Presentation is loading. Please wait.

Presentation is loading. Please wait.

Your Desktop on Your Keychain

Similar presentations


Presentation on theme: "Your Desktop on Your Keychain"— Presentation transcript:

1 Your Desktop on Your Keychain
Ted Wobber MSR Silicon Valley with Muthukarrupan Annamalai, Andrew Birrell, and Dennis Fetterly

2 Hardware vs. Desktop State
Computers are (increasingly) everywhere In furniture/kiosks/environment? New form factors for carrying state: Keychains, cellphones, watches Can we make desktop state portable without also carrying the computer hardware? Desktop state = user preferences user data + applications

3 Who cares?? Corporations and other large organizations
Moving between offices, sites Office-sharing Work-at-home scenarios Consumers in general But kiosk infrastructure and security is a barrier Emerging markets Desktop hardware is scarce Benefit may outweigh security risk

4 Models of Desktop Portability
Laptops Roaming profiles Remote desktop

5 Laptops Laptops are (usually) bulky and fragile
Expensive to purchase and to manage Prone to theft Once stolen, data is (often) vulnerable Backup can be haphazard But, laptops are self contained and offer a valuable platform for disconnected environments

6 Roaming Profiles Applications don’t roam
In Windows, difficult to separate user, application, and machine-specific state Slow, bandwidth intensive Difficult outside single admin domain Security of host machine?

7 Remote Desktops Needs strong connectivity Latency-sensitive
Difficult outside single admin domain Needs managed server to provide RDP service Most desktop PCs aren’t “professionally managed” Local devices?

8 Flash Changes the Equation
Current cost: 1GB = ~$80 Still following Moore’s Law Read/Write performance approaching disk Modern flash has built-in wear-leveling Max write limitations are rarely a problem For this talk: Flash == USB Flash Device

9 Flash Statistics (estimate)
Projected shipments million units in 2005 2 GB in ’04; 4GB+ in ’05. Estimated revenue on NAND-based Flash at $9.2 billion in ‘06 timeframe NAND Read/Write speeds are slated to increase as follows: ‘04 read 8 MB/s; write 6.5MB/s. ’05 read. 23 MB/s; write 16MB/s. ‘06 read 40 MB/s; write 28 MB/s. ‘07 guesstimates are 100MB/s using multiple NAND chips and cache. Already being extended with onboard CPU, memory, wireless, etc.

10 Carry user state cache on flash
Similar problems to roaming profiles: Applications don’t roam In Windows, difficult to separate user, application, and machine-specific state Slow, bandwidth intensive Difficult outside single admin domain Security of host machine?

11 Boot from Flash Drivers Flash capacity (in short term)
Problem gets worse with age of installation Flash capacity (in short term) Size of OS + apps a problem What happens when disk is full? Machine state (e.g. hibernation) is non portable Backup?

12 Our Solution Host machine runs virtual machine monitor
User runs in a virtual machine (VirtualPC) Virtual disk is a “server in the sky” Remote disk handles overflow and backup The flash acts as: A persistent cache/log of virtual disk Storage for virtual machine state Local disk as “lookaside” for virtual disk content

13 Why Virtualization? Eliminates host-specific customization
(e.g. drivers, etc) Easy to encapsulate and move VM state Fewer “moving parts” on host Easier to manage/secure: VMM is only requirement Development cost (our prototype < 1 kloc) Simple to customize basic abstractions Good performance and getting better Hardware support of virtualization Other platforms? XBox2? Virtual disks make provisioning new users easy

14 Differencing Disk(s):
Compact representation of overlaid content Standard feature of virtual machines Convenient for shared disk provisioning E.g. multiple users share same base disk VMM sees: Differencing Disk(s): Base Disk:

15 Why a network connection?
At least for now, flash drives are too small With Windows+Office it’s easy to overflow a 1GB disk Backup is automatic Server can keep multiple restore points Perhaps this requirement can be eliminated in the future

16 Kiosk Architecture VMM Host Flash Disk VirtualPC Disk as seen by
Write Log Read Cache Your Computing Environment VirtualPC Disk as seen by your programs File Server Composed of ... User-Specific Differencing Disk Lookaside Images (~Base Disk) Base Disk Image

17 Disk Writes VMM Host Flash Disk VirtualPC Disk as seen by
Your Computing Environment Flash Disk Write Log VirtualPC Read Cache Disk as seen by your programs File Server Composed of ... User-Specific Differencing Disk Base Disk Image Lookaside Images (~Base Disk)

