Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Federation of Emulabs and Relevant New Development Jay Lepreau with Rob Ricci, Mike Hibler, Leigh Stoller University of Utah USC/ISI Federation Workshop.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Federation of Emulabs and Relevant New Development Jay Lepreau with Rob Ricci, Mike Hibler, Leigh Stoller University of Utah USC/ISI Federation Workshop."— Presentation transcript:

1 1 Federation of Emulabs and Relevant New Development Jay Lepreau with Rob Ricci, Mike Hibler, Leigh Stoller University of Utah USC/ISI Federation Workshop December 11, 2006

2 2 Emulab Federation Design “Levels” Level 1 - quick hack Level 2 - good design and function Level 3 - Do Everything Right and be GENI-compatible

3 3 Our Design's Goals Level 2 for Emulabs, including DETER Work pretty well for federation with PlanetLab (for which we're funded) Be on path to GENI compatibility Rob will describe in next talk

4 4 Why Federate? Obvious: Resources, resources –Larger common pool –Better statistical multiplexing –Access to different (heterogenous) resources Includes validation activity –Larger expts possible

5 5 Why Federate (less obvious) Access to Emulab system features not available locally –Out of date –Alpha/beta test features –Buggy (due to old code or new code) –Against policy –Different feature sets (beware the fork!) Ease testing for site-specific behavior (bug, ….) One mechanism eliminates version skew! Help build community mindset Partial/possible prototype for GENI federation

6 6 Why Not Federate? Stay separate (option 1) –No hard or ambiguous policy problems, including resource policies –No problems of version skew –Better privacy, esp. vs. testbed opers –Keep local users ignorant of possible better options –Simpler for the software Just merge –Physically (option 2a) For political and economic reasons, distributed resources will always exist Still, some testbeds could merge –Logically (option 2b) See later under “ASP model”

7 7 Approaches / User Interfaces Single portal for multi-Emulab expts Single master Emulab and all others are proxies ASP model (variant of above) Peers: submit anywhere have privileges Many masters: submit only from “home” Emulab

8 8 Requirements To be incentive-compatible, –Local site's users' must not get any worse access to resources than they would if non- federated –Other risks must be mitigated

9 9 Threats Security –boss.emulab.net (only marginally higher threat from alien users) –ops.emulab.net (don’t share) –fs.emulab.net (don’t share) Alien operators Public Internet Poorly-run Emulabs –Security, fidelity

10 10 Risks API version skew –Mitigate with external API only, not DB state –Mitigate with Elab-in-Elab testing Confusing to user –Policies, mechanisms, portals Software complexity Operational complexity –Eg, error reporting

11 11 Federation-Relevant New Emulab Development

12 12 New: admin Licensing: open source –release by January –Probably Affero GPL or similar –Daily (or live) update of CVS repo Note implications for security –… –White box testing required

13 13 Recent development (low tech) Move to uuid for users, projs, groups –For federation, expt archive –Email names for users Refactoring all the code into classes and instances

14 14 Security validation of the Emulab web site [1] Problem: Block SQL injection attacks –Web page input fields -> PHP -> MySQL queries –Unchecked inputs allow hijacking the DB. Solution: Full input field checking –Almost all fields are checked in the PHP code. –Show that *all* input fields are checked. –Automate the checking to maintain the assertion. –About 70% (?) complete

15 15 Security validation of the Emulab web site [2] Our approach: automated black-box/white-box scanning. –Probe a captive Emulab-in-Emulab web site and DB. Black-box: –Spider HTML pages; find forms and input fields. –Use an attack web-proxy to capture hidden GET/POST fields. White-box: –Scan the sources for forms to ensure complete coverage. –Accumulate a dictionary of valid input field values. Automation: –Script: activation, spidering, coverage checking, and probing. –Probes mix in one penetration string with other valid inputs. –Catch unchecked probes in DB Query common code.

16 16 More and Better Hetero Resources Fed with PlanetLab: both directions Imminent wireless testbed expansion (80-120 nodes) –802.11 –SDR

17 17 New (hi tech) Stateful swapout / pre-emption –Local disk state, memory and processor state, consistent network state, time adapter/transducers –time travel coming… Branching LVM Experimentation Workbench [TR Dec’06, Usenix’06] –Total record/replay; workflow Enables assured pipelines, validation, stamp-of-approval –Possible staging/tracking of persistent file access Flexlab [HotNets’06] –Decouple network model from Emulab –Real Internet conditions and traffic from/on PlanetLab

18 18 Starting, slowly… Layer 2 and layer 3 devices first class Emulab objects Use it to configure / assure / audit Emulab infra itself

Download ppt "1 Federation of Emulabs and Relevant New Development Jay Lepreau with Rob Ricci, Mike Hibler, Leigh Stoller University of Utah USC/ISI Federation Workshop."

Similar presentations

EMu New Features 2013 Bernard Marshall KE Software.

EMu New Features 2013 Bernard Marshall KE Software.
Chapter 20 Oracle Secure Backup.

Chapter 20 Oracle Secure Backup.
New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014

New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014
The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.

The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
Transparent Checkpoint of Closed Distributed Systems in Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah,

Transparent Checkpoint of Closed Distributed Systems in Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah,
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
An Experimentation Workbench for Replayable Networking Research Eric Eide, Leigh Stoller, and Jay Lepreau University of Utah, School of Computing NSDI.

An Experimentation Workbench for Replayable Networking Research Eric Eide, Leigh Stoller, and Jay Lepreau University of Utah, School of Computing NSDI.
Integrated Scientific Workflow Management for the Emulab Network Testbed Eric Eide, Leigh Stoller, Tim Stack, Juliana Freire, and Jay Lepreau and Jay Lepreau.

Integrated Scientific Workflow Management for the Emulab Network Testbed Eric Eide, Leigh Stoller, Tim Stack, Juliana Freire, and Jay Lepreau and Jay Lepreau.
Oxford Jan 2005 RAL Computing 1 RAL Computing Implementing the computing model: SAM and the Grid Nick West.

Oxford Jan 2005 RAL Computing 1 RAL Computing Implementing the computing model: SAM and the Grid Nick West.
Emulab Federation Preliminary Design Robert Ricci with Jay Lepreau, Leigh Stoller, Mike Hibler University of Utah USC/ISI Federation Workshop December.

Emulab Federation Preliminary Design Robert Ricci with Jay Lepreau, Leigh Stoller, Mike Hibler University of Utah USC/ISI Federation Workshop December.
Glenn Research Center at Lewis Field Software Assurance of Web-based Applications SAWbA Tim Kurtz SAIC/GRC Software Assurance Symposium 2004.

Glenn Research Center at Lewis Field Software Assurance of Web-based Applications SAWbA Tim Kurtz SAIC/GRC Software Assurance Symposium 2004.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.

Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
MongoDB Sharding and its Threats

MongoDB Sharding and its Threats
Web Application Testing with AppScan Terry Labach.

Web Application Testing with AppScan Terry Labach.
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.

By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
1 Web Database Processing. Web Database Applications Static Report Publishing a report is prepared from a database application and exported to HTML DB.

1 Web Database Processing. Web Database Applications Static Report Publishing a report is prepared from a database application and exported to HTML DB.

Similar presentations

Ads by Google