-
Lower Bound for Independence Covering in $C_4$-Free Graphs
Authors:
Michael Kuhn,
Daniel Lokshtanov,
Zachary Miller
Abstract:
An independent set in a graph $G$ is a set $S$ of pairwise non-adjacent vertices in $G$. A family $\mathcal{F}$ of independent sets in $G$ is called a $k$-independence covering family if for every independent set $I$ in $G$ of size at most $k$, there exists an $S \in \mathcal{F}$ such that $I \subseteq S$.
Lokshtanov et al. [ACM Transactions on Algorithms, 2018] showed that graphs of degeneracy…
▽ More
An independent set in a graph $G$ is a set $S$ of pairwise non-adjacent vertices in $G$. A family $\mathcal{F}$ of independent sets in $G$ is called a $k$-independence covering family if for every independent set $I$ in $G$ of size at most $k$, there exists an $S \in \mathcal{F}$ such that $I \subseteq S$.
Lokshtanov et al. [ACM Transactions on Algorithms, 2018] showed that graphs of degeneracy $d$ admit $k$-independence covering families of size $\binom{k(d+1)}{k} \cdot 2^{o(kd)} \cdot \log n$, and used this result to design efficient parameterized algorithms for a number of problems, including STABLE ODD CYCLE TRANSVERSAL and STABLE MULTICUT.
In light of the results of Lokshtanov et al. it is quite natural to ask whether even more general families of graphs admit $k$-independence covering families of size $f(k)n^{O(1)}$.
Graphs that exclude a complete bipartite graph $K_{d+1,d+1}$ with $d+1$ vertices on both sides as a subgraph, called $K_{d+1,d+1}$-free graphs, are a frequently considered generalization of $d$-degenerate graphs.
This motivates the question whether $K_{d,d}$-free graphs admit $k$-independence covering families of size $f(k,d)n^{O(1)}$. Our main result is a resounding "no" to this question -- specifically we prove that even $K_{2,2}$-free graphs (or equivalently $C_4$-free graphs) do not admit $k$-independence covering families of size $f(k)n^{\frac{k}{4}-ε}$.
△ Less
Submitted 29 August, 2023;
originally announced August 2023.
-
Autumn: A Scalable Read Optimized LSM-tree based Key-Value Stores with Fast Point and Range Read Speed
Authors:
Fuheng Zhao,
Zach Miller,
Leron Reznikov,
Divyakant Agrawal,
Amr El Abbadi
Abstract:
The Log Structured Merge Trees (LSM-tree) based key-value stores are widely used in many storage systems to support a variety of operations such as updates, point reads, and range reads. Traditionally, LSM-tree's merge policy organizes data into multiple levels of exponentially increasing capacity to support high-speed writes. However, we contend that the traditional merge policies are not optimiz…
▽ More
The Log Structured Merge Trees (LSM-tree) based key-value stores are widely used in many storage systems to support a variety of operations such as updates, point reads, and range reads. Traditionally, LSM-tree's merge policy organizes data into multiple levels of exponentially increasing capacity to support high-speed writes. However, we contend that the traditional merge policies are not optimized for reads. In this work, we present Autumn, a scalable and read optimized LSM-tree based key-value stores with minimal point and range read cost. The key idea in improving the read performance is to dynamically adjust the capacity ratio between two adjacent levels as more data are stored. As a result, smaller levels gradually increase their capacities and merge more often. In particular, the point and range read cost improves from the previous best known $O(logN)$ complexity to $O(\sqrt{logN})$ in Autumn by applying the novel Garnering merge policy. While Garnering merge policy optimizes for both point reads and range reads, it maintains high performance for updates. Moreover, to further improve the update costs, Autumn uses a small amount of bounded space of DRAM to pin/keep the first level of LSM-tree. We implemented Autumn on top of LevelDB and experimentally showcases the gain in performance for real world workloads.
△ Less
Submitted 30 June, 2024; v1 submitted 8 May, 2023;
originally announced May 2023.
-
SciTokens: Demonstrating Capability-Based Access to Remote Scientific Data using HTCondor
Authors:
Alex Withers,
Brian Bockelman,
Derek Weitzel,
Duncan Brown,
Jason Patton,
Jeff Gaynor,
Jim Basney,
Todd Tannenbaum,
You Alex Gao,
Zach Miller
Abstract:
The management of security credentials (e.g., passwords, secret keys) for computational science workflows is a burden for scientists and information security officers. Problems with credentials (e.g., expiration, privilege mismatch) cause workflows to fail to fetch needed input data or store valuable scientific results, distracting scientists from their research by requiring them to diagnose the p…
▽ More
The management of security credentials (e.g., passwords, secret keys) for computational science workflows is a burden for scientists and information security officers. Problems with credentials (e.g., expiration, privilege mismatch) cause workflows to fail to fetch needed input data or store valuable scientific results, distracting scientists from their research by requiring them to diagnose the problems, re-run their computations, and wait longer for their results. SciTokens introduces a capabilities-based authorization infrastructure for distributed scientific computing, to help scientists manage their security credentials more reliably and securely. SciTokens uses IETF-standard OAuth JSON Web Tokens for capability-based secure access to remote scientific data. These access tokens convey the specific authorizations needed by the workflows, rather than general-purpose authentication impersonation credentials, to address the risks of scientific workflows running on distributed infrastructure including NSF resources (e.g., LIGO Data Grid, Open Science Grid, XSEDE) and public clouds (e.g., Amazon Web Services, Google Cloud, Microsoft Azure). By improving the interoperability and security of scientific workflows, SciTokens 1) enables use of distributed computing for scientific domains that require greater data protection and 2) enables use of more widely distributed computing resources by reducing the risk of credential abuse on remote systems.
