Date post: | 03-Jan-2016 |
Category: |
Documents |
Upload: | quinlan-shepherd |
View: | 24 times |
Download: | 3 times |
Virtual Container Attestation:
Customized trusted containers for on-demand computing.
Katelin BaileySenior Thesis 2010Dartmouth College
Department of Computer Science
Where are we going?
•Introduction
•The Problem of Trusted Computing
•Tools: OpenSolaris, TPM, DTrace
•Design & Implementation
•Motivation for the Testing Applications
•Testing Applications.
•Results & Conclusions
The Problem of Trusted Computing
• Why do we need to trust computers?
• How can we develop that trust?
Previous Approaches
• Attestation
• Property-based attestation
• Compartmented attestation
• Virtualization
• Trusted Computing on Demand
Tools used in the implementation...
• Zones (containers)
• DTrace
• Open-source
OpenSolaris
Zones
•OS-level virtualization is lightweight•Global zone’s window into the containers•Zone cloning•Easy configuration•More complete virtualization, not just process isolation
TPM
• Cryptographic Capabilities
• Platform Control Registers
• Trusted Root
• Trusted Boot
• In relation to Trusted Computing
Virtual Container AttestationThe Goals
Uses client-requested containers
1.Interface to local and remote machines
2.Remain usable to client applications
3.Employs property-attributed certificates
4.Monitors attributes of each container
5.Halts zones which do not comply
6.Ensures that revoked zones remain inactive
In summary...
•Flexibility of policy
•Containers on demand
• Isolation
•Policy enforcement•Simple property attestation
Open source software as the basis for the testing applications
Unfortunately, we had to create our own...
Power Grid Software•Input comes from device measurements•Format the incoming data•Process in any (possibly multiple) way•Export for large-scale processing•Format/prepare the outgoing data
Hurdles
• Zone startup times
• TSS stack
Future Work
• Fix the hurdles!
• Varied revocation scheme
• Additional security checks
• Negotiation of security
• Better zone communication
Conclusions
Thank you!