18 Disk Reads VMM Host Flash Disk VirtualPC Disk as seen by your programs
Your Computing Environment Flash Disk Write Log 1 VirtualPC Read Cache 3 Disk as seen by your programs File Server Composed of ... 4 2 5 User-Specific Differencing Disk Base Disk Image Lookaside Images (~Base Disk)

19 Demo

20 A bit more detail Persistent state on flash
Virtual machine state (optional) Writes logged since last merge Fingerprint for every 16K chunk in remote virtual disk MD5 as a fingerprinting algorithm (128 bits) Set of cached 16K chunks

21 Persistent, in flash A: Chunk number to Fingerprint map (for entire disk) FP0 FP1 FPN B: Write Log (sectors) 27 Data for sector 27 3 Data for sector 3 17 Data for sector 17 C: Read Cache (chunks) ….. 7 Data for chunk 7 114 Data for chunk 114 35 Data for chunk 35 …..

22 Volatile, in memory A: Chunk number to Fingerprint map (for entire disk) FP0 FP1 FPN B: FP to Read Cache hash table (chunks) C: Write log hash table (sectors) FP0 FP1 FPN FP7 35 Chunk 35 ….. 7 Chunk 7 114 Chunk 114 17 Sector 17 ….. 27 Sector 27 3 Sector 3 27 FP114 3 FP35 17 ….. ….. D: FP to Static Disk hash table (chunks) FP FP FP ….. Lookaside Image

23 Updating the Fingerprint Map
Must compute new chunk fingerprints Partial chunks requires unwritten sectors Read old chunk New FP Add new sectors

24 What’s actually implemented
Write “log” is a differencing disk on flash Differencing drive chain: Flash differencing disk → Home differencing disk → Home base disk Manual merging only No automatic updates in background Standard VirtualPC “merge to parent” Merge updates read cache Read cache is untuned

25 Potential Drawbacks Security of kiosk machine Infrastructure rollout
Connectivity requirement As flash sizes grow, need for online server decreases Range of solutions possible depending on size Artifacts of virtualization Availability of pass-through devices Fancy graphics devices unavailable Ensuring that working set fits within the cache

26 Performance Bottlenecks
Windows likes to write to disk Flash fills up quickly Differencing disk overlays >10% of base image Read/write performance: 4K Reads (sequential or random) ~.8 ms 4K Writes (sequential) ~ 1.0 ms 4K Writes (random) > 20ms !!!! We have confirmed this by analyzing traffic at the USB driver level. The root cause of the 20 ms latency is a mystery. Our observations are inconsistent with NAND-memory specs.

27 Optimizations (current)
Fast-launch defragmentation turned off Paging disabled Last-access date on files disabled Various services turned off No anti-virus / indexing

28 Optimizations (possible)
Implement real log (for sequentiality) With redundant write elimination RAM disk for temporary files (e.g. IE) Keep guest-OS NTFS log on local disk Log writes to on-kiosk differencing disk … periodic sync to flash Network read/write compression Virtual disk snapshots

29 Security Primary threats: But, this is a computer:
Bogus, tapped, or otherwise compromised kiosk Theft of device But, this is a computer: ASIC or processor NAND Memory

30 Trusting the Kiosk Non-technical considerations Technical solutions
Physical security Site security (e.g. within a corporation) Physical packaging and locks (like an ATM) Kiosk owner must be accountable Technical solutions NGSCB / Trusted Boot / Attestation Small footprint (e.g. just OS+VMM) helps here User-specific, unforgeable visual feedback External helper device with UI (e.g. cellphone)

31 Protecting Against Theft
On-flash encryption, “unlocks” data only after: Flash authenticates kiosk Flash informs user that kiosk is OK User gives credentials (e.g. password or biometric) Lock-out on repetitive failure Host-based encryption is also possible But gives weaker guarantees User can roll back to disk state on server

32 Related Projects Internet suspend/resume Stanford “Collective” project
CMU / Intel Labs Virtual machine serial portability Supported by Coda-like distributed FS Flash for read optimization Stanford “Collective” project Portable virtual machine Virtual state/disk “capsule” hierarchy

33 Conclusions New model for desktop portability
Augments range of existing techniques Spectrum of flash-based solutions Looking for ways we can help product efforts Haven’t explored business/market ramifications Highlights two growing market forces: Flash and Virtualization


Download ppt "Your Desktop on Your Keychain"

Similar presentations


Ads by Google