In this extended abstract, we present the results over the past year of our open source implementation of the SciTokens model and its deployment in the Open Science Grid, including new OAuth support added in the HTCondor 8.8 release series.
△ Less
Submitted 22 May, 2019;
originally announced May 2019.
-
SciTokens: Capability-Based Secure Access to Remote Scientific Data
Authors:
Alex Withers,
Brian Bockelman,
Derek Weitzel,
Duncan Brown,
Jeff Gaynor,
Jim Basney,
Todd Tannenbaum,
Zach Miller
Abstract:
The management of security credentials (e.g., passwords, secret keys) for computational science workflows is a burden for scientists and information security officers. Problems with credentials (e.g., expiration, privilege mismatch) cause workflows to fail to fetch needed input data or store valuable scientific results, distracting scientists from their research by requiring them to diagnose the p…
▽ More
The management of security credentials (e.g., passwords, secret keys) for computational science workflows is a burden for scientists and information security officers. Problems with credentials (e.g., expiration, privilege mismatch) cause workflows to fail to fetch needed input data or store valuable scientific results, distracting scientists from their research by requiring them to diagnose the problems, re-run their computations, and wait longer for their results. In this paper, we introduce SciTokens, open source software to help scientists manage their security credentials more reliably and securely. We describe the SciTokens system architecture, design, and implementation addressing use cases from the Laser Interferometer Gravitational-Wave Observatory (LIGO) Scientific Collaboration and the Large Synoptic Survey Telescope (LSST) projects. We also present our integration with widely-used software that supports distributed scientific computing, including HTCondor, CVMFS, and XrootD. SciTokens uses IETF-standard OAuth tokens for capability-based secure access to remote scientific data. The access tokens convey the specific authorizations needed by the workflows, rather than general-purpose authentication impersonation credentials, to address the risks of scientific workflows running on distributed infrastructure including NSF resources (e.g., LIGO Data Grid, Open Science Grid, XSEDE) and public clouds (e.g., Amazon Web Services, Google Cloud, Microsoft Azure). By improving the interoperability and security of scientific workflows, SciTokens 1) enables use of distributed computing for scientific domains that require greater data protection and 2) enables use of more widely distributed computing resources by reducing the risk of credential abuse on remote systems.
△ Less
Submitted 12 July, 2018;
originally announced July 2018.
-
New Lower Bounds for Permutation Arrays Using Contraction
Authors:
Sergey Bereg,
Zevi Miller,
Luis Gerardo Mojica,
Linda Morales,
I. H. Sudborough
Abstract:
A permutation array $A$ is a set of permutations on a finite set $Ω$, say of size $n$. Given distinct permutations $π, σ\in Ω$, we let $hd(π, σ) = |\{ x\in Ω: π(x) \ne σ(x) \}|$, called the Hamming distance between $π$ and $σ$. Now let $hd(A) =$ min$\{ hd(π, σ): π, σ\in A \}$. For positive integers $n$ and $d$ with $d\le n$, we let $M(n,d)$ be the maximum number of permutations in any array $A$ sa…
▽ More
A permutation array $A$ is a set of permutations on a finite set $Ω$, say of size $n$. Given distinct permutations $π, σ\in Ω$, we let $hd(π, σ) = |\{ x\in Ω: π(x) \ne σ(x) \}|$, called the Hamming distance between $π$ and $σ$. Now let $hd(A) =$ min$\{ hd(π, σ): π, σ\in A \}$. For positive integers $n$ and $d$ with $d\le n$, we let $M(n,d)$ be the maximum number of permutations in any array $A$ satisfying $hd(A) \geq d$. There is an extensive literature on the function $M(n,d)$, motivated in part by suggested applications to error correcting codes for message transmission over power lines.
A basic fact is that if a permutation group $G$ is sharply $k$-transitive on a set of size $n\geq k$, then $M(n,n-k+1) = |G|$. Motivated by this we consider the permutation groups $AGL(1,q)$ and $PGL(2,q)$ acting sharply $2$-transitively on $GF(q)$ and sharply $3$-transitively on $GF(q)\cup \{\infty\}$ respectively. Applying a contraction operation to these groups, we obtain the following new lower bounds for prime powers $q$ satisfying $q\equiv 1$ (mod $3$).
1. $M(q-1,q-3)\geq (q^{2} - 1)/2$ for $q$ odd, $q\geq 7$,
2. $M(q-1,q-3)\geq (q-1)(q+2)/3$ for $q$ even, $q\geq 8$,
3. $M(q,q-3)\geq Kq^{2}\log q$ for some constant $K$ if $q$ is odd, $q\geq 13$.
These results resolve a case left open in a previous paper \cite{BLS}, where it was shown that $M(q-1, q-3) \geq q^{2} - q$ and $M(q,q-3) \geq q^{3} - q$ for all prime powers $q$ such that $q\not \equiv 1$ (mod $3$). We also obtain lower bounds for $M(n,d)$ for a finite number of exceptional pairs $n,d$, by applying this contraction operation to the sharply $4$ and $5$-transitive Mathieu groups.
△ Less
Submitted 11 September, 2018; v1 submitted 10 April, 2018;
originally announced April 2018.
-
Flexible Session Management in a Distributed Environment
Authors:
Zach Miller,
Dan Bradley,
Todd Tannenbaum,
Igor Sfiligoi
Abstract:
Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's s…
▽ More
Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMS to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems.
△ Less
Submitted 2 November, 2010;
originally announced November 2010.