Date post: | 11-Jun-2015 |
Category: |
Technology |
Upload: | marcel-winandy |
View: | 597 times |
Download: | 1 times |
System Security Lab
Trusted Virtual Domainson
Usable Secure Desktop Environments
Hans Löhr, Thomas Pöppelmann, Johannes Rave,Martin Steegmanns, Marcel Winandy
5th Annual Workshop on Scalable Trusted Computing (STC 2010)co-located to ACM CCS, Chicago, 4th October 2010
Marcel Winandy Trusted Virtual Domains on OpenSolaris 2
System Security Lab
Trusted Virtual Domains (TVDs)
● Coalition of virtual machines (VMs)● Distributed over various physical platforms● Same trust level, same security policy● Transparent policy enforcement
Marcel Winandy Trusted Virtual Domains on OpenSolaris 3
System Security Lab
TVD Implementations – Why a new one?
● TVDs on Xen:● Required several changes in Xen and dom0
(e.g. sHype in Xen, vSwitch in dom0, etc....)● Large VM images to deploy (e.g. Vista: ~ 2 GB)● Focus on data centers
● TVD on OpenSolaris:● Focus on end-user desktop systems● Lightweight virtualization● Requires no changes in kernel or core system
Marcel Winandy Trusted Virtual Domains on OpenSolaris 4
System Security Lab
Security Features of OpenSolaris● Zones: Lightweight (OS) virtualization● ZFS: Efficient file system● MLS: built-in mandatory access control● Secure GUI: trusted path, MLS support
And all comes for free !!!
Marcel Winandy Trusted Virtual Domains on OpenSolaris 5
System Security Lab
TVD on OpenSolaris: Architecture
Our Contribution
Marcel Winandy Trusted Virtual Domains on OpenSolaris 6
System Security Lab User Desktop
Trusted Virtual Domains on OpenSolaris 7
System Security Lab
Mapping TVD to MLS● MLS: classification (level) + compartment (category)● TVDs: non-hierarchical● Solution: all TVDs same level, but distinct compartments
(240 possible TVDs)
Marcel Winandy Trusted Virtual Domains on OpenSolaris 8
System Security Lab
TVD Management● Simple TVD management (Admin)
● Creation: name, description, network segment● Assignment of users and zone images
● Automatic and transparent policy distribution● Global Policy: MLS labels, user assignments● Local Policy: allowed zones, network config, etc.● Platform Policy: defines secure channel between
master and platforms
Marcel Winandy Trusted Virtual Domains on OpenSolaris 9
System Security Lab
Efficient Zone Image Deployment (1)
● User Login: can choose working environments
Marcel Winandy Trusted Virtual Domains on OpenSolaris 10
System Security Lab
Efficient Zone Image Deployment (2)
● Minimal standard zone: 1.4 GB (!)● But: ZFS features clones and snapshots
● Every image is snapshot of a zone● Snapshots can have dependencies (delta images)
● Tree-like organization:● Base zone images● Other zones are derived from base image
● Deployment: base in cache, deploy deltas only!
Marcel Winandy Trusted Virtual Domains on OpenSolaris 11
System Security Lab
Protected Storage Devices (1)● Encrypted Home Directories
● Stored on central server (via NFS)● Loopback-mounted (lofi) with built-in encryption● TVD layer: management of encryption key
● Mobile Storage Devices (e.g. USB sticks)● Similar approach● Transparent encryption after assignment to a TVD
Marcel Winandy Trusted Virtual Domains on OpenSolaris 12
System Security Lab
Protected Storage Devices (2)● User attaches new USB device
Marcel Winandy Trusted Virtual Domains on OpenSolaris 13
System Security Lab
Protected Storage Devices (3)● Transparent encryption after assignment to TVD
Marcel Winandy Trusted Virtual Domains on OpenSolaris 14
System Security Lab
Conclusion● TVD on OpenSolaris:
efficient and usable TVD realization for end-user desktop systems● Leverages existing OpenSolaris features
● Zones, MLS, ZFS, Secure GUI● Adds new components
● Server infrastructure (TVD Master), local TVD Layer● Transparent data encryption (home + USB sticks)● Efficient zone image deployment
● No changes on kernel or core OS services
More information:http://www.trust.rub.de/projects/tvd-solaris