice to a human.<br />
<br />
===Mens Rea - state of the mind===<br />
<br />
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident. [1 http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ part A]<br />
<br />
===Computer Fraud and Abuse Act===<br />
<br />
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[2 http://www.lawtechjournal.com/archives/blt/i3-hh.html#N_18_ part B]<br />
<br />
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea. [ 3 http://scholar.google.com/scholar_case?case=551386241451639668]<br />
<br />
===General Deterrence Theory (GDT)===<br />
<br />
In order to prevent some outcome from happening, there must be measures that have to be put into place to deter such an outcome. The idea of preventative measures is a common theme in management of crime and justice. Dating back to the days of when there was a king of Babylon named Hammurabi(1795-1750BC) who was well known for his code of laws. He had erected a black stone monument which could be viewed by the public. This stone monument had written upon it the laws that should be followed by man and society that were under his rule, including punishments that fit the crimes. This stone’s purpose was firstly to state what laws were to be followed, and secondly, by stating the laws and its consequences for not following, it was a sign of deterrence to whom might have done such things. [4 http://www.fordham.edu/halsall/ancient/hamcode.html] Deterrence has become a common idea when it comes to opposing forces/powers, as it was the basis behind the Cold War, one country building more weapons to deter the other from attacking, and the other way around too. [5 http://www.jstor.org.proxy.library.carleton.ca/stable/204567?&Search=yes&searchText=history%2Canalogy%2CAND&searchText=deterrence&list=hide&searchUri=%2Faction%2FdoBasicSearch%3Facc%3Don%26Query%3Dhistory%252Canalogy%252Cand%2Bdeterrence%26gw%3Djtx%26acc%3Don%26prq%3D204567%26Search%3DSearch%26hp%3D25%26wc%3Don%26acc%3Don&prevSearch=&item=1&ttl=5&returnArticleService=showFullText] The GDT used in relation to cyber crimes mainly focuses on making rational decisions based on maximizing their benefits and minimizing the costs. ( might be some more to write about here in this paper http://jrc.sagepub.com.proxy.library.carleton.ca/content/30/4/445.full.pdf+html)<br />
(more GDT And notes http://www.emeraldinsight.com/journals.htm?articleid=862814&show=abstract)<br />
<br />
Once the intent has been made and the actus reus is in place, the outcome that we are describing would be of the negative nature, where someone has now been maliciously attacked and is seeking out justice. In terms of computers, there are many human factors which limits our theme of justice in relation to computers.<br />
<br />
===Applying justice to computers===<br />
<br />
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent. (http://www.jstor.org/pss/1334184) With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings.<br />
(*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)<br />
<br />
<br />
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. (**check out http://psycnet.apa.org/?fa=main.doiLanding&uid=1989-38473-001) The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will gain from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, as well as the performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal. [http://www.constitution.org/cb/crim_pun12.htm]<br />
<br />
(* talk about conclusion of how there is a partial solution using a morality counter between nodes, and check out http://www.witsa.org/papers/McConnell-cybercrime.pdf also)<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8509DistOS-2011W Justice2011-03-15T08:32:17Z<p>Mchou2: /* Justice Involving Computers */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
<br />
<br />
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.<br />
<br />
====Sovereign Rule:====<br />
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]<br />
<br />
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]<br />
<br />
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system. <br />
<br />
====Corporal Punishment. Economic Punishment, and Prison:====<br />
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]<br />
<br />
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] <br />
Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]<br />
<br />
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.<br />
<br />
<br />
===<u>Addition Concepts Related to Justice</u>===<br />
<br />
====Purpose of Justice:====<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
====Morality====<br />
<br />
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6] <br />
<br />
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
<br />
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
The Justice Web is a possible implementation that uses the research we have done so far. It is essentially an incrementally-deployable network system that shares resources with users within the same Justice Web, based on a morality rating. Evidence is logged so that those within the Web may be held accountable, and those without may be recorded and watched for future misbehaviour.<br />
<br />
===What it is===<br />
<br />
The Justice Web is an implementation that treats a network as a distributed system. Resources are shared among the users, based on some measure of trust. As the web grows, more computers become linked to each other within the web, making it harder to manage trust given to each member of the Web. Also, the Web should provide some shared protection for those within the network against external attacks.<br />
<br />
Because of this, some sort of Justice System is needed to process evidence and sentence malicious computers. The Justice Web would need a computer or computers to act as the judge. After the judgement, the Justice Web would then need to enforce a penalty on the offender.<br />
<br />
===What it does===<br />
<br />
The Justice Web links multiple computers together to act as a distributed system. the amount of resources allotted to a member is dependent on their moral rating and trust. The most trusted computer would possibly be the leader of the Web, acting as the judge. To gather evidence a log is kept at each implementation node. This evidence is encrypted so that the user cannot tamper with it. <br />
<br />
The evidence is collected by the Justice Web, and handled by members with high level of trust. That is to say, the high computers within the system would essentially be able to define how much evidence is needed, as well as what punishment is to be handed out. The power high members are not absolute, but are capable of influencing a standard set of rules. Rulings are handled using common law, with a punishment handled in the same way as previous ones, unless explicitly changed by the high members. <br />
<br />
After the evidence is processed, and a ruling is made by the high members, the Justice Web must then enforce the punishment. For threats coming from outside the Web, each member of the Web is warned about the offender. Continued communication with the offender will be allowed, but if an infection does occur, the punishment for becoming infected would be more severe.<br />
<br />
As for offenders within the system, the morality rating attached to that member is affected, and the amount of trust is decreased. From a practical standpoint, the punishment would involve the restriction of resources accessible to the member, while increasing the workload of the member. The amount of trust increases over time, allowing the member to slowly gain more and more access to resources, but the morality rating would be kept the same so that it is made aware that the member has done wrong in the past.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:DistOS-2011W_Justice&diff=8450Talk:DistOS-2011W Justice2011-03-12T06:57:52Z<p>Mchou2: /* CFAA Computer Fraud and Abuse Act */</p>
<hr />
<div>==Meetings==<br />
<br />
===<u>Mar 01</u>===<br />
Early discussions on how we would define justice:<br />
* what are the components of justice?<br />
* should justice involve preventative measure or should it be strictly reactive?<br />
<br />
How would evidence be collected and logged?<br />
<br />
Discussions on what "punishment" means when referring to computers:<br />
* What can we do to punish or penalize computers?<br />
* Does it make sense to punish computers?<br />
<br />
Discussions on how human penal systems work:<br />
* do we want computer justice to be used to dissuade deviant behaviour or should it be used to punish those who have committed "bad" acts?<br />
* should we implement a system that catches/punishes all bad acts or just punish reported acts?<br />
* how will we classify deviant behaviour?<br />
** by the act itself <br />
** by the results of the act<br />
<br />
Discussed how there would need to be some sort of hierarchical justice system with figure heads who manage justice activities for their specific region:<br />
* collective internet justice: <b>Justice Web</b> or <b>JLA</b> (Justice Link Assessment)<br />
* each region patrolled by a justice managing unit:<br />
** Internet Batman (Gotham), Internet Superman (Metropolis), etc.<br />
<br />
Divided the task of finding research papers into 3 sections:<br />
* current ways to "punish" computers (Matthew)<br />
* ways to collect, log, categorize evidence of inappropriate behaviour (Thomas)<br />
* human methods of justice, various penal systems in our current and historical societies (Mike)<br />
<br />
===<u>Mar 03</u>===<br />
Initial discussions focused on how we were having difficulty finding papers related to the concept of justice in computers, so we focused on trying to determine exactly what justice should be in the realm of distributed computing:<br />
* punishing computers is difficult as computers do not care what task they are given, they just complete computations.<br />
* punishing people is not really the focus we need as that is what human laws are for.<br />
* if there is some way to punish a computer, does it make sense to punish computers that are being used for "bad" actions if the owner of the computer is unaware of this activity.<br />
** does this punishment really have a greater effect on the owner of the computer than the computer itself?<br />
<br />
Our new focus is to try and narrow down if the concept of justice actually has a place in distributed computing:<br />
* determine what purpose justice would serve...why would we have it?<br />
** if we decide justice is a necessary concept, the focus will become what is a "fair" way to apply punishment for "bad" actions.<br />
** if justice does not have a useful purpose then we must detail the reason that it is not beneficial.<br />
<br />
===<u>Mar 08</u>===<br />
*'''Definition of Justice''' - Can we separate the computer punishment from the user punishment?<br />
*'''Transparency''' - keeping "rap sheets" on what systems are doing/have done. If you were wrongfully accused for participating in a malicious attack, this can be clarified<br />
*'''Punishment''' - Computational puzzles for fighting unsolicited inbound traffic. <br />
*'''Morality rating''' - Systems get a "moral rating" that can go up or down. Based on this rating, more or less trust can be given to that system.<br />
<br />
<br />
<br />
Capital punishment? <br />
Financial sanction or imprisonment are our current way of punishment. they're expensive (maintain databases, keeping state, paying for prisons). <br />
<br />
bodily harm - limited time to perform. the fact that they've been punished is visible. losing hands, losing eyes, people can see that. information propagates because the authorities make an example of someone. <br />
<br />
maybe the solution is to restrict protocols if you have a low morality rating. for e.g., you can restrict encryption and compression, which means anything you do will be publicly visible.<br />
<br />
===<u>Mar 10</u>===<br />
<br />
* Offender Registration: Global list of morality registered for perusal of other networks.<br />
* Encrypted logs on client-side<br />
** Reporting with tangible evidence<br />
* Compensation for crimes<br />
* virus notification<br />
* detrimental to attacker buying a new computer, rather than total prevention<br />
** assumption that computer can always be identified<br />
* virus as umbrella group for mobile code<br />
** active attackers punished differently from passive attackers<br />
* Research Topics:<br />
** What is Justice?<br />
*** Mike<br />
** Justice in terms of computers.<br />
*** Matthew<br />
** Crime and Punishment.<br />
*** David<br />
** Justice Web<br />
*** Thomas McMahon<br />
<br />
==Research Documentation==<br />
<br />
===Virtual Punishment===<br />
I am currently reading a part of this book for some details on virtual punishment and a bit of history that this guy wrote about, but not sure if there is much there yet. [http://books.google.ca/books?hl=en&lr=&id=KacfpI0zYAUC&oi=fnd&pg=PA206&dq=punishing+computers&ots=YhI8lfMo1F&sig=c7MqOVjR-9QKjj5_ANi0yyxYiAA#v=onepage&q=punishing%20computers&f=false link] --[[User:Mchou2|Mchou2]] 03:29, 3 March 2011 (UTC)<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.101.2723&rep=rep1&type=pdf Responsible Computers?]<br />
<br />
===Theory of Justice===<br />
<br />
Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
* This book provides a view of Justice that may serve the purpose of distributed computing. Rawls describes justice as serving two primary functions; <br />
1. Assign rights and duties for the basic institutions of society.<br />
2. Describe the best way to distribute the benefits and burdens of society.<br />
*If we take this view of justice, as opposed to a penalty-centric view, then justice may have a place in distributed computing. For our purposes, justice could be the basic guidelines to which all members of a distributed society must conform in order for the system to be stable and efficient. Obviously this view is an "all-in" type approach and may be more difficult to describe in terms of being incrementally deployable.<br />
<br />
<br />
===The Birth of Prison===<br />
Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
* Foucault's book focuses on how punishment evolved from medevil methods "draw and quarter" to modern prison methods. These two methods of justiceare differentiated by the way in which punishment is carried out. For medevil, or "Monarchical Punishment", the population is discouraged from doing bad acts by the public, and brutal, way that punishment is exacted. The punishments included torture and executions. On the other hand, Foucault discusses "Disciplinary Punishment" where there are people deemed as experts who have power over the perpetrator of a "bad" act and handle the punishment of the individual. An example of this is a prison guard who determines how long a prisoner stays in jail.<br />
