os circular a framework of internet client with xen
play

OS-Circular: A Framework of Internet Client with Xen - PowerPoint PPT Presentation

Mar 29, 2023 •11 likes •281 views

OS-Circular: A Framework of Internet Client with Xen http://openlab.jp/oscircular/ Kuniyasu Suzaki, Toshiki Yagi, Kengo Iijima, Nguyen Anh Quynh National Institute of Advanced Industrial Science and Technology 1 Contents Purpose of

  1. “OS-Circular”: A Framework of Internet Client with Xen http://openlab.jp/oscircular/ Kuniyasu Suzaki, Toshiki Yagi, Kengo Iijima, Nguyen Anh Quynh National Institute of Advanced Industrial Science and Technology 1

  2. Contents • Purpose of Internet Client • What is OS Circular? – VM-Loader “Xenoppix” – Globalized Virtual Disk “HTTP-FUSE CLOOP” • Split & compressed & Trusted (Measured) Loopback device • Requirement of server is HTTP only. – Periodically security updated “Guest OS” • Current Implementation & Future Work – Trusted Boot with TPM, Trusted Network Connect – Linkage of Vulnerability Database • Conclusions 2

  3. Purpose of OS Circular • Framework of Internet client for anonymous users (OS Migration System). – Boot OS on anonymous PC without installation. – Deal with Disconnect network for mobile computing • Image of OS can be cached on local storage. – The OS is periodically updated. • But it allows to rollback to previous image. – To be trusted service (discuss later) 3

  4. Strategy of deployment • Policy – Utilize popular/inexpensive Internet service and Client PC. • Most researches assume special service on the server. They prevent world wide deployment. • Current PC is cheap and powerful. • Client Centric System – VM is running on a Client. OS Image is obtained via HTTP servers. – Reduce requirements for server and makes easy world wide scalability. 4

  5. Related Work (OS Migration) • OS Zoo – Distribute Virtual Disk files of QEMU for Linux, Minix, Plan9, OpenSolaris, etc. • FLOZ (Free Live OS Zoo) – The GUI of QEMU is transferred by VNC to Web Browser on Client PC. – Server Centric System • Bad response because the server exits in Italy • Guest OS has no network service because of security & resource • Collective [HostOS’03][NSDI’05] – Cache based System Management • Based on COW image of VMware • COW files are shared by NFS over SSH 5

  6. Comparison Type of VM Disk Differential Transfer Security Management Image update on Transfer Log Structured OS Xen Client Log Structured Trusted Trusted HTTP HTTP Blocks Blocks blocks on blocks on Circular (HVM) Centric HTTP- - are HTTP are HTTP- HTTP -FUSE FUSE FUSE measured FUSE measured CLOOP CLOOP CLOOP on Client CLOOP on Client Collective VMware Client VMware COW of NFS over SSH Centric disk file VMware SSH OS Zoo QEMU Client QEMU HTTP& Centric disk file FTP FLOZ QEMU Server VNC Centric 6

  7. OS Circular • OS Circular is Client Centric System which utilizes virtualization technology. – “VM Loader” + “Globalized Virtual Disks” – Client PC boots with the VM Loader and get Guest-OS images via Globalized Virtual Disks • Guest-OS images are updated periodically on the server and they are executed on Client PC. 7

  8. VM Loader • VM Loader is consisted of “Virtual Machine software” and host OS which runs Virtual Machine • Virtual Machine offers an Abstraction Layer which is a common PC environment on any PCs. – The abstraction is used for other researches of OS migration. • SoulPAD [Mobisys’05], VAT of Collective[NSDI’05], Internet Suspend/Resume[WMCSA’02 ] use VMware – Full Virtualization enables us to use normal installer and security management for Guest OS . • The host OS supports real device drivers • KNOPPIX is used [SoulPAD,VAT of Collective], because KNOPPIX automatically detects available devices and loads the appropriate Linux drivers. 8

