Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Passages: Managing Trust Properties of Open Distributed Overlays Faculty: Mustaque Ahamad, Greg Eisenhauer, Wenke Lee and Karsten Schwan PhD Students:

Published byBeatrix Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "Trusted Passages: Managing Trust Properties of Open Distributed Overlays Faculty: Mustaque Ahamad, Greg Eisenhauer, Wenke Lee and Karsten Schwan PhD Students:"— Presentation transcript:

1 Trusted Passages: Managing Trust Properties of Open Distributed Overlays Faculty: Mustaque Ahamad, Greg Eisenhauer, Wenke Lee and Karsten Schwan PhD Students: Martim Carbone, Jiantao Kong, Bryan Payne and Ramesh Viswanath Funded by Intel and NSF.

2 Scenario: HTTPD/Proxy/Client

3 Assumptions and Challenges Hypervisor and Dom0 trusted User domains could be compromised –Compromised domains may leak data, return incorrect results or may not return results Trust controllers running in Dom0 detect and contain the effects of compromised domains How do we build trust controllers? –Online monitoring to determine when a user domain’s behavior indicates degraded trust –Enforcement of data protection policies –Maintaining desired trust levels

4 Current Research Application specific monitoring of user domains Protecting confidential data –Trust Bus Meeting trust needs of distributed applications –Trusted Passages

5 Application-Specific Monitoring Monitor data that is specific to each app –E.g., HTTPD: network (request, response), application binary, process image, data flow Transparent monitoring of different types of operating systems (e.g., Windows, Linux) –Provide common API for accessing information in each operating system Minimize impact on system performance, maximize rate that we can access data Trust aware measurements

6 Web Server Example Is process image correct? Are network request and replies allowable, and in sync with each other? Normalize timing of network traffic. Is data altered going to or from app? Does disk access correspond with the request?

7 Performance Page table lookup is slow (LRU cache helps) –Average of 74.9  sec for cache miss –Average of 29.1  sec for cache hit Memory copy is fast (it’s just a mmap’d page) –Average of 1.2 for  sec 1000 bytes

8 Providing Data Confidentiality and Integrity Confidentiality –Trust controller in dom0 enforces policy on VM device access based on policy file –Header level inspection Integrity –Replication and quorum to check part answers –Ringers and quiz to test if a VM returns correct results

9 Trust Controller Overheads

10 Dynamic Maintenance of Trust Detecting result “integrity” via replication of computation at multiple nodes Choosing worker nodes based on trust levels and adding new nodes when trust goes below certain threshold Trust controller can provide trust values for its VMs Evolving trust relevant observations into trust values

11 Conclusions “Trusted Passages” extends trust across nodes to support distributed applications Trust controllers observe virtual machine execution to derive trust values Application specific monitoring of virtual machines provides observations for trust controllers TrustBus enforces protection policies Dynamic trust evolution and trust management

Download ppt "Trusted Passages: Managing Trust Properties of Open Distributed Overlays Faculty: Mustaque Ahamad, Greg Eisenhauer, Wenke Lee and Karsten Schwan PhD Students:"

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Live migration of Virtual Machines Nour Stefan, SCPD.

Live migration of Virtual Machines Nour Stefan, SCPD.
Paging: Design Issues. Readings r Silbershatz et al: 8.4-8.5, 9.5-9.10.

Paging: Design Issues. Readings r Silbershatz et al: ,
1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
Live Migration of Virtual Machines Christopher Clark, Keir Fraser, Steven Hand, Jacob Gorm Hansen, Eric Jul, Christian Limpach, Ian Pratt, Andrew Warfield.

Live Migration of Virtual Machines Christopher Clark, Keir Fraser, Steven Hand, Jacob Gorm Hansen, Eric Jul, Christian Limpach, Ian Pratt, Andrew Warfield.
Fast and Safe Performance Recovery on OS Reboot Kenichi Kourai Kyushu Institute of Technology.

Fast and Safe Performance Recovery on OS Reboot Kenichi Kourai Kyushu Institute of Technology.
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
Malware Detection via Virtual Machine Monitoring Wenke Lee.

Malware Detection via Virtual Machine Monitoring Wenke Lee.
1 Cheriton School of Computer Science 2 Department of Computer Science RemusDB: Transparent High Availability for Database Systems Umar Farooq Minhas 1,

1 Cheriton School of Computer Science 2 Department of Computer Science RemusDB: Transparent High Availability for Database Systems Umar Farooq Minhas 1,
Using DSVM to Implement a Distributed File System Ramon Lawrence Dept. of Computer Science

Using DSVM to Implement a Distributed File System Ramon Lawrence Dept. of Computer Science
Efficient VM Introspection in KVM and Performance Comparison with Xen

Efficient VM Introspection in KVM and Performance Comparison with Xen
CSCE 212 Chapter 7 Memory Hierarchy Instructor: Jason D. Bakos.

CSCE 212 Chapter 7 Memory Hierarchy Instructor: Jason D. Bakos.
CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.

CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.
Disco: Running Commodity Operating Systems on Scalable Multiprocessors Bugnion et al. Presented by: Ahmed Wafa.

Disco: Running Commodity Operating Systems on Scalable Multiprocessors Bugnion et al. Presented by: Ahmed Wafa.
Chapter 1 and 2 Computer System and Operating System Overview

Chapter 1 and 2 Computer System and Operating System Overview
CacheMind: Fast Performance Recovery Using a Virtual Machine Monitor Kenichi Kourai Kyushu Institute of Technology, Japan.

CacheMind: Fast Performance Recovery Using a Virtual Machine Monitor Kenichi Kourai Kyushu Institute of Technology, Japan.
Fast and Correct Performance Recovery of Operating Systems Using a Virtual Machine Monitor Kenichi Kourai Kyushu Institute of Technology, Japan.

Fast and Correct Performance Recovery of Operating Systems Using a Virtual Machine Monitor Kenichi Kourai Kyushu Institute of Technology, Japan.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
CIS 700 Machine Virtualization Autumn 2004.

CIS 700 Machine Virtualization Autumn 2004.
New Challenges in Cloud Datacenter Monitoring and Management

New Challenges in Cloud Datacenter Monitoring and Management

Similar presentations

Ads by Google