*For a distributed computing system, this provides a couple of ways that justice could be enforced. If we think of the general distributed system as a free zone in which computers can act how they wish but there are laws in place to describe "bad" acts. If a computer is caught and convicted of doing something against the described laws, then the computer could be tortured (forced to provide more resources to other computers), executed (completly removed from the system) or potentially placed under the care of a supervisor computer who will allow the "bad" computer to continue to participate in certain, restricted actions until the professional (supervisor) computer approves of releasing the "bad" computer back to the general system. The supervisor computer may actually be controlled by a human who is trying to resolve the issue on the offending computer.<br />
* Another concept worth investigating is that of Foucault's "Panopticon" which is a prison in which everything can be seen. This can also be extended from the strictly prison sense to the level of daily interactions between people and the idea of shame. Most rules are followed because of the knowledge that those around you will see what you have done and their view of you will change, you will have a social stygma. If this is adopted by the computers, through some reputation mechanism, then maybe distributed computing relationships could be formed and altered based on the actions conducted by individual computers.<br />
<br />
<br />
===Ecce Homo & The Anarchist===<br />
Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
* If we were going to add shame/stygma to computers, there would need to be some mechanism to manage what is good and what is bad. Nietzsche's work could provide a basis for this computer moral code as he describes two different forms of morality based on two different social position: "master-morality" and "slave-morality".<br />
** Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic.<br />
** Slave-morality is split on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.<br />
* Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
*If this morality was tied to the reputation component, then all computers would be able to know how other computers "socially" behave. This would further allow punishment methods, as described in the above Foucault section, to be handed out based on how "bad" a computer is and the affending computer can only be released when it's morality is deemed appropriate by the supervising (professional) computer.<br />
<br />
===Proof-of-Work===<br />
There has been a lot of research done in the area of computational puzzles to fight spam. The idea is that there is currently very little cost associated with sending spam (much less than .01c per email), so we want to make it a bit more "expensive" for spammers to achieve their goal. One solution is to have any email-sending computer perform some type of computational puzzle every time an email is sent. The result of the computation is appended to the email and can be verified by the recipient. One example is to find a string that when hashed gives a result smaller or larger than a specific value. You can statistically predict how long such a computation would take, and you could tweak it to be some particular value (10s, 1m, etc). <br />
<br />
I see this as being related to justice, because each self-governing entity can set up these proof-of-work requirements and adjust the difficulty for "trusted" entities and "untrusted" ones. The difficulty can also be increased for entities that misbehave, resulting in a kind of punishment. These punished systems would have to do more computation (e.g., 10m, 1hr) before they're allowed to communicate with someone else. <br />
<br />
I have some ideas on how you could technically do this, which we can discuss in class. And now some links:<br />
<br />
[https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6 https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6]<br />
[http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx]<br />
<br />
===Gathering Evidence===<br />
<br />
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4489680&tag=1<br />
<br />
Above is a paper that proposes using statistical data to differentiate between legitimate and illegitimate traffic during a DDoS attack. While the paper proposes the statistics to be used for blocking bad traffic, the same logic can be applied to gathering evidence against the attackers of a DDoS. It gets pretty heavy into the statistical analysis, so it'd probably be better to read the paper than me attempting to explain it. <br />
Basically, it's meant to detect a DDoS that is purposefully disguised as a traffic flood. This means that Justice can be properly served to malicious computers as opposed to too many computers wanting your resources.<br />
<br />
http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=01219052<br />
<br />
Above is a paper that discusses the idea of computer forensics, and what is needed in order to gather and manage evidence. Although it is meant to be applied to a human level of judgement, computers may be capable of processing this evidence effectively. Logs maintained by routers and local devices may be used as evidence, provided that there be a way to encrypt the data in a way that preserves the original form. It also discusses the challenge of presenting computer related evidence to non-technical jurors, but this is not a concern for computer level management. All that is required for computer forensics to work is additional software being run on select computers to process and preserve any evidence gathered.<br />
<br />
===CFAA Computer Fraud and Abuse Act===<br />
<br />
In terms of justice, there has been an act that has specifications to what cyber crimes and of what caliber they should be categorized in. One fundamental idea that is followed is the mens rea, which is defined as the "mental state" of a crime. "The Model Penal Code ("MPC") lists four levels of mens rea -- purposely, knowingly, recklessly, and negligently. The MPC categories range from the highest level, purposely, to the lowest level, negligently. These mens rea levels are further divided into high and low mens rea requirements. The high mens rea levels include acts criminals do intentionally and knowingly. The low mens rea levels include acts criminals do recklessly, negligently, and with strict liability. Criminals have a higher level of mens rea when their intent is more specific; therefore, they are more blameworthy. With these differing mens rea categories in mind, Congress drafted CFAA to address computer crimes occurring on the Internet."[http://www.lawtechjournal.com/archives/blt/i3-hh.html]<br />
<br />
Reading into the decisions they have made to update the CFAA brings up topics of how users who "intentionally" do harm, as well as users unknowingly participating, or even attempting to help the system by hurting it and fixing it ([http://scholar.google.com/scholar_case?case=551386241451639668 Morris]).<br />
<br />
Another note is that how there are laws and rules being made for humans to be penalized for such negative cyber actions, but even before penalty, it is important to setup a secure enough system that will try to mitigate such negative actions that can take place.Just as how workers in a business must be educated on detecting malicious software and other vulnerabilities in order to further secure the system. By setting up stand alone protection on each system would prevent the need to punish certain acts since they would be impossible to occur. [http://www.witsa.org/papers/McConnell-cybercrime.pdf Law is only part of the answer]</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:DistOS-2011W_Justice&diff=8433Talk:DistOS-2011W Justice2011-03-11T19:04:10Z<p>Mchou2: /* CFAA Computer Fraud and Abuse Act */</p>
<hr />
<div>==Meetings==<br />
<br />
===<u>Mar 01</u>===<br />
Early discussions on how we would define justice:<br />
* what are the components of justice?<br />
* should justice involve preventative measure or should it be strictly reactive?<br />
<br />
How would evidence be collected and logged?<br />
<br />
Discussions on what "punishment" means when referring to computers:<br />
* What can we do to punish or penalize computers?<br />
* Does it make sense to punish computers?<br />
<br />
Discussions on how human penal systems work:<br />
* do we want computer justice to be used to dissuade deviant behaviour or should it be used to punish those who have committed "bad" acts?<br />
* should we implement a system that catches/punishes all bad acts or just punish reported acts?<br />
* how will we classify deviant behaviour?<br />
** by the act itself <br />
** by the results of the act<br />
<br />
Discussed how there would need to be some sort of hierarchical justice system with figure heads who manage justice activities for their specific region:<br />
* collective internet justice: <b>Justice Web</b> or <b>JLA</b> (Justice Link Assessment)<br />
* each region patrolled by a justice managing unit:<br />
** Internet Batman (Gotham), Internet Superman (Metropolis), etc.<br />
<br />
Divided the task of finding research papers into 3 sections:<br />
* current ways to "punish" computers (Matthew)<br />
* ways to collect, log, categorize evidence of inappropriate behaviour (Thomas)<br />
* human methods of justice, various penal systems in our current and historical societies (Mike)<br />
<br />
===<u>Mar 03</u>===<br />
Initial discussions focused on how we were having difficulty finding papers related to the concept of justice in computers, so we focused on trying to determine exactly what justice should be in the realm of distributed computing:<br />
* punishing computers is difficult as computers do not care what task they are given, they just complete computations.<br />
* punishing people is not really the focus we need as that is what human laws are for.<br />
* if there is some way to punish a computer, does it make sense to punish computers that are being used for "bad" actions if the owner of the computer is unaware of this activity.<br />
** does this punishment really have a greater effect on the owner of the computer than the computer itself?<br />
<br />
Our new focus is to try and narrow down if the concept of justice actually has a place in distributed computing:<br />
* determine what purpose justice would serve...why would we have it?<br />
** if we decide justice is a necessary concept, the focus will become what is a "fair" way to apply punishment for "bad" actions.<br />
** if justice does not have a useful purpose then we must detail the reason that it is not beneficial.<br />
<br />
===<u>Mar 08</u>===<br />
*'''Definition of Justice''' - Can we separate the computer punishment from the user punishment?<br />
*'''Transparency''' - keeping "rap sheets" on what systems are doing/have done. If you were wrongfully accused for participating in a malicious attack, this can be clarified<br />
*'''Punishment''' - Computational puzzles for fighting unsolicited inbound traffic. <br />
*'''Morality rating''' - Systems get a "moral rating" that can go up or down. Based on this rating, more or less trust can be given to that system.<br />
<br />
<br />
<br />
Capital punishment? <br />
Financial sanction or imprisonment are our current way of punishment. they're expensive (maintain databases, keeping state, paying for prisons). <br />
<br />
bodily harm - limited time to perform. the fact that they've been punished is visible. losing hands, losing eyes, people can see that. information propagates because the authorities make an example of someone. <br />
<br />
maybe the solution is to restrict protocols if you have a low morality rating. for e.g., you can restrict encryption and compression, which means anything you do will be publicly visible.<br />
<br />
===<u>Mar 10</u>===<br />
<br />
* Offender Registration: Global list of morality registered for perusal of other networks.<br />
* Encrypted logs on client-side<br />
** Reporting with tangible evidence<br />
* Compensation for crimes<br />
* virus notification<br />
* detrimental to attacker buying a new computer, rather than total prevention<br />
** assumption that computer can always be identified<br />
* virus as umbrella group for mobile code<br />
** active attackers punished differently from passive attackers<br />
* Research Topics:<br />
** What is Justice?<br />
*** Mike<br />
** Justice in terms of computers.<br />
*** Matthew<br />
** Crime and Punishment.<br />
*** David<br />
** Justice Web<br />
*** Thomas McMahon<br />
<br />
==Research Documentation==<br />
<br />
===Virtual Punishment===<br />
I am currently reading a part of this book for some details on virtual punishment and a bit of history that this guy wrote about, but not sure if there is much there yet. [http://books.google.ca/books?hl=en&lr=&id=KacfpI0zYAUC&oi=fnd&pg=PA206&dq=punishing+computers&ots=YhI8lfMo1F&sig=c7MqOVjR-9QKjj5_ANi0yyxYiAA#v=onepage&q=punishing%20computers&f=false link] --[[User:Mchou2|Mchou2]] 03:29, 3 March 2011 (UTC)<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.101.2723&rep=rep1&type=pdf Responsible Computers?]<br />
<br />
===Theory of Justice===<br />
<br />
Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
* This book provides a view of Justice that may serve the purpose of distributed computing. Rawls describes justice as serving two primary functions; <br />
1. Assign rights and duties for the basic institutions of society.<br />
2. Describe the best way to distribute the benefits and burdens of society.<br />
*If we take this view of justice, as opposed to a penalty-centric view, then justice may have a place in distributed computing. For our purposes, justice could be the basic guidelines to which all members of a distributed society must conform in order for the system to be stable and efficient. Obviously this view is an "all-in" type approach and may be more difficult to describe in terms of being incrementally deployable.<br />
<br />
<br />
===The Birth of Prison===<br />
Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
