Trusted Passages: Managing Trust Properties of Open Distributed Overlays Faculty: Mustaque Ahamad, Greg Eisenhauer, Wenke Lee and Karsten Schwan PhD Students:

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

Live migration of Virtual Machines Nour Stefan, SCPD.

Paging: Design Issues. Readings r Silbershatz et al: ,

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

Live Migration of Virtual Machines Christopher Clark, Keir Fraser, Steven Hand, Jacob Gorm Hansen, Eric Jul, Christian Limpach, Ian Pratt, Andrew Warfield.

Fast and Safe Performance Recovery on OS Reboot Kenichi Kourai Kyushu Institute of Technology.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Malware Detection via Virtual Machine Monitoring Wenke Lee.

1 Cheriton School of Computer Science 2 Department of Computer Science RemusDB: Transparent High Availability for Database Systems Umar Farooq Minhas 1,

Using DSVM to Implement a Distributed File System Ramon Lawrence Dept. of Computer Science

Efficient VM Introspection in KVM and Performance Comparison with Xen

CSCE 212 Chapter 7 Memory Hierarchy Instructor: Jason D. Bakos.

CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.

Disco: Running Commodity Operating Systems on Scalable Multiprocessors Bugnion et al. Presented by: Ahmed Wafa.

Chapter 1 and 2 Computer System and Operating System Overview

CacheMind: Fast Performance Recovery Using a Virtual Machine Monitor Kenichi Kourai Kyushu Institute of Technology, Japan.

Fast and Correct Performance Recovery of Operating Systems Using a Virtual Machine Monitor Kenichi Kourai Kyushu Institute of Technology, Japan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

CIS 700 Machine Virtualization Autumn 2004.

New Challenges in Cloud Datacenter Monitoring and Management

Disaster Recovery as a Cloud Service Chao Liu SUNY Buffalo Computer Science.

System Center 2012 Setup The components of system center App Controller Data Protection Manager Operations Manager Orchestrator Service.

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems David Goldschmidt, Ph.D.

Computer System Architectures Computer System Software

Department of Computer Science Engineering SRM University

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

Global NetWatch Copyright © 2003 Global NetWatch, Inc. Factors Affecting Web Performance Getting Maximum Performance Out Of Your Web Server.

Introduction and Overview Questions answered in this lecture: What is an operating system? How have operating systems evolved? Why study operating systems?

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Secure & flexible monitoring of virtual machine University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January.

Cosc 4010 Sandboxing. Last lecture Last time, we covered chroot, which is a method to "sandbox" a problem. –Not full proof by any means. Many simple mistakes.

1 Moshe Shadmon ScaleDB Scaling MySQL in the Cloud.

Zero-copy Migration for Lightweight Software Rejuvenation of Virtualized Systems Kenichi Kourai Hiroki Ooba Kyushu Institute of Technology.

Politecnico di Torino Dipartimento di Automatica ed Informatica TORSEC Group Performance of Xen’s Secured Virtual Networks Emanuele Cesena Paolo Carlo.

The Entropia Virtual Machine for Desktop Grids Brad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005 Raju Kumar CS598C: Virtual Machines.

A Measurement Based Memory Performance Evaluation of High Throughput Servers Garba Isa Yau Department of Computer Engineering King Fahd University of Petroleum.

Operating Systems David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 432.

Author: Monirul Sharif, Wenke Lee, Weidong Cui, Andrea Lanzi Reportor: Chun-Chih Wu Advisor: Hsing-Kuo Pao Select: CCS09’

Agile Survivable Store PIs: Mustaque Ahamad, Douglas M. Blough, Wenke Lee and H.Venkateswaran PhD Students: Prahlad Fogla, Lei Kong, Subbu Lakshmanan,

“Trusted Passages”: Meeting Trust Needs of Distributed Applications Mustaque Ahamad, Greg Eisenhauer, Jiantao Kong, Wenke Lee, Bryan Payne and Karsten.

Supporting Multi-Processors Bernard Wong February 17, 2003.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.