  9. “Xenoppix” as VM Loader • Xenoppix (2005.09 ~ ) = Xen + KNOPPIX(1CD Linux) • Old Xenoppix used Para-Virtualizaiton(Xen2.0.6) and included Plan9 & NetBSD. • Current Xenoppix runs Para & Full Virtualization of Xen. – Xenoppix is renamed to VMKONPPIX. – KNOPPIX works on Domain0 of Xen (as host OS). • Xen has no device drivers and utilize the drivers of the OS on Domain0.“Autoconfig” of KNOPPIX detects devices and setup drives. • So, Xen and KNOPPIX is the best marriage. 9

  10. Globalized Virtual Disk • Virtual Disk is Block Level Abstraction. • The requirement for OS Migration. (Pfaff[NSDI’06]) – Versioning • Partial update & Rollback – Globalization • World Wilde Deployment • Network/Storage Transparent – Handle network (dis/re)-connection for mobile computing – Security • OS itself should maintained by Security Software • Virtual disks have to keep validness of contents • We developed “Trusted HTTP FUSE CLOOP”. 10

  11. Trusted HTTP-FUSE CLOOP (1/2) • Original block device is split by 256KB and compressed by zlib. Each data is saved to each block file. • Block files are managed by “index” file which includes location information. – “index” file works as a header of CLOOP. • Block file name is a SHA1 value of its contents. – If there is a same contests blocks, they are held together a same name file and reduce total storage space. – The basic idea is resemble to “Venti of Plan9”[USENIX’02] • Block files are reconstructed to a CLOOP file by FUSE wrapper. – FUSE is a User-land File System. • http://fuse.sf.net • Each block file is measured with the SHA1 file name when it mapped to CLOOP. 11

  12. Block Device index and block files index.idx 4KB Page 4ad36ffe8… 256KB ext2 974daf34a… … 2d34ff3e1… 3310012a… … … … The block files are re- constructed as a virtual disk with HTTP-FUSE CLOOP … compressed by zlib … 12

  13. Trusted HTTP-FUSE CLOOP (2/2) • When a file is updated or created on an original block device, the relevant block files are newly created with new SHA1 name. The “ index ” file are also renewed. – Old block files are reusable. • HTTP for file deliver – Most popular and well designed. • Web hosting is inexpensive for world wide deployment. • 80 port is usually opened. – Other network block devices use special port which is usually closed. • Block files are network/storage transparent. – Block files are cached and reused on local storage. – If necessary block files are stored in a local storage, network connection is not necessary. 13

  14. CLOOP style block file style Block Device CLOOP file block files named by SHA1 (2GB) index.idx 4KB Page 4ad36ffe8… 256KB ext2 974daf34a… … 2d34ff3e1… 3310012a… … … … Same files … Reusable for FUSE … (1) index.idx Update 4KB Page 4ad36ffe8… 256KB FUSE ext2 dd4daf34a… apt-get install … driver … 2d34ff3e1… 3310012a… … … … … 14 …

  15. Obtain in security Loopback(2GB) Contents SEVER CLOOP file(700MB) block files # losetup /dev/CLOOP block files /cdrom/KNOPPIX /tmp/blocks index.idx /cdrom/KNOPPIX header 4KB Page 4ad36ffe8… (location ext2 data) 974daf34a… 2d34ff3e1… 3310012a… Access … … … CLOOP FUSE Each block fie is driver driver measured with cache its file name 64KB … at reading decompress extract 15

  16. 16

  17. Two type of Security • The OS image has to keep security – The OS is updated periodically by package manager. • “yum” of Fedora or “apt-get” of Debian • It should be Semi-automatic. – The target includes the kernel. • We have to use Full Virtualization. • The way of distribution – Index file is obtained in secure way but the block files are downloadable from un-trusted servers. – The contents are measured on a Client. – We have to reboot Guest OS to updated OS image. 17