* Foucault's book focuses on how punishment evolved from medevil methods "draw and quarter" to modern prison methods. These two methods of justiceare differentiated by the way in which punishment is carried out. For medevil, or "Monarchical Punishment", the population is discouraged from doing bad acts by the public, and brutal, way that punishment is exacted. The punishments included torture and executions. On the other hand, Foucault discusses "Disciplinary Punishment" where there are people deemed as experts who have power over the perpetrator of a "bad" act and handle the punishment of the individual. An example of this is a prison guard who determines how long a prisoner stays in jail.<br />
*For a distributed computing system, this provides a couple of ways that justice could be enforced. If we think of the general distributed system as a free zone in which computers can act how they wish but there are laws in place to describe "bad" acts. If a computer is caught and convicted of doing something against the described laws, then the computer could be tortured (forced to provide more resources to other computers), executed (completly removed from the system) or potentially placed under the care of a supervisor computer who will allow the "bad" computer to continue to participate in certain, restricted actions until the professional (supervisor) computer approves of releasing the "bad" computer back to the general system. The supervisor computer may actually be controlled by a human who is trying to resolve the issue on the offending computer.<br />
* Another concept worth investigating is that of Foucault's "Panopticon" which is a prison in which everything can be seen. This can also be extended from the strictly prison sense to the level of daily interactions between people and the idea of shame. Most rules are followed because of the knowledge that those around you will see what you have done and their view of you will change, you will have a social stygma. If this is adopted by the computers, through some reputation mechanism, then maybe distributed computing relationships could be formed and altered based on the actions conducted by individual computers.<br />
<br />
<br />
===Ecce Homo & The Anarchist===<br />
Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
* If we were going to add shame/stygma to computers, there would need to be some mechanism to manage what is good and what is bad. Nietzsche's work could provide a basis for this computer moral code as he describes two different forms of morality based on two different social position: "master-morality" and "slave-morality".<br />
** Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic.<br />
** Slave-morality is split on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.<br />
* Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
*If this morality was tied to the reputation component, then all computers would be able to know how other computers "socially" behave. This would further allow punishment methods, as described in the above Foucault section, to be handed out based on how "bad" a computer is and the affending computer can only be released when it's morality is deemed appropriate by the supervising (professional) computer.<br />
<br />
===Proof-of-Work===<br />
There has been a lot of research done in the area of computational puzzles to fight spam. The idea is that there is currently very little cost associated with sending spam (much less than .01c per email), so we want to make it a bit more "expensive" for spammers to achieve their goal. One solution is to have any email-sending computer perform some type of computational puzzle every time an email is sent. The result of the computation is appended to the email and can be verified by the recipient. One example is to find a string that when hashed gives a result smaller or larger than a specific value. You can statistically predict how long such a computation would take, and you could tweak it to be some particular value (10s, 1m, etc). <br />
<br />
I see this as being related to justice, because each self-governing entity can set up these proof-of-work requirements and adjust the difficulty for "trusted" entities and "untrusted" ones. The difficulty can also be increased for entities that misbehave, resulting in a kind of punishment. These punished systems would have to do more computation (e.g., 10m, 1hr) before they're allowed to communicate with someone else. <br />
<br />
I have some ideas on how you could technically do this, which we can discuss in class. And now some links:<br />
<br />
[https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6 https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6]<br />
[http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx]<br />
<br />
===Gathering Evidence===<br />
<br />
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4489680&tag=1<br />
<br />
Above is a paper that proposes using statistical data to differentiate between legitimate and illegitimate traffic during a DDoS attack. While the paper proposes the statistics to be used for blocking bad traffic, the same logic can be applied to gathering evidence against the attackers of a DDoS. It gets pretty heavy into the statistical analysis, so it'd probably be better to read the paper than me attempting to explain it. <br />
Basically, it's meant to detect a DDoS that is purposefully disguised as a traffic flood. This means that Justice can be properly served to malicious computers as opposed to too many computers wanting your resources.<br />
<br />
http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=01219052<br />
<br />
Above is a paper that discusses the idea of computer forensics, and what is needed in order to gather and manage evidence. Although it is meant to be applied to a human level of judgement, computers may be capable of processing this evidence effectively. Logs maintained by routers and local devices may be used as evidence, provided that there be a way to encrypt the data in a way that preserves the original form. It also discusses the challenge of presenting computer related evidence to non-technical jurors, but this is not a concern for computer level management. All that is required for computer forensics to work is additional software being run on select computers to process and preserve any evidence gathered.<br />
<br />
===CFAA Computer Fraud and Abuse Act===<br />
<br />
In terms of justice, there has been an act that has specifications to what cyber crimes and of what caliber they should be categorized in. One fundamental idea that is followed is the mens rea, which is defined as the "mental state" of a crime. "The Model Penal Code ("MPC") lists four levels of mens rea -- purposely, knowingly, recklessly, and negligently. The MPC categories range from the highest level, purposely, to the lowest level, negligently. These mens rea levels are further divided into high and low mens rea requirements. The high mens rea levels include acts criminals do intentionally and knowingly. The low mens rea levels include acts criminals do recklessly, negligently, and with strict liability. Criminals have a higher level of mens rea when their intent is more specific; therefore, they are more blameworthy. With these differing mens rea categories in mind, Congress drafted CFAA to address computer crimes occurring on the Internet."[http://www.lawtechjournal.com/archives/blt/i3-hh.html]<br />
<br />
Reading into the decisions they have made to update the CFAA brings up topics of how users who "intentionally" do harm, as well as users unknowingly participating, or even attempting to help the system by hurting it and fixing it ([http://scholar.google.com/scholar_case?case=551386241451639668 Morris]).</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:DistOS-2011W_Justice&diff=8426Talk:DistOS-2011W Justice2011-03-11T18:53:12Z<p>Mchou2: /* Research Documentation */</p>
<hr />
<div>==Meetings==<br />
<br />
===<u>Mar 01</u>===<br />
Early discussions on how we would define justice:<br />
* what are the components of justice?<br />
* should justice involve preventative measure or should it be strictly reactive?<br />
<br />
How would evidence be collected and logged?<br />
<br />
Discussions on what "punishment" means when referring to computers:<br />
* What can we do to punish or penalize computers?<br />
* Does it make sense to punish computers?<br />
<br />
Discussions on how human penal systems work:<br />
* do we want computer justice to be used to dissuade deviant behaviour or should it be used to punish those who have committed "bad" acts?<br />
* should we implement a system that catches/punishes all bad acts or just punish reported acts?<br />
* how will we classify deviant behaviour?<br />
** by the act itself <br />
** by the results of the act<br />
<br />
Discussed how there would need to be some sort of hierarchical justice system with figure heads who manage justice activities for their specific region:<br />
* collective internet justice: <b>Justice Web</b> or <b>JLA</b> (Justice Link Assessment)<br />
* each region patrolled by a justice managing unit:<br />
** Internet Batman (Gotham), Internet Superman (Metropolis), etc.<br />
<br />
Divided the task of finding research papers into 3 sections:<br />
* current ways to "punish" computers (Matthew)<br />
* ways to collect, log, categorize evidence of inappropriate behaviour (Thomas)<br />
* human methods of justice, various penal systems in our current and historical societies (Mike)<br />
<br />
===<u>Mar 03</u>===<br />
Initial discussions focused on how we were having difficulty finding papers related to the concept of justice in computers, so we focused on trying to determine exactly what justice should be in the realm of distributed computing:<br />
* punishing computers is difficult as computers do not care what task they are given, they just complete computations.<br />
* punishing people is not really the focus we need as that is what human laws are for.<br />
* if there is some way to punish a computer, does it make sense to punish computers that are being used for "bad" actions if the owner of the computer is unaware of this activity.<br />
** does this punishment really have a greater effect on the owner of the computer than the computer itself?<br />
<br />
Our new focus is to try and narrow down if the concept of justice actually has a place in distributed computing:<br />
* determine what purpose justice would serve...why would we have it?<br />
** if we decide justice is a necessary concept, the focus will become what is a "fair" way to apply punishment for "bad" actions.<br />
** if justice does not have a useful purpose then we must detail the reason that it is not beneficial.<br />
<br />
===<u>Mar 08</u>===<br />
*'''Definition of Justice''' - Can we separate the computer punishment from the user punishment?<br />
*'''Transparency''' - keeping "rap sheets" on what systems are doing/have done. If you were wrongfully accused for participating in a malicious attack, this can be clarified<br />
*'''Punishment''' - Computational puzzles for fighting unsolicited inbound traffic. <br />
*'''Morality rating''' - Systems get a "moral rating" that can go up or down. Based on this rating, more or less trust can be given to that system.<br />
<br />
<br />
<br />
Capital punishment? <br />
Financial sanction or imprisonment are our current way of punishment. they're expensive (maintain databases, keeping state, paying for prisons). <br />
<br />
bodily harm - limited time to perform. the fact that they've been punished is visible. losing hands, losing eyes, people can see that. information propagates because the authorities make an example of someone. <br />
<br />
maybe the solution is to restrict protocols if you have a low morality rating. for e.g., you can restrict encryption and compression, which means anything you do will be publicly visible.<br />
<br />
===<u>Mar 10</u>===<br />
<br />
* Offender Registration: Global list of morality registered for perusal of other networks.<br />
* Encrypted logs on client-side<br />
** Reporting with tangible evidence<br />
* Compensation for crimes<br />
* virus notification<br />
* detrimental to attacker buying a new computer, rather than total prevention<br />
** assumption that computer can always be identified<br />
* virus as umbrella group for mobile code<br />
** active attackers punished differently from passive attackers<br />
* Research Topics:<br />
** What is Justice?<br />
*** Mike<br />
** Justice in terms of computers.<br />
*** Matthew<br />
** Crime and Punishment.<br />
*** David<br />
** Justice Web<br />
*** Thomas McMahon<br />
<br />
==Research Documentation==<br />
<br />
===Virtual Punishment===<br />
I am currently reading a part of this book for some details on virtual punishment and a bit of history that this guy wrote about, but not sure if there is much there yet. [http://books.google.ca/books?hl=en&lr=&id=KacfpI0zYAUC&oi=fnd&pg=PA206&dq=punishing+computers&ots=YhI8lfMo1F&sig=c7MqOVjR-9QKjj5_ANi0yyxYiAA#v=onepage&q=punishing%20computers&f=false link] --[[User:Mchou2|Mchou2]] 03:29, 3 March 2011 (UTC)<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.101.2723&rep=rep1&type=pdf Responsible Computers?]<br />
<br />
===Theory of Justice===<br />
<br />
Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
* This book provides a view of Justice that may serve the purpose of distributed computing. Rawls describes justice as serving two primary functions; <br />
1. Assign rights and duties for the basic institutions of society.<br />
2. Describe the best way to distribute the benefits and burdens of society.<br />
*If we take this view of justice, as opposed to a penalty-centric view, then justice may have a place in distributed computing. For our purposes, justice could be the basic guidelines to which all members of a distributed society must conform in order for the system to be stable and efficient. Obviously this view is an "all-in" type approach and may be more difficult to describe in terms of being incrementally deployable.<br />
<br />
<br />
===The Birth of Prison===<br />
Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
* Foucault's book focuses on how punishment evolved from medevil methods "draw and quarter" to modern prison methods. These two methods of justiceare differentiated by the way in which punishment is carried out. For medevil, or "Monarchical Punishment", the population is discouraged from doing bad acts by the public, and brutal, way that punishment is exacted. The punishments included torture and executions. On the other hand, Foucault discusses "Disciplinary Punishment" where there are people deemed as experts who have power over the perpetrator of a "bad" act and handle the punishment of the individual. An example of this is a prison guard who determines how long a prisoner stays in jail.<br />
