trusted disk loading in the emulab network testbed
play

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, - PowerPoint PPT Presentation

Nov 30, 2023 •209 likes •566 views

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci 1 Emulab Public network testbed Create complex experiments quickly 500+ nodes at Utah Emulab 2 Emulab Nodes Physical nodes

  1. Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci 1

  2. Emulab • Public network testbed • Create complex experiments quickly • 500+ nodes at Utah Emulab 2

  3. Emulab Nodes • Physical nodes • Users have root • Space/time shared Artifacts from previous experiment may persist on node 3

  4. Node Corruption 4

  5. Why Reset State? • Experiment fidelity depends on starting fresh • Unacceptable for security sensitive experiments • At the very least, artifacts from previous experiments are irritating 5

  6. Emulab’s Current Method • Control server forces reboot and directs node re-imaging over network • Network is shared with other nodes State reset is not guaranteed and is not tamper-proof 6

  7. Goals • Must reset node state during other active experiments and regardless of what state the node is left in • Must be flexible for many boot paths • Must scale to size of testbed 7

  8. Solution: Trusted Disk Loading System (TDLS) If the experiment is created successfully, node state is reset 8

  9. Contributions • Cryptographically verifiable method of resetting physical node state • Flexible and secure reloading software scalable to size of testbed 9

  10. Node Reloading 10

  11. TDLS Fundamentals • Establish trust • Verify every stage of node reloading with control server The Trusted Platform Module is the perfect tool for such objectives 11

  12. Trusted Platform Module (TPM) • Secure key storage • Measurement • Remote attestation (quotes) 12

  13. Secure Key Storage • Keys are always encrypted before they leave the TPM • Keys are only useable on the same TPM with which they were created • Control server can identify nodes by the public portion of these keys 13

  14. TDLS Fundamentals  Establish trust • Verify every stage of node reloading with control server 14

  15. Trusted Platform Module (TPM) • Secure key storage • Measurement • Remote attestation (quotes) 15

  16. Measurement • Platform Configuration Registers (PCR) o TPMs generally have 24 PCRs o Holds a hash o PCRs can only be modified through extension o Extending: PCR = hash(previous value of PCR + a new hash) • Measuring is when we hash a region of memory and extend a certain PCR with the resulting hash 16

  17. Secure Boot Chain with TPM 1. Immutable part of BIOS measures the rest of BIOS 2. BIOS measures boot device 3. Boot device then measures whatever it loads 4. etc. 17

  18. Remote Attestation (Quotes) • TPM packages up the desired PCRs and signs them • Tamper-proof as it is signed by the TPM • Very easy to differentiate between a genuine quote and arbitrary data signed by TPM 18

  19. TDLS Fundamentals  Establish trust  Verify every stage of node reloading with control server 19

  20. TDLS Reloading 20

  21. Starting the chain: Booting to PXE • PXE ROMs aren’t TPM aware • PXE ROMs won't check-in with the control server Boot to USB dongle with gPXE 21

  22. Stage 1: gPXE • Measured by BIOS • Embedded certificate authority for server authentication • Sends a quote to control server 22

  23. Checking Quotes • Different stages are measured into different PCRs • Quotes contain a nonce from the server to guarantee freshness • The TPM signature over the