  18. Partial Update Cache files at Security Index Files New Index file local storage Update Xen HVM Block Files Xen HVM Internet Client PC Master PC On demand HTTP Server download Xen HVM New Block Files Updated OS 18 Client PC

  19. World Wide Deployment of Server • We utilize inexpensive Web Hosting Service. – 5GB/ month from $10 19

  20. Client DNS-Balance Web server for HTTP-FUSE Xenoppix DNS server: ns.inetboot.net DNS request Block files Resolve select.inetboot.net to shorten latency resolve( DNS-balance ) XXX.168.0.10 YYY.10.0.19 select.inetboot.net ASK the nearest server for select.inetboot.net XXX.168.0.10 YYY.10.0.19 RADB (Routing ASSET DATABASE) 20

  21. Current Implementation of OS Circular • VM Loader – Xenoppix (Xen 3.0.4 + KNOPPIX 5.1.1) – Debian package • Trusted HTTP-FUSE CLOOP • Setup script for OS Circular • OS Images is obtained by Trusted HTTP-FUSE CLOOP – Debian GNU/Linux • Periodically updated with “apt-get” command – FreeBSD 21

  22. Performance • ThinkPAD T60(Core Solo T1300 1.67Ghz) – Xen 3.0.4 HVM Domain – Debian GNU/Linux boot till GDM 22

  23. To be Trust • There are some problems A) Current Version has to trust Xenoppix. • Can’t prevent Virtual Machine Based Rootkit (Subvirt[SSP’06]) B) Index file have to distribute in secure. C) There is no way to authenticate that vulnerable applications are replaced correctly on the updated OS. 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
INTERNET CLIENT PROGRAMMING USING PYTHON C U A U H T E M O C C A R B A J A L I T E S M C E M A

INTERNET CLIENT PROGRAMMING USING PYTHON C U A U H T E M O C C A R B A J A L I T E S M C E M A

INTERNET CLIENT PROGRAMMING USING PYTHON C U A U H T E M O C C A R B A J A L I T E S M C E M A P R I L 0 6 , 2 0 1 3 1 INTRODUCTION In the previous lecture we took a look at low-level networking communication protocols using sockets.

1.16k views • 76 slides
1 2 Symmetric crypto, part 2 client D. J.

1 2 Symmetric crypto, part 2 client D. J.

1 2 Symmetric crypto, part 2 client D. J. Bernstein message m 1 session key k client authenticated k ciphertext C 1 servers ciphertext C 0 public key S Internet Symmetric Internet

2.03k views • 175 slides
The Role of Cities in Circular Economy CONTENTS Part 1: EU policy Part 2: Starting Part 3: Good

The Role of Cities in Circular Economy CONTENTS Part 1: EU policy Part 2: Starting Part 3: Good

28 February 2020 The Role of Cities in Circular Economy CONTENTS Part 1: EU policy Part 2: Starting Part 3: Good practices on framework on the transition to circular economy from circular economy circular economy European cities TAKING

695 views • 24 slides
Circular Economy Closing the loop An EU Action Plan for the Circular Economy Circular

Circular Economy Closing the loop An EU Action Plan for the Circular Economy Circular

Circular Economy Closing the loop An EU Action Plan for the Circular Economy Circular Economy: an EU priority Jobs, Protecting Growth and the environment Investment and boosting competitiveness Democratic Energy Union Change,

702 views • 24 slides
A Framework for A Framework for Internet Program Guides Internet Program Guides Yuji Nomura (

A Framework for A Framework for Internet Program Guides Internet Program Guides Yuji Nomura (

A Framework for A Framework for Internet Program Guides Internet Program Guides Yuji Nomura ( nom@flab.fujitsu.co.jp) Fujitsu Laboratories Ltd. Henning Schulzrinne ( hgs@cs.columbia.edu ) Columbia University Introduction Introduction

185 views • 4 slides
THIALFI A Client Notification Service for Internet-Scale Applications Authors: Atul Adya, Gregory