*For a distributed computing system, this provides a couple of ways that justice could be enforced. If we think of the general distributed system as a free zone in which computers can act how they wish but there are laws in place to describe "bad" acts. If a computer is caught and convicted of doing something against the described laws, then the computer could be tortured (forced to provide more resources to other computers), executed (completly removed from the system) or potentially placed under the care of a supervisor computer who will allow the "bad" computer to continue to participate in certain, restricted actions until the professional (supervisor) computer approves of releasing the "bad" computer back to the general system. The supervisor computer may actually be controlled by a human who is trying to resolve the issue on the offending computer.<br />
* Another concept worth investigating is that of Foucault's "Panopticon" which is a prison in which everything can be seen. This can also be extended from the strictly prison sense to the level of daily interactions between people and the idea of shame. Most rules are followed because of the knowledge that those around you will see what you have done and their view of you will change, you will have a social stygma. If this is adopted by the computers, through some reputation mechanism, then maybe distributed computing relationships could be formed and altered based on the actions conducted by individual computers.<br />
<br />
<br />
===Ecce Homo & The Anarchist===<br />
Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)<br />
* If we were going to add shame/stygma to computers, there would need to be some mechanism to manage what is good and what is bad. Nietzsche's work could provide a basis for this computer moral code as he describes two different forms of morality based on two different social position: "master-morality" and "slave-morality".<br />
** Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic.<br />
** Slave-morality is split on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.<br />
* Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.<br />
*If this morality was tied to the reputation component, then all computers would be able to know how other computers "socially" behave. This would further allow punishment methods, as described in the above Foucault section, to be handed out based on how "bad" a computer is and the affending computer can only be released when it's morality is deemed appropriate by the supervising (professional) computer.<br />
<br />
===Proof-of-Work===<br />
There has been a lot of research done in the area of computational puzzles to fight spam. The idea is that there is currently very little cost associated with sending spam (much less than .01c per email), so we want to make it a bit more "expensive" for spammers to achieve their goal. One solution is to have any email-sending computer perform some type of computational puzzle every time an email is sent. The result of the computation is appended to the email and can be verified by the recipient. One example is to find a string that when hashed gives a result smaller or larger than a specific value. You can statistically predict how long such a computation would take, and you could tweak it to be some particular value (10s, 1m, etc). <br />
<br />
I see this as being related to justice, because each self-governing entity can set up these proof-of-work requirements and adjust the difficulty for "trusted" entities and "untrusted" ones. The difficulty can also be increased for entities that misbehave, resulting in a kind of punishment. These punished systems would have to do more computation (e.g., 10m, 1hr) before they're allowed to communicate with someone else. <br />
<br />
I have some ideas on how you could technically do this, which we can discuss in class. And now some links:<br />
<br />
[https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6 https://tools.ietf.org/html/draft-jennings-sip-hashcash-06#page-6]<br />
[http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx http://research.microsoft.com/en-us/projects/pennyblack/spam-com.aspx]<br />
<br />
===Gathering Evidence===<br />
<br />
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4489680&tag=1<br />
<br />
Above is a paper that proposes using statistical data to differentiate between legitimate and illegitimate traffic during a DDoS attack. While the paper proposes the statistics to be used for blocking bad traffic, the same logic can be applied to gathering evidence against the attackers of a DDoS. It gets pretty heavy into the statistical analysis, so it'd probably be better to read the paper than me attempting to explain it. <br />
Basically, it's meant to detect a DDoS that is purposefully disguised as a traffic flood. This means that Justice can be properly served to malicious computers as opposed to too many computers wanting your resources.<br />
<br />
http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=01219052<br />
<br />
Above is a paper that discusses the idea of computer forensics, and what is needed in order to gather and manage evidence. Although it is meant to be applied to a human level of judgement, computers may be capable of processing this evidence effectively. Logs maintained by routers and local devices may be used as evidence, provided that there be a way to encrypt the data in a way that preserves the original form. It also discusses the challenge of presenting computer related evidence to non-technical jurors, but this is not a concern for computer level management. All that is required for computer forensics to work is additional software being run on select computers to process and preserve any evidence gathered.<br />
<br />
===CFAA Computer Fraud and Abuse Act===<br />
<br />
In terms of justice, there has been an act that has specifications to what cyber crimes and of what caliber they should be categorized in. One fundamental idea that is followed is the mens rea, which is defined as the "mental state" of a crime. "The Model Penal Code ("MPC") lists four levels of mens rea -- purposely, knowingly, recklessly, and negligently. The MPC categories range from the highest level, purposely, to the lowest level, negligently. These mens rea levels are further divided into high and low mens rea requirements. The high mens rea levels include acts criminals do intentionally and knowingly. The low mens rea levels include acts criminals do recklessly, negligently, and with strict liability. Criminals have a higher level of mens rea when their intent is more specific; therefore, they are more blameworthy. With these differing mens rea categories in mind, Congress drafted CFAA to address computer crimes occurring on the Internet."[http://www.lawtechjournal.com/archives/blt/i3-hh.html]</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8425DistOS-2011W Justice2011-03-11T18:52:33Z<p>Mchou2: /* Justice Involving Computers */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
<br />
<br />
'''***ADD MATERIAL ON HOBBES VIEW, FOUCOULT and NIETSCHE HERE***'''<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
A description of the Justice Web implementation discussed by our group.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8424DistOS-2011W Justice2011-03-11T18:51:41Z<p>Mchou2: /* Justice Involving Computers */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
<br />
<br />
'''***ADD MATERIAL ON HOBBES VIEW, FOUCOULT and NIETSCHE HERE***'''<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
'''CFAA - Computer Fraud and Abuse Act'''<br />
In terms of justice, there has been an act that has specifications to what cyber crimes and of what caliber they should be categorized in. One fundamental idea that is followed is the mens rea, which is defined as the "mental state" of a crime. "The Model Penal Code ("MPC") lists four levels of mens rea -- purposely, knowingly, recklessly, and negligently. The MPC categories range from the highest level, purposely, to the lowest level, negligently. These mens rea levels are further divided into high and low mens rea requirements. The high mens rea levels include acts criminals do intentionally and knowingly. The low mens rea levels include acts criminals do recklessly, negligently, and with strict liability. Criminals have a higher level of mens rea when their intent is more specific; therefore, they are more blameworthy. With these differing mens rea categories in mind, Congress drafted CFAA to address computer crimes occurring on the Internet."[http://www.lawtechjournal.com/archives/blt/i3-hh.html]<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
A description of the Justice Web implementation discussed by our group.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Justice&diff=8423DistOS-2011W Justice2011-03-11T18:51:22Z<p>Mchou2: /* Justice Involving Computers */</p>
<hr />
<div>==Members==<br />
* Matthew Chou<br />
* Mike Preston<br />
* Thomas McMahon<br />
* David Barrera<br />
<br />
Note: research so far moved to Discussion section.<br />
<br />
==What is Justice?==<br />
<br />
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.<br />
<br />
===<u>Theory of Justice</u>===<br />
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; '''Teleologic, Retributive,''' and '''Teleologic Retributive'''. [3]<br />
====Teleologic:====<br />
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]<br />
<br />
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.<br />
<br />
<br />
====Retributive:====<br />
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]<br />
<br />
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1] <br />
<br />
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system. <br />
<br />
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.<br />
<br />
<br />
====Teleologic Retributive:====<br />
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.<br />
<br />
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.<br />
<br />
<br />
===<u>Structure of Punishment</u>===<br />
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.<br />
<br />
<br />
<br />
'''***ADD MATERIAL ON HOBBES VIEW, FOUCOULT and NIETSCHE HERE***'''<br />
<br />
==Justice Involving Computers==<br />
<br />
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.<br />
<br />
*CFAA - Computer Fraud and Abuse Act<br />
In terms of justice, there has been an act that has specifications to what cyber crimes and of what caliber they should be categorized in. One fundamental idea that is followed is the mens rea, which is defined as the "mental state" of a crime. "The Model Penal Code ("MPC") lists four levels of mens rea -- purposely, knowingly, recklessly, and negligently. The MPC categories range from the highest level, purposely, to the lowest level, negligently. These mens rea levels are further divided into high and low mens rea requirements. The high mens rea levels include acts criminals do intentionally and knowingly. The low mens rea levels include acts criminals do recklessly, negligently, and with strict liability. Criminals have a higher level of mens rea when their intent is more specific; therefore, they are more blameworthy. With these differing mens rea categories in mind, Congress drafted CFAA to address computer crimes occurring on the Internet."[http://www.lawtechjournal.com/archives/blt/i3-hh.html]<br />
<br />
==Crime and Punishment==<br />
<br />
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.<br />
<br />
==Concept: Justice Web==<br />
<br />
A description of the Justice Web implementation discussed by our group.<br />
<br />
==Resources==<br />
[1] Posner, Richard A., ''Retirbution and Related Concepts of Punishment'', The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. [http://www.econ.brown.edu/fac/glenn_loury/louryhomepage/teaching/Ec%20222/posner_punishment.pdf PDF]<br />
<br />
[2] Rawls, John, <i>A Theory of Justice: Revised Edition</i>, Harvard University Press, 2003. [http://books.google.ca/books?hl=en&lr=&id=kvpby7HtAe0C&oi=fnd&pg=PR11&dq=concepts+of+justice&ots=tggvx5zc67&sig=s4OHDBhkpDzumtlH0mIUO7cbCys#v=onepage&q=concepts%20of%20justice&f=false PDF] (preview copy)<br />
<br />
[3] Ezorsky, Gertrude, ''Philosophical Perspectives on Punishment'', State University of New York Press, 1972. [http://books.google.ca/books?hl=en&lr=&id=Jba2lFg3KOMC&oi=fnd&pg=PR11&dq=concepts+of+punishment&ots=LuzbsNmWlg&sig=KTvWhaWMxIRslk38tZmucty-jNw#v=onepage&q=concepts%20of%20punishment&f=false HTML] (preview copy)<br />
<br />
[4] Hobbes, Thomas, ''The Leviathon'', first published 1651, republished by Forgotten Books, 2008. [http://books.google.ca/books?id=-Q4nPYeps6MC&pg=PR7&lpg=PR7&dq=the+leviathan&source=bl&ots=_vZA8CpLY0&sig=Wn_1z_Sqsx3-YA2dml2A458M_xU&hl=en&ei=V0R6TZT_D8XwrAGiz8zxBQ&sa=X&oi=book_result&ct=result&resnum=9&sqi=2&ved=0CFAQ6AEwCA#v=onepage&q&f=false HTML]<br />
<br />
[5] Foucault, Michel, <i>Discipline & Punish: The Birth of the Prison</i>, Random House, New York, 1995. [http://books.google.ca/books?hl=en&lr=&id=pWv1R2o_PWsC&oi=fnd&pg=PP9&dq=discipline+and+punish&ots=tL8pS67AAh&sig=L9PEOPaNiLAxYCkqF627K1la5Hw#v=onepage&q&f=false PDF] (preview copy)<br />
<br />
[6] Nietzsche, Friedrich, <i>Ecce Homo & The Anarchist</i> translated by Thomas Wayne, New York, 2004. [http://books.google.ca/books?hl=en&lr=&id=xx6IfcqRvbwC&oi=fnd&pg=PA1&dq=ecce+homo&ots=44YGJlQ3Hb&sig=nzwX1IBP-Qj-TOnlmBOqGWUk810#v=onepage&q&f=false PDF] (preview copy)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:DistOS-2011W_Justice&diff=7872Talk:DistOS-2011W Justice2011-03-03T03:32:08Z<p>Mchou2: /* Discussion */</p>
<hr />
<div>==Discussion== <br />
Put any notes or links you might have that you are currently reading or might want to read later so others can read them too!<br />
<br />
=Matthew=<br />
I am currently reading a part of this book for some details on virtual punishment and a bit of history that this guy wrote about, but not sure if there is much there yet. [http://books.google.ca/books?hl=en&lr=&id=KacfpI0zYAUC&oi=fnd&pg=PA206&dq=punishing+computers&ots=YhI8lfMo1F&sig=c7MqOVjR-9QKjj5_ANi0yyxYiAA#v=onepage&q=punishing%20computers&f=false link] --[[User:Mchou2|Mchou2]] 03:29, 3 March 2011 (UTC)<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.101.2723&rep=rep1&type=pdf Responsible Computers?]<br />
<br />
<br />
=Mike=<br />
<br />
<br />
=Thomas=</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=Talk:DistOS-2011W_Justice&diff=7871Talk:DistOS-2011W Justice2011-03-03T03:29:58Z<p>Mchou2: Created page with "=Discussion= Put any notes or links you might have that you are currently reading or might want to read later so others can read them too! I am currently reading a part of thi…"</p>