1 Virtual Machine Memory Access Tracing With Hypervisor Exclusive Cache USENIX ‘07 Pin Lu & Kai Shen Department of Computer Science University of Rochester.

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.

Replicating Memory Behavior for Performance Skeletons Aditya Toomula PC-Doctor Inc. Reno, NV Jaspal Subhlok University of Houston Houston, TX By.

Embedded System Lab. 정범종 A_DRM: Architecture-aware Distributed Resource Management of Virtualized Clusters H. Wang et al. VEE, 2015.

Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.

Operating Systems Security

Windows Azure. Azure Application platform for the public cloud. Windows Azure is an operating system You can: – build a web application that runs.

Security Vulnerabilities in A Virtual Environment

Full and Para Virtualization

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

CSE 451: Operating Systems Winter 2015 Module 25 Virtual Machine Monitors Mark Zbikowski Allen Center 476 © 2013 Gribble, Lazowska,

LECTURE 12 Virtual Memory. VIRTUAL MEMORY Just as a cache can provide fast, easy access to recently-used code and data, main memory acts as a “cache”

Running Commodity Operating Systems on Scalable Multiprocessors Edouard Bugnion, Scott Devine and Mendel Rosenblum Presentation by Mark Smith.

Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.

Operating Systems {week 01.b}

Virtualization.

Virtual Machine Monitors

NAT、DHCP、Firewall、FTP、Proxy

University of Maryland College Park

GSP 215 RANK Perfect Education/ gsp215rank.com.

CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors

Lecture 3: Main Memory.

Virtual Memory: Working Sets

CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors

Presentation transcript:

Trusted Passages: Managing Trust Properties of Open Distributed Overlays Faculty: Mustaque Ahamad, Greg Eisenhauer, Wenke Lee and Karsten Schwan PhD Students: Martim Carbone, Jiantao Kong, Bryan Payne and Ramesh Viswanath Funded by Intel and NSF.

Scenario: HTTPD/Proxy/Client

Assumptions and Challenges Hypervisor and Dom0 trusted User domains could be compromised –Compromised domains may leak data, return incorrect results or may not return results Trust controllers running in Dom0 detect and contain the effects of compromised domains How do we build trust controllers? –Online monitoring to determine when a user domain’s behavior indicates degraded trust –Enforcement of data protection policies –Maintaining desired trust levels

Current Research Application specific monitoring of user domains Protecting confidential data –Trust Bus Meeting trust needs of distributed applications –Trusted Passages

Application-Specific Monitoring Monitor data that is specific to each app –E.g., HTTPD: network (request, response), application binary, process image, data flow Transparent monitoring of different types of operating systems (e.g., Windows, Linux) –Provide common API for accessing information in each operating system Minimize impact on system performance, maximize rate that we can access data Trust aware measurements

Web Server Example Is process image correct? Are network request and replies allowable, and in sync with each other? Normalize timing of network traffic. Is data altered going to or from app? Does disk access correspond with the request?

Performance Page table lookup is slow (LRU cache helps) –Average of 74.9  sec for cache miss –Average of 29.1  sec for cache hit Memory copy is fast (it’s just a mmap’d page) –Average of 1.2 for  sec 1000 bytes

Providing Data Confidentiality and Integrity Confidentiality –Trust controller in dom0 enforces policy on VM device access based on policy file –Header level inspection Integrity –Replication and quorum to check part answers –Ringers and quiz to test if a VM returns correct results

Trust Controller Overheads

Dynamic Maintenance of Trust Detecting result “integrity” via replication of computation at multiple nodes Choosing worker nodes based on trust levels and adding new nodes when trust goes below certain threshold Trust controller can provide trust values for its VMs Evolving trust relevant observations into trust values

Conclusions “Trusted Passages” extends trust across nodes to support distributed applications Trust controllers observe virtual machine execution to derive trust values Application specific monitoring of virtual machines provides observations for trust controllers TrustBus enforces protection policies Dynamic trust evolution and trust management