THIALFI A Client Notification Service for Internet-Scale Applications Authors: Atul Adya, Gregory

THIALFI A Client Notification Service for Internet-Scale Applications Authors: Atul Adya, Gregory Cooper, Daniel Myers, Michael Piatek Google, Inc. Karol Nienatowski Problem Ensuring the freshness of client data for applications that rely

616 views • 39 slides
The Internet and The Web Client Side Web Application Development George Corser, PhD Once Upon

The Internet and The Web Client Side Web Application Development George Corser, PhD Once Upon

The Internet and The Web Client Side Web Application Development George Corser, PhD Once Upon a Time... People wanted access to documents ... remotely from anywhere (so they invented network communications) ... without depending on a

888 views • 43 slides
Framework and Terminology of the Circular Built Environment Tillmann Klein Linear Economy

Framework and Terminology of the Circular Built Environment Tillmann Klein Linear Economy

Source: https://pixabay.com/photos/architecture-modern-building- Image credits go here facade-1048092/ Framework and Terminology of the Circular Built Environment Tillmann Klein Linear Economy Linear Economy - Activities Linear Economy -

288 views • 26 slides
IOT SECURITY FRAMEWORK TechDay ICANN 61 Jacques Latour, CTO Canadian Internet Registration

IOT SECURITY FRAMEWORK TechDay ICANN 61 Jacques Latour, CTO Canadian Internet Registration

DRAFT IOT SECURITY FRAMEWORK TechDay ICANN 61 Jacques Latour, CTO Canadian Internet Registration Authority March 12, 2018 DRAFT IoT THREAT LANDSCAPE SPECIFIC TO THE INTERNET - SCALE IoT device compromises: Used in internet attacks

537 views • 25 slides
Laurne Descamps, Circular Economy Transition / Impact Hub Zrich What Is Circular Economy A

Laurne Descamps, Circular Economy Transition / Impact Hub Zrich What Is Circular Economy A

Circular Economy & Digitalisation - 8.05.2020 Laurne Descamps, Circular Economy Transition / Impact Hub Zrich What Is Circular Economy A Circular economy is a powerful method consisting of principles and activities that aims to retain

752 views • 27 slides
Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example Saghar Estehghari 1 Yvo Desmedt 1 , 2 1 Department of Computer Science University College London, UK 2 Research Center for Information Security

572 views • 28 slides
Welcome to Circular economy 5ECTS course! Piia Nurmi & the team This course In the Circular

Welcome to Circular economy 5ECTS course! Piia Nurmi & the team This course In the Circular

Welcome to Circular economy 5ECTS course! Piia Nurmi & the team This course In the Circular Economy Course (5 ECTS), the student will develop business skills (needed in working life) and the basics of circular economy the fact-based

417 views • 41 slides
5/16/2019 The Circular Economy Drives Value Creation LINEAR CIRCULAR Circular supply chains

5/16/2019 The Circular Economy Drives Value Creation LINEAR CIRCULAR Circular supply chains

5/16/2019 The Circular Economy Drives Value Creation LINEAR CIRCULAR Circular supply chains reduce costs, increase efficiency and Linear supply chains are costly, susceptible to volatility and harmful to our environment. create a sustainable

266 views • 11 slides
Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client Client Client Client Client Client Client Google Client Client Client Client Client Client Many clients; 1 server Server starts and then

333 views • 6 slides
Economy Closing the loop An EU Action Plan for the Circular Economy Circular Economy: a

Economy Closing the loop An EU Action Plan for the Circular Economy Circular Economy: a

Circular Economy Closing the loop An EU Action Plan for the Circular Economy Circular Economy: a priority Jobs, Protecting Growth and the environment Investment and boosting Democratic competitiveness Energy Union Change, and

462 views • 13 slides
Compiler Construction Compiler Construction 1 / 88 Mayer Goldberg \ Ben-Gurion University Tuesday