<hr />
<div>=Discussion= <br />
Put any notes or links you might have that you are currently reading or might want to read later so others can read them too!<br />
<br />
<br />
I am currently reading a part of this book for some details on virtual punishment and a bit of history that this guy wrote about, but not sure if there is much there yet. [http://books.google.ca/books?hl=en&lr=&id=KacfpI0zYAUC&oi=fnd&pg=PA206&dq=punishing+computers&ots=YhI8lfMo1F&sig=c7MqOVjR-9QKjj5_ANi0yyxYiAA#v=onepage&q=punishing%20computers&f=false link] --[[User:Mchou2|Mchou2]] 03:29, 3 March 2011 (UTC)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7792DistOS-2011W Globus2011-03-01T23:50:31Z<p>Mchou2: /* References */</p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit(1)], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC(2)], [http://folding.stanford.edu/ folding@home(3)], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor(4)].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here(5)]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false (6)]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite(7)], and [http://www.unicore.eu/ UNICORE(8)].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox(9)]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart(10) installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial(11)] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign(12)] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA(13)] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium(14)]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial(15)]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world(16)] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial. (self drawn)(16)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgment to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance web page would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit(17)] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knowledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
<br />
*(1) Globus Toolkit Homepage: Globus Alliance, Accessed: Feb 3,2011 [electronic source] http://www.globus.org/toolkit/<br />
*(2) BOINC Homepage: University of California, Accessed: Feb 3,2011 [electronic source] http://boinc.berkeley.edu/ <br />
*(3) Folding@home Homepage: Vijay Pande and Stanford University, Accessed: Feb 3,2011 [electronic source] http://folding.stanford.edu/<br />
*(4) Condor Homepage: Accessed: Feb 3,2011 [electronic source] http://www.cs.wisc.edu/condor/ <br />
*(5) List of distributed computing projects: Wikipedia, Accessed: Feb 8,2011 [electronic source] http://en.wikipedia.org/wiki/List_of_distributed_computing_projects <br />
*(6) Grid computing: making the global infrastructure a reality: Fran Berman, Geoffrey Fox, Anthony J. G. Hey,Published: John Wiley and Sons, 2003 , Accessed: Feb 19,2011 [electronic source link] [http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false]<br />
*(7) gLite Homepage: gLite, Accessed:Feb 5,2011 [electronic source] http://glite.cern.ch/ <br />
*(8) UNICORE Homepage: Jülich Supercomputing Centre, Accessed:Feb 5,2011 [electronic source] http://www.unicore.eu/ <br />
*(9) VirtualBox Homepage: ORACLE, Accessed: Feb 3,2011 [electronic source] http://www.virtualbox.org/<br />
*(10) GT 5.0 Quickstart: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ <br />
*(11) Installing GT 5.0.3: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ <br />
*(12) VeriSign Authentication services: Symantec Corporation, Accessed: Feb 15,2011 [electronic source] https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA <br />
*(13) Appendix C.Installing SimpleCA: Globus Alliance, Accessed: Feb 16,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca <br />
*(14) Globus Toolkit Tutorial: Globus Consortium, Accessed: Feb 20,2011 [electronic source] http://www.globusconsortium.org/tutorial/ <br />
*(15) The Globus Toolkit 4 Programmer's Tutorial: Borja Sotomayor, Accessed: Feb 21,2011 [electronic source] http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html <br />
*(16) HOW TO INSTALL GLOBUS AND WRITE A HELLO WORLD SERVICE: Drs. Wico Mulder Ing. A.M. Kuipers, November 2004, Version 0.22 [electronic source] http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf<br />
*(17) Virtual Data Toolkit: Open Science Grid (OSG), Accessed: Feb 23,2011 [electronic source] http://vdt.cs.wisc.edu/<br />
<br />
Reference relations:<br />
<br />
Installation: (1),(9),(10),(11),(13).<br />
<br />
Implementation tutorials: (14)Video filtering program, (15)Webservice, (16)Helloworld.<br />
<br />
Information:(1),(2),(3),(4),(5),(6),(7),(8),(12),(17).</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7791DistOS-2011W Globus2011-03-01T23:50:15Z<p>Mchou2: /* References */</p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit(1)], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC(2)], [http://folding.stanford.edu/ folding@home(3)], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor(4)].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here(5)]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false (6)]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite(7)], and [http://www.unicore.eu/ UNICORE(8)].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox(9)]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart(10) installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial(11)] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign(12)] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA(13)] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium(14)]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial(15)]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world(16)] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial. (self drawn)(16)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgment to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance web page would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit(17)] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knowledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
<br />
*(1) Globus Toolkit Homepage: Globus Alliance, Accessed: Feb 3,2011 [electronic source] http://www.globus.org/toolkit/<br />
*(2) BOINC Homepage: University of California, Accessed: Feb 3,2011 [electronic source] http://boinc.berkeley.edu/ <br />
*(3) Folding@home Homepage: Vijay Pande and Stanford University, Accessed: Feb 3,2011 [electronic source] http://folding.stanford.edu/<br />
*(4) Condor Homepage: Accessed: Feb 3,2011 [electronic source] http://www.cs.wisc.edu/condor/ <br />
*(5) List of distributed computing projects: Wikipedia, Accessed: Feb 8,2011 [electronic source] http://en.wikipedia.org/wiki/List_of_distributed_computing_projects <br />
*(6) Grid computing: making the global infrastructure a reality: Fran Berman, Geoffrey Fox, Anthony J. G. Hey,Published: John Wiley and Sons, 2003 , Accessed: Feb 19,2011 [electronic source link] [http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false]<br />
*(7) gLite Homepage: gLite, Accessed:Feb 5,2011 [electronic source] http://glite.cern.ch/ <br />
*(8) UNICORE Homepage: Jülich Supercomputing Centre, Accessed:Feb 5,2011 [electronic source] http://www.unicore.eu/ <br />
*(9) VirtualBox Homepage: ORACLE, Accessed: Feb 3,2011 [electronic source] http://www.virtualbox.org/<br />
*(10) GT 5.0 Quickstart: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ <br />
*(11) Installing GT 5.0.3: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ <br />
*(12) VeriSign Authentication services: Symantec Corporation, Accessed: Feb 15,2011 [electronic source] https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA <br />
*(13) Appendix C.Installing SimpleCA: Globus Alliance, Accessed: Feb 16,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca <br />
*(14) Globus Toolkit Tutorial: Globus Consortium, Accessed: Feb 20,2011 [electronic source] http://www.globusconsortium.org/tutorial/ <br />
*(15) The Globus Toolkit 4 Programmer's Tutorial: Borja Sotomayor, Accessed: Feb 21,2011 [electronic source] http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html <br />
*(16) HOW TO INSTALL GLOBUS AND WRITE A HELLO WORLD SERVICE: Drs. Wico Mulder Ing. A.M. Kuipers, November 2004, Version 0.22 [electronic source] http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf<br />
*(17) Virtual Data Toolkit: Open Science Grid (OSG), Accessed: Feb 23,2011 [electronic source] http://vdt.cs.wisc.edu/<br />
<br />
Reference relations:<br />
Installation: (1),(9),(10),(11),(13).<br />
Implementation tutorials: (14)Video filtering program, (15)Webservice, (16)Helloworld.<br />
Information:(1),(2),(3),(4),(5),(6),(7),(8),(12),(17).</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7787DistOS-2011W Globus2011-03-01T20:58:20Z<p>Mchou2: /* Hello World Implementation */</p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit(1)], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC(2)], [http://folding.stanford.edu/ folding@home(3)], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor(4)].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here(5)]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false (6)]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite(7)], and [http://www.unicore.eu/ UNICORE(8)].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox(9)]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart(10) installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial(11)] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign(12)] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA(13)] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium(14)]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial(15)]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world(16)] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial. (self drawn)(16)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgment to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance web page would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit(17)] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knowledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
<br />
*(1) Globus Toolkit Homepage: Globus Alliance, Accessed: Feb 3,2011 [electronic source] http://www.globus.org/toolkit/<br />
*(2) BOINC Homepage: University of California, Accessed: Feb 3,2011 [electronic source] http://boinc.berkeley.edu/ <br />
*(3) Folding@home Homepage: Vijay Pande and Stanford University, Accessed: Feb 3,2011 [electronic source] http://folding.stanford.edu/<br />
*(4) Condor Homepage: Accessed: Feb 3,2011 [electronic source] http://www.cs.wisc.edu/condor/ <br />
*(5) List of distributed computing projects: Wikipedia, Accessed: Feb 8,2011 [electronic source] http://en.wikipedia.org/wiki/List_of_distributed_computing_projects <br />
*(6) Grid computing: making the global infrastructure a reality: Fran Berman, Geoffrey Fox, Anthony J. G. Hey,Published: John Wiley and Sons, 2003 , Accessed: Feb 19,2011 [electronic source link] [http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false]<br />
*(7) gLite Homepage: gLite, Accessed:Feb 5,2011 [electronic source] http://glite.cern.ch/ <br />
*(8) UNICORE Homepage: Jülich Supercomputing Centre, Accessed:Feb 5,2011 [electronic source] http://www.unicore.eu/ <br />
*(9) VirtualBox Homepage: ORACLE, Accessed: Feb 3,2011 [electronic source] http://www.virtualbox.org/<br />
*(10) GT 5.0 Quickstart: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ <br />
*(11) Installing GT 5.0.3: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ <br />
*(12) VeriSign Authentication services: Symantec Corporation, Accessed: Feb 15,2011 [electronic source] https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA <br />
*(13) Appendix C.Installing SimpleCA: Globus Alliance, Accessed: Feb 16,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca <br />
*(14) Globus Toolkit Tutorial: Globus Consortium, Accessed: Feb 20,2011 [electronic source] http://www.globusconsortium.org/tutorial/ <br />
*(15) The Globus Toolkit 4 Programmer's Tutorial: Borja Sotomayor, Accessed: Feb 21,2011 [electronic source] http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html <br />
*(16) HOW TO INSTALL GLOBUS AND WRITE A HELLO WORLD SERVICE: Drs. Wico Mulder Ing. A.M. Kuipers, November 2004, Version 0.22 [electronic source] http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf<br />
*(17) Virtual Data Toolkit: Open Science Grid (OSG), Accessed: Feb 23,2011 [electronic source] http://vdt.cs.wisc.edu/</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7786DistOS-2011W Globus2011-03-01T20:57:17Z<p>Mchou2: /* References */</p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit(1)], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC(2)], [http://folding.stanford.edu/ folding@home(3)], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor(4)].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here(5)]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false (6)]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite(7)], and [http://www.unicore.eu/ UNICORE(8)].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox(9)]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart(10) installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial(11)] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign(12)] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA(13)] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium(14)]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial(15)]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world(16)] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgment to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance web page would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit(17)] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knowledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
<br />
*(1) Globus Toolkit Homepage: Globus Alliance, Accessed: Feb 3,2011 [electronic source] http://www.globus.org/toolkit/<br />
*(2) BOINC Homepage: University of California, Accessed: Feb 3,2011 [electronic source] http://boinc.berkeley.edu/ <br />
*(3) Folding@home Homepage: Vijay Pande and Stanford University, Accessed: Feb 3,2011 [electronic source] http://folding.stanford.edu/<br />
*(4) Condor Homepage: Accessed: Feb 3,2011 [electronic source] http://www.cs.wisc.edu/condor/ <br />
*(5) List of distributed computing projects: Wikipedia, Accessed: Feb 8,2011 [electronic source] http://en.wikipedia.org/wiki/List_of_distributed_computing_projects <br />
