1. Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security

2. What are Virtual Trusted Domains? A virtual trusted domain (VTD) is a collection of machines, regardless of physical boundaries, that trust one another.

3.  Create and manage virtual trusted domains for virtual machines through the use of a NetFPGA.  Provide the virtual machines with reliable, secure, and fast connections to others in their virtual trusted domain.

4.  Low-cost platform, primarily designed as a tool for teaching networking hardware and router design

5. Roadmap of project:  By midterm:  Research how to program NetFPGAs.  Research and design an implementation for Virtual Trusted Domains on a NetFPGA.  Research Path Splicing, which implements similar features that we would like to use in our project.  Setup environment and begin coding our program which creates and manages Virtual Trusted Domains on a NetFPGA  Find and (if time permitting) set up an existing similar solution (if there is one) for VTDs as a basis for our work.  By final:  Modify the existing solution which can or potentially can implement the VTD.  Deploy the program and setup a test-bed on a NetFPGA.  Tested and debugged.  Final documents completed.

6. Our idea:  Have the controller maintain and utilize a database which contains the list of approved computers, their domain, and security level.  The packet header will be modified to include the user’s trust level and the VTD he wishes to communicate with.

7.  Two fields: Domain ○ This domain field is used for indicating the domain that a group of VMs belong to. ○ Machines in the same domain are able to talk with each other Trust Level ○ Trust level indicates the trust relationship among different machines in the same domain

8.  Hardware Pre-build NetFPGA server Dell Rack Server (Xenserver)  Software CentOS 5 NetFPGA base package Openflow Switch Nox Controller

10. Domain/Trust Level

11.  Domain Field 10 bits, so it can support up to 1024 domains in the system.  Trust Level (TL) 2 bits, so it has 4 trust levels (from 0 to 3). And we defined that 3 is the highest trust level.

12.  The VM1(6,3) initiates the traffic to VM2(6,2)  The Openflow Switch receives the packet from VM1  There is not entry in the flow table  The packet is sent to the NOX controller.

13.  NOX controller checks the domain and TL, found in the packet, and compares these with the destination in the database. If they are not in the same domain, then the packet is dropped.  If src and dst are in the same domain, then check the trust level.  If the TL(src) ≥ TL(dst), traffic is forwarded, otherwise, traffic is disallowed.

14.  We design a virtual trust domain concept for cloud system.  We deploy a innovative platform (Openflow over NetFPGA)  We successfully implemented our VTD concept in the real cloud system