Compiler Construction Compiler Construction 1 / 88 Mayer Goldberg \ Ben-Gurion University Tuesday

Compiler Construction Compiler Construction 1 / 88 Mayer Goldberg \ Ben-Gurion University Tuesday 31 st December, 2019 Mayer Goldberg \ Ben-Gurion University Chapter 8 Roadmap Compiler Construction 2 / 88 The expansion of letrec ,

1.11k views • 88 slides
Computing With Tensors: Modern Algorithm for . . . Modern Algorithm for . . . Potential

Computing With Tensors: Modern Algorithm for . . . Modern Algorithm for . . . Potential

Why Tensors 19 Century Physics Problem and How . . . From Tensors in . . . Computing With Tensors: Modern Algorithm for . . . Modern Algorithm for . . . Potential Applications Quantum Computing . . . of Physics-Motivated New Idea: Tensors

251 views • 12 slides
A Shortcut Fusion Rule for Circular Program Calculation Joo Fernandes 1 Alberto Pardo 2 Joo

A Shortcut Fusion Rule for Circular Program Calculation Joo Fernandes 1 Alberto Pardo 2 Joo

A Shortcut Fusion Rule for Circular Program Calculation A Shortcut Fusion Rule for Circular Program Calculation Joo Fernandes 1 Alberto Pardo 2 Joo Saraiva 1 1 Departmento de Informtica Universidade do Minho Portugal 2 Instituto de

550 views • 41 slides
Next Generation LearnLib (NGLL) Bernhard Steffen, Falk Howar, Maik Merten , Oliver Bauer TU

Next Generation LearnLib (NGLL) Bernhard Steffen, Falk Howar, Maik Merten , Oliver Bauer TU

Next Generation LearnLib (NGLL) Bernhard Steffen, Falk Howar, Maik Merten , Oliver Bauer TU Dortmund SFM2011 Overview Practical aspects in active automata learning LearnLib: mature library for active atomata learning NGLL: framework,

657 views • 20 slides
The Virtue of Vicious Circles Baltasar Trancn y Widemann TU Ilmenau 2016-10-25 Trancn y

The Virtue of Vicious Circles Baltasar Trancn y Widemann TU Ilmenau 2016-10-25 Trancn y

Introduction Technique Applications Conclusion The Virtue of Vicious Circles Baltasar Trancn y Widemann TU Ilmenau 2016-10-25 Trancn y Widemann The Virtue of Vicious Circles 1 / 34 Introduction Technique Applications Conclusion

1.32k views • 106 slides
KWIC Design Challenge Monday, May 16, 2011 Contextualized Index set of all circular shifts

KWIC Design Challenge Monday, May 16, 2011 Contextualized Index set of all circular shifts

KWIC Design Challenge Monday, May 16, 2011 Contextualized Index set of all circular shifts lines of text program in alphabetical order Monday, May 16, 2011 Contextualized Index are fluffy Clouds Clouds are fluffy great Waterloo is

650 views • 15 slides
RCGC can be more attractive Reference counting example Root set Heap space 1 1 2 1 1 1 1 2

RCGC can be more attractive Reference counting example Root set Heap space 1 1 2 1 1 1 1 2

RCGC can be more attractive Reference counting example Root set Heap space 1 1 2 1 1 1 1 2 1 2 Reference counting example Root set Heap space 1 1 2 1 0 1 1 2 1 3 Reference counting example Root set Heap space 1 1 2 1 0 1

418 views • 20 slides
Indexed Copatterns Reasoning about Infinite Structures by Observations David Thibodeau Brigitte

Indexed Copatterns Reasoning about Infinite Structures by Observations David Thibodeau Brigitte

Indexed Copatterns Reasoning about Infinite Structures by Observations David Thibodeau Brigitte Pientka McGill University September 24, 2013 David Thibodeau (McGill University) Indexed Copatterns September 24, 2013 1 / 18 Representing

423 views • 25 slides

More recommend