*(6) Grid computing: making the global infrastructure a reality: Fran Berman, Geoffrey Fox, Anthony J. G. Hey,Published: John Wiley and Sons, 2003 , Accessed: Feb 19,2011 [electronic source link] [http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false]<br />
*(7) gLite Homepage: gLite, Accessed:Feb 5,2011 [electronic source] http://glite.cern.ch/ <br />
*(8) UNICORE Homepage: Jülich Supercomputing Centre, Accessed:Feb 5,2011 [electronic source] http://www.unicore.eu/ <br />
*(9) VirtualBox Homepage: ORACLE, Accessed: Feb 3,2011 [electronic source] http://www.virtualbox.org/<br />
*(10) GT 5.0 Quickstart: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ <br />
*(11) Installing GT 5.0.3: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ <br />
*(12) VeriSign Authentication services: Symantec Corporation, Accessed: Feb 15,2011 [electronic source] https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA <br />
*(13) Appendix C.Installing SimpleCA: Globus Alliance, Accessed: Feb 16,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca <br />
*(14) Globus Toolkit Tutorial: Globus Consortium, Accessed: Feb 20,2011 [electronic source] http://www.globusconsortium.org/tutorial/ <br />
*(15) The Globus Toolkit 4 Programmer's Tutorial: Borja Sotomayor, Accessed: Feb 21,2011 [electronic source] http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html <br />
*(16) HOW TO INSTALL GLOBUS AND WRITE A HELLO WORLD SERVICE: Drs. Wico Mulder Ing. A.M. Kuipers, November 2004, Version 0.22 [electronic source] http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf<br />
*(17) Virtual Data Toolkit: Open Science Grid (OSG), Accessed: Feb 23,2011 [electronic source] http://vdt.cs.wisc.edu/</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7785DistOS-2011W Globus2011-03-01T20:57:00Z<p>Mchou2: /* References */</p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit(1)], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC(2)], [http://folding.stanford.edu/ folding@home(3)], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor(4)].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here(5)]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false (6)]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite(7)], and [http://www.unicore.eu/ UNICORE(8)].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox(9)]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart(10) installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial(11)] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign(12)] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA(13)] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium(14)]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial(15)]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world(16)] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgment to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance web page would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit(17)] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knowledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
<br />
*(1) Globus Toolkit Homepage: Globus Alliance, Accessed: Feb 3,2011 [electronic source] http://www.globus.org/toolkit/<br />
*(2) BOINC Homepage: University of California, Accessed: Feb 3,2011 [electronic source] http://boinc.berkeley.edu/ <br />
*(3) Folding@home Homepage: Vijay Pande and Stanford University, Accessed: Feb 3,2011 [electronic source] http://folding.stanford.edu/<br />
*(4) Condor Homepage: Accessed: Feb 3,2011 [electronic source] http://www.cs.wisc.edu/condor/ <br />
*(5) List of distributed computing projects: Wikipedia, Accessed: Feb 8,2011 [electronic source] http://en.wikipedia.org/wiki/List_of_distributed_computing_projects <br />
*(6) Grid computing: making the global infrastructure a reality: Fran Berman, Geoffrey Fox, Anthony J. G. Hey,Published: John Wiley and Sons, 2003 , Accessed: Feb 19,2011 [electronic source link] [http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false]<br />
*(7) gLite Homepage: gLite, Accessed:Feb 5,2011 [electronic source] http://glite.cern.ch/ <br />
*(8) UNICORE Homepage: Jülich Supercomputing Centre, Accessed:Feb 5,2011 [electronic source] http://www.unicore.eu/ <br />
*(9) VirtualBox Homepage: ORACLE, Accessed: Feb 3,2011 [electronic source] http://www.virtualbox.org/<br />
*(10) GT 5.0 Quickstart: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ <br />
*(11) Installing GT 5.0.3: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ <br />
*(12) VeriSign Authentication services: Symantec Corporation, Accessed: Feb 15,2011 [electronic source] https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA <br />
*(13) Appendix C.Installing SimpleCA: Globus Alliance, Accessed: Feb 16,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca <br />
*(14) Globus Toolkit Tutorial: Globus Consortium, Accessed: Feb 20,2011 [electronic source] http://www.globusconsortium.org/tutorial/ <br />
*(15) The Globus Toolkit 4 Programmer's Tutorial: Borja Sotomayor, Accessed: Feb 21,2011 [electronic source] http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html <br />
*(16) HOW TO INSTALL GLOBUS AND WRITE A HELLO WORLD SERVICE: Drs. Wico Mulder Ing. A.M. Kuipers, November 2004, Version 0.22 [electronic source] http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world<br />
*(17) Virtual Data Toolkit: Open Science Grid (OSG), Accessed: Feb 23,2011 [electronic source] http://vdt.cs.wisc.edu/</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7784DistOS-2011W Globus2011-03-01T20:38:50Z<p>Mchou2: /* References */</p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit(1)], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC(2)], [http://folding.stanford.edu/ folding@home(3)], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor(4)].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here(5)]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false (6)]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite(7)], and [http://www.unicore.eu/ UNICORE(8)].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox(9)]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart(10) installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial(11)] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign(12)] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA(13)] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium(14)]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial(15)]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world(16)] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgment to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance web page would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit(17)] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knowledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
<br />
*(1) Globus Toolkit Homepage: Globus Alliance, Accessed: Feb 3,2011 [electronic source] http://www.globus.org/toolkit/<br />
*(2) BOINC Homepage: University of California, Accessed: Feb 3,2011 [electronic source] http://boinc.berkeley.edu/ <br />
*(3) Folding@home Homepage: Vijay Pande and Stanford University, Accessed: Feb 3,2011 [electronic source] http://folding.stanford.edu/<br />
*(4) Condor Homepage: Accessed: Feb 3,2011 [electronic source] http://www.cs.wisc.edu/condor/ <br />
*(5) List of distributed computing projects: Wikipedia, Accessed: Feb 8,2011 [electronic source] http://en.wikipedia.org/wiki/List_of_distributed_computing_projects <br />
*(6) Grid computing: making the global infrastructure a reality: Fran Berman, Geoffrey Fox, Anthony J. G. Hey,Published: John Wiley and Sons, 2003 , Accessed: Feb 19,2011 [electronic source link] [http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false]<br />
*(7) gLite Homepage: gLite, Accessed:Feb 5,2011 [electronic source] http://glite.cern.ch/ <br />
*(8) UNICORE Homepage: Jülich Supercomputing Centre, Accessed:Feb 5,2011 [electronic source] http://www.unicore.eu/ <br />
*(9) VirtualBox Homepage: ORACLE, Accessed: Feb 3,2011 [electronic source] http://www.virtualbox.org/<br />
*(10) GT 5.0 Quickstart: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ <br />
*(11) Installing GT 5.0.3: Globus Alliance, Accessed: Feb 10,2011 [electronic source] http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ <br />
https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign[12]<br />
http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA[13]<br />
http://www.globusconsortium.org/tutorial/ Globus Consortium[14]<br />
[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial[15]]<br />
[http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world[16]<br />
<br />
http://vdt.cs.wisc.edu/ Virtual Data Kit(17<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7774DistOS-2011W Globus2011-03-01T20:15:02Z<p>Mchou2: /* References */</p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit(1)], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC(2)], [http://folding.stanford.edu/ folding@home(3)], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor(4)].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here(5)]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false (6)]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite(7)], and [http://www.unicore.eu/ UNICORE(8)].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox(9)]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart(10) installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial(11)] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign(12)] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA(13)] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium(14)]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial(15)]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world(16)] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgment to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance web page would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit(17)] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knowledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
<br />
*(1) Globus Toolkit Homepage: Globus Alliance, Accessed: Feb 3,2011 [electronic source] http://www.globus.org/toolkit/<br />
*(2) BOINC Homepage: University of California, Accessed: Feb 3,2011 [electronic source] http://boinc.berkeley.edu/ <br />
*(3) Folding@home Homepage: Vijay Pande and Stanford University, Accessed: Feb 3,2011 [electronic source] http://folding.stanford.edu/<br />
*(4) Condor http://www.cs.wisc.edu/condor/ Condor[4]<br />
http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here[5]<br />
http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false [6]<br />
http://glite.cern.ch/ glite[7].<br />
http://www.unicore.eu/ UNICORE[8]<br />
http://www.virtualbox.org/ Oracle VM VirtualBox[9]<br />
http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart[10] <br />
http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial[11]<br />
https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign[12]<br />
http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA[13]<br />
http://www.globusconsortium.org/tutorial/ Globus Consortium[14]<br />
[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial[15]]<br />
[http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world[16]<br />
<br />
http://vdt.cs.wisc.edu/ Virtual Data Kit(17<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7771DistOS-2011W Globus2011-03-01T19:58:28Z<p>Mchou2: /* Conclusion */</p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit(1)], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC(2)], [http://folding.stanford.edu/ folding@home(3)], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor(4)].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here(5)]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false (6)]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite(7)], and [http://www.unicore.eu/ UNICORE(8)].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox(9)]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart(10) installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial(11)] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign(12)] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA(13)] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium(14)]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial(15)]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world(16)] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgment to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance web page would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit(17)] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knowledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7770DistOS-2011W Globus2011-03-01T19:57:43Z<p>Mchou2: </p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit(1)], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC(2)], [http://folding.stanford.edu/ folding@home(3)], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor(4)].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here(5)]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false (6)]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite(7)], and [http://www.unicore.eu/ UNICORE(8)].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox(9)]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart(10) installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial(11)] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign(12)] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA(13)] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium(14)]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial(15)]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world(16)] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgment to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance web page would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knowledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7769DistOS-2011W Globus2011-03-01T19:53:16Z<p>Mchou2: </p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit(1)], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC[2]], [http://folding.stanford.edu/ folding@home[3]], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor[4]].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here[5]]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false [6]]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite[7]], and [http://www.unicore.eu/ UNICORE[8]].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox[9]]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart[10] installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial[11]] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign[12]] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA[13]] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium[14]]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial[15]]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world[16]] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgement to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance webpage would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knownledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7768DistOS-2011W Globus2011-03-01T19:52:41Z<p>Mchou2: </p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit[1]]], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC[2]], [http://folding.stanford.edu/ folding@home[3]], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor[4]].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here[5]]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false [6]]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite[7]], and [http://www.unicore.eu/ UNICORE[8]].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox[9]]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart[10] installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial[11]] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign[12]] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA[13]] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium[14]]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial[15]]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world[16]] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgement to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance webpage would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knownledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7767DistOS-2011W Globus2011-03-01T19:52:32Z<p>Mchou2: </p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit[1] ], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC[2]], [http://folding.stanford.edu/ folding@home[3]], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor[4]].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here[5]]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false [6]]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite[7]], and [http://www.unicore.eu/ UNICORE[8]].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox[9]]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart[10] installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial[11]] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign[12]] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA[13]] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium[14]]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial[15]]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world[16]] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgement to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance webpage would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knownledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7766DistOS-2011W Globus2011-03-01T19:52:03Z<p>Mchou2: </p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit[1]], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC[2]], [http://folding.stanford.edu/ folding@home[3]], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor[4]].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here[5]]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false [6]]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite[7]], and [http://www.unicore.eu/ UNICORE[8]].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox[9]]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart[10] installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial[11]] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccurring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign[12]] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA[13]] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium[14]]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial[15]]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world[16]] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must delegate the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgement to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance webpage would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knownledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7765DistOS-2011W Globus2011-03-01T19:37:26Z<p>Mchou2: </p>
<hr />
<div>Matthew Chou<br />
<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC], [http://folding.stanford.edu/ folding@home], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite], and [http://www.unicore.eu/ UNICORE].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccuring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must be thresholded on the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgement to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance webpage would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knownledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7733DistOS-2011W Globus2011-03-01T17:18:47Z<p>Mchou2: /* Hello World Implementation */</p>
<hr />
<div>Matthew Chou<br />
[[File:Toolkit logo 200 noname.png|thumb|alt=Example alt text|Globus Toolkit]]<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC], [http://folding.stanford.edu/ folding@home], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite], and [http://www.unicore.eu/ UNICORE].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccuring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial(Drawn by myself)]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must be thresholded on the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgement to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance webpage would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knownledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7732DistOS-2011W Globus2011-03-01T17:18:23Z<p>Mchou2: /* Hello World Implementation */</p>
<hr />
<div>Matthew Chou<br />
[[File:Toolkit logo 200 noname.png|thumb|alt=Example alt text|Globus Toolkit]]<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC], [http://folding.stanford.edu/ folding@home], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite], and [http://www.unicore.eu/ UNICORE].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccuring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Comp_4000.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must be thresholded on the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgement to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance webpage would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knownledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=File:Comp_4000.png&diff=7731File:Comp 4000.png2011-03-01T17:17:42Z<p>Mchou2: </p>
<hr />
<div></div>Mchou2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Globus&diff=7422DistOS-2011W Globus2011-02-24T09:50:19Z<p>Mchou2: /* Hello World Implementation */</p>
<hr />
<div>Matthew Chou<br />
[[File:Toolkit logo 200 noname.png|thumb|alt=Example alt text|Globus Toolkit]]<br />
=Introduction=<br />
The system that I have attempted to implement was the [http://www.globus.org/toolkit/ Globus Toolkit], and from my current knowledge and understanding it seems quite difficult to create software that can be used on a grid system. While searching for different distributed systems I have come across different systems that are utilized for various fields of research, such as [http://boinc.berkeley.edu/ BOINC], [http://folding.stanford.edu/ folding@home], and many other @home projects as well as [http://www.cs.wisc.edu/condor/ Condor].(list can be found [http://en.wikipedia.org/wiki/List_of_distributed_computing_projects here]) Seeing as there are many of these types of systems being used around the world, I thought it would interesting to see what steps it would take to implement such a system and to see if I could get something to run on them.<br />
<br />
<br />
'''Background'''<br />
<br />
The basis of grid computing has been around for quite some time, starting with super computers which have many processors and vasts amounts of memory working under one machine. The idea behind a supercomputer, allowing the power of many machines to be run under one machine gives that one "single" machine a large threshold of computational power, and that itself is the idea that is to be implemented in grid computing. Multiple machines across various geographic distances working together to give power to any one machine that requires it. The thought of such a system seems like an obvious task to do, but with such a system it gives rise to different implementation issues that current operating systems have to deal with, such as heterogeneity, scalability, and adaptability[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false]. Heterogeneity refers to having standards of use and data that the grid can follow so that when other domains are part of the grid there is no problems with integration and usage of the grid. Scalability is necessary for when the grid size increases because of the scalability of application usage on the grid and the organization/management of jobs distributed across it. Adaptability is also necessary because at any given point a node on the grid may go down and the job it had been doing must be done by another node, so with increased scalability the grid can utilize multiple nodes to adapt to dropped nodes as well as malicious nodes who might attempt to do incorrect jobs. The job of the Globus Toolkit is being the middleware, which provides the services that allow for grid computing to work successfully. Other known middleware implementations are [http://glite.cern.ch/ glite], and [http://www.unicore.eu/ UNICORE].<br />
<br />
<br />
The following paper will go over the steps that I took to install the Globus Toolkit;including details of the certification process from SimpleCA, implementing a "Hello, world" application on it, and discussion of my thoughts on the ease of installation but hard implementation of applications on a grid computing system.<br />
<br />
=Installation=<br />
==Environment Setup ==<br />
On my journey to installing the Globus Toolkit, I have decided upon installing the latest version available which is the Globus Toolkit 5.0.3. [[File:Screenshot1.png|thumb|alt=Example alt text|Pre-requisite check]]This grid implementation must be installed on a UNIX based OS which I chose to be Ubuntu 10.10 on a virtual machine operated under [http://www.virtualbox.org/ Oracle VM VirtualBox]. The installation instructions I followed had a [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/ quickstart installation tutorial] and an [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/ Admin Guide tutorial] which I both read because some of the instructions were more simply explained in the quickstart tutorial than the Admin Guide. If I were to suggest how to set up one's environment, I would recommend following the Admin Guide and using the quickstart as a reference. The quickstart guide gives a list of required software that can be checked with a few simple commands in the terminal that check the versions/existence of '''openssl''', '''libssl''', '''zlib''', '''gcc''', '''g++''', '''tar''', '''sed''', and''' make'''. There are specific instructions on each type of platform before installing the toolkit so make sure to check and see if you have any additional steps or compatibility issues that you should be aware of. There are some additional packages that need to be installed for implementing the hello world application, as well as some optional software such as a relational database, for this I installed PostgreSQL and psqlODBC which is the driver for PostgreSQL. Setting up the environment was easy enough to do for me to say that anyone should be able to follow the tutorial up to this point.<br />
<br />
==Globus Toolkit Installation==<br />
Before installing the toolkit itself, its good to understand the model that the Globus Toolkit is to follow. There will be a host, node A, which has a client, node B, as well as a Certificate Authority, node C (certificates explained in the next section). The host has clients who connect and can ask for jobs to be completed which is managed by the host, almost like a thread scheduler in an operating system, it manages the jobs that are given. The difference would be that the host has to also manage the resources being shared and it provides services such as control over Computing / Processing Power (GRAM), Data Management (GridFTP, DAI, RLS), Monitoring/Discovery (MDS), and Authorization/Security (CAS). The grid system is supposed to be used upon multiple machines, but for the sake of testing/simulation, it can be simply implemented upon a single computer, and then later branched out to other nodes if you wanted. <br />
<br />
There are a couple of reoccuring steps that are necessary for the installation steps given to work. The first one being the creation of a non-privileged user named "'''globus'''", who is to perform the administrative tasks and deploy services, so the "globus" user would be the host node. I then made a directory to where I was going to install the toolkit and gave read/write permissions to the "globus" user on that folder. The next thing I had to do was sign in as the globus user and set the GLOBUS_LOCATION variable to the directory I had made by using the<br />
globus@globus:export GLOBUS_LOCATION=/usr/local/globus-5.0.3<br />
command in the terminal. The directory should contain the contents of the Globus Toolkit installation tar which can be downloaded from [http://www.globus.org/toolkit/downloads/ here]. The GLOBUS_LOCATION variable should be always set since the tutorial asks for its use very often.<br />
Then I ran <br />
globus@globus:./configure --prefix=$GLOBUS_LOCATION <br />
globus@globus:make<br />
and it took approximately 30 minutes on my computer, then I ran <br />
globus@globus:make install<br />
If you have followed all of the steps before hand correctly, there shouldn't be any errors occurring, if there is then it most likely will be some error of the genre of "missing library" or something that can be easily installed. At the end of the installation I found myself relieved of the completed installation and thought to myself that this was not so hard to install, so at this point it seems that using the Toolkit is not so difficult after all.<br />
<br />
== Certification ==<br />
The certification process is used in a Globus grid because of the security/authentication that is necessary for a scalable system to operate. If any random node in the world wanted to participate in the grid and use[[File:Screenshot2.png|thumb|alt=Example alt text|SimpleCA setup]][[File:Screenshot5.png|thumb|alt=Example alt text|User Certificate Request]]<br />
it or even abuse it without being accountable, it would not only cause possible harm to the work that is trying to be done on the grid, but also it will require the grid to be closely managed for these random inconsistencies in service and bad data. The system itself already tries to maintain the purity of nodes by doing multiple instances of the same operations over many nodes to have consistent results, as well as marking the nodes that may be malicious would be a nightmare if there was no certification process being implemented. The certification process allows for the host to know that a user is indeed a trusted user and that some organization is held responsible for vouching for this user. In real world implementations the Certified Authority(CA) (the one who signs the certificate) would normally be of some trusted organization such as how [https://www.verisign.com/ts-sem-page/?sl=t72320166440000002&gclid=CJH6qpyNoKcCFac65QodPjU4cA VeriSign] operates, but in the case of my testings I will simply allow for the globus user to be the CA. I used the tool that the toolkit supports called [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/install/#gtadmin-simpleca SimpleCA] which provides a wrapper around the OpenSSL CA functionality and is sufficient for simple Grid services.<br />
<br />
'''SimpleCA'''<br />
The SimpleCA allows a user to become the CA for a grid and permits the CA to sign certificates that it has been issued for the grid host. Following the SimpleCA was easy since it provided a script that can be run that will ask for certain fields to be completed. An important thing to note was the email you set your CA to, because anytime a new user wanted to be part of that grid, it would need to email a certificate to the CA email so that it can be signed and returned. The next thing to note was the expiration date of the CA certificate, since after some point it is good practice for the CA to have to renew its certification. The default is set to 5 years(1825 days), so I left it as default. The most important thing to memorize is the CA PEM because this password is used for the CA to sign each certificate that they are given, a CA without the password is a useless CA and would require re-certification, which mean running the script again. One issue that I came across which was not mentioned in the tutorial was the installation of globus-gsi-cert-utils-progs package which is necessary for the signing process. After creating a CA profile it is necessary as they have noted, to execute the command <br />
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_Hash_setup/setup-gsi -default <br />
which completes the CA setup process. What is the point of a CA without a host/client relationship to sign certificates for, so therefore creating a host certificate is the next step i took. <br />
<br />
On my host node(root account) I requested a certificate by calling<br />
grid-cert-request -host 'hostname'<br />
This created 3 files: <br />
*/etc/grid-security/hostkey.pem <br />
*/etc/grid-security/hostcert_request.pem <br />
*/etc/grid-security/hostcert.pem (which is empty)<br />
<br />
One of the complications of creating a grid is the organization and consideration of which account/node is responsible for which service. I imagine if you were to implement this system as a team it would be a lot more simple and easier to manage. The empty hostcert.pem file is empty because it has yet to be signed by the CA. Hopping onto the CA(globus) I use the <br />
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem <br />
command and the CA password to verify the CA identity to create a signed certificate. This hostsigned.pem should then be copied over into the ''' /etc/grid-security/''' directory and be renamed as '''hostcert.pem''' to replace the empty one. After the host has been signed, users may now request certificates with the '''grid-cert-request''' command, but will have to email the certificate manually to the CA so that the CA can sign it just as it did for the host, then return the signed.pem file so that it can be renamed usercert.pem so that it replaces the empty one that was made during the certification request. There are further instructions in the tutorial about how to configure the certification upon multiple machines by copying over a package generated by the SimpleCA service, but I did not use multiple machines so I will not go into that detail, but by reading over it quickly, it doesn't seem that it would be too difficult to implement.<br />
<br />
= Evaluation of Installation =<br />
After installing the toolkit and setting up the certification process brings the tutorial to a point where the additional information is for extra services and options that include firewall security, data management, execution management, and usage statistics. Setting up the environment was not hard but tedious, as for the installation of the toolkit itself was not hard but it took the most time because of the unpacking and creation of files. Setting up the SimpleCA was a little more tricky because of the constant switching of accounts, but once again, it would probably easier to manage had I been working with a group to implement this system. I flipped through the rest of the tutorial on installing the toolkit and saw that utilizing the other services such as a firewall, GridFTP, and GRAM5(used to measure usage) would take a lot more time and perhaps a little more knownledge of networking and capturing services to fully understand and use. There is definitely some areas in the installation tutorial which could be reworded, such as in the section '''5.1 Set environment variables'''. They stated:<br />
<pre><br />
Set environment variables<br />
In order for the system to know the location of the Globus Toolkit commands you just installed, you must set an environment variable and source the globus-user-env.sh script.<br />
<br />
<br />
1. As globus, set GLOBUS_LOCATION to where you installed the Globus Toolkit. This will be one of the following:<br />
<br />
<br />
Using Bourne shells:<br />
<br />
globus$ export GLOBUS_LOCATION=/path/to/install<br />
Using csh:<br />
<br />
globus$ setenv GLOBUS_LOCATION /path/to/install<br />
<br />
<br />
2. Source $GLOBUS_LOCATION/etc/globus-user-env.{sh,csh} depending on your shell.<br />
<br />
<br />
Use .sh for Bourne shell:<br />
<br />
globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh<br />
Use .csh for C shell.<br />
<br />
globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh<br />
</pre><br />
The first instruction is crystal clear as to what to type, where as the second instruction seems to fall short of telling you to write "source" when using a Bourne shell, which was an issue I had when setting these variables. So they should change '''globus$ . $GLOBUS_LOCATION/etc/globus-user-env.sh''' to '''globus$ source $GLOBUS_LOCATION/etc/globus-user-env.sh''' and the instruction at 2 to be in a similar style that was used in instruction 1.<br />
<br />
= Hello World Implementation =<br />
There was only a few different tutorials I could find that taught you how to implement a program onto the grid you have created. There was one tutorial that implemented an application that has a video file be edited(by some process) on each node in the grid and they return their edited pieces so that it can be remade into a complete edited video(from the [http://www.globusconsortium.org/tutorial/ Globus Consortium]. That tutorial seemed quite complicated for me and would require more time to implement. Another tutorial that was available was linked from the Globus Toolkit homepage which explains in large detail of how web services are an integral part to the grid network and the infrastructure of the Globus Toolkit ([http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html Globus Tutorial]). This was too extensive of a tutorial considering it was 191 pages in length, so I opted to try and implement a simple [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf java based hello world] example I found. This tutorial required the usage of Java, Ant, JUnit, Postgresql and JDBC(java API for sql) to be installed, all of which can be found in the Synaptic Package Manager on Ubuntu. After this additional installation, I started the Postgresql server and activated the grid container which enables for jobs to be done on the grid.(the postgresql server was started in the root account, and the globus container started in the globus account)<br />
[[Image:Webservicesetup.png|thumb|center|upright=5.0|alt=|Diagram of file structure used in tutorial]]<br />
By following the tutorial I created the files :<br />
<br />
*build.properties <br />
*build.xml <br />
*interface-source/hello/HelloWorld.java <br />
*server-source/hello/HelloWorldImpl.java <br />
*wsdd-source/server-deploy.wsdd <br />
*client-source/helloc/HelloWorldClient.java<br />
from copying and pasting code in from the appendix and put them into the directory '''/home/mateh/dev/HelloProject/'''. Since the tutorial had me build a script, I can use the script to generate the files I need by simply calling '''ant step1''' and '''ant step2''' (which generates a gar file, which is a Grid Archive file similar in idea to a jar). The gar file that was created on the user mateh must then be copied onto the globus account for it to be deployed. After copying the file into the globus toolkit installation directory, using the command <br />
ant deploy -Dgar.name=/usr/local/globus/gars/hellogrid.gar<br />
I deployed the gar file. It is important to reset the grid container at this point to ensure the new grid service will be deployed. Now that the server implementation has been completed, I can hop back onto the user account mateh and build the client file using '''ant step3''' and then running '''ant run.client'''.<br />
<br />
= Implementation Overview =<br />
Implementing the Hello World webservice was easy based on the fact that it required only a few extra installations of packages, and the code was already given and was merely needed to be copied and pasted. This tutorial was far more easier to follow than the previous ones that I have seen, and I would recommend it to people who want to try out a grid computing system. The issue behind implementing these services would seem to me as difficult by first coming up with a job that can be split into multiple jobs and not have the worry of time sensitive deadlines, and once the job has been decided upon, to what amount can it be divided into? This Hello World example simply outputted text on different nodes, hardly a suitable challenge for a grid computing system, but to have to come up with a task that must be thresholded on the amount of divisions of work must take lots of planning. Once this planning has been done, further work must be done into coming up with different ways the grid system will handle invalid data so as to not hinder the operation of that job. Therefore I believe that implementing the Hello World Tutorial was simple based on the given code and explanation, but in a real world situation I think that trying to come up with an application that is grid based as well making sure that it works properly with the grid would be a different matter completely.<br />
<br />
=Conclusion=<br />
After setting up my environment, installing the toolkit, and implementing the Hello World tutorial, I can say that the setup and installation of the Globus Toolkit was relatively smooth, and the implementation of an application onto the grid would have been a nightmare had I not found the tutorial that I did. Even though I did say that the tutorial was easy, it does change my mind about how it would be difficult to implement an application on the grid because the Hello World example does not seem like a fair judgement to how complicated the applications that exist on the grid of today. The one thing that I have learned from the following the Globus Toolkit tutorials on the Globus Alliance webpage would be that they have very specific instructions at time, and very vague ones as well. The challenge to getting resources on how to implement a grid computing system also depends vastly on the version you are attempting to install. I have found many different tutorials, such as the ones i mentioned, who are made for earlier versions of the Globus Toolkit, some of which that do not have features that the future ones hold. This causes much confusion for as to what different commands are called and what services may or may not be available. I have looked into other grid computing systems and have also found an alternative method to testing a grid system. The [http://vdt.cs.wisc.edu/ Virtual Data Kit] apparently contains a wide variety of distributed computing software that can be easily used, so it seems to be a worthy solution to follow, as well as the implementation of already built services on the grid such as Condor might be something to look into how it is done. Therefore, from my experimentation of the Globus Toolkit 5.0.3, I have concluded that it is simple enough to install the basic services and setup a Certification Authority, but remains difficult to create/implement your own services onto the grid without further knownledge of grid computing and networks in general.<br />
<br />
=References=<br />
<br />
<br />
*Globus Toolkit Admin guide [http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin] Accessed: Feb 10,2011.<br />
*Globus Toolkit Quickstart guide [http://www.globus.org/toolkit/docs/5.0/5.0.3/admin/quickstart/] Accessed: Feb 10,2011.<br />
*Globus Toolkit installer source [http://www.globus.org/toolkit/downloads/5.0.3/] Accessed: Feb 10,2011.<br />
<br />
*Hello World Tutorial [http://www.dutchgrid.nl/install/gang/HowTo-GlobusInstallationExperience.pdf] Accessed: Feb 22,2011.<br />
*Grid Computing (Wiley)[http://books.google.ca/books?hl=en&lr=&id=b4LWXLRBRLsC&oi=fnd&pg=PR31&dq=grid+computing&ots=GRUnCeRcOX&sig=opgUj03TBSOWW1agykR8MHTvcIw#v=onepage&q=globus&f=false] Accessed: Feb, 19,2011. (For further understanding of grid computing)<br />
*Grid Cafe [http://www.gridcafe.org/middleware.html] Acccessed: Feb 22,2011.(general knowledge of grid computing systems)<br />
*Virtual Data Toolkit [http://vdt.cs.wisc.edu/] Accessed: Feb 23,2011.<br />
*Globus Toolkit Tutorial (Globus Alliance)[http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html] Accessed: Feb 19,2011. (Math application)<br />
*Globus Toolkit Tutorial (Globus Consortium)[http://www.globusconsortium.org/tutorial/] Accessed:Feb 20,2011. (Video editing application)</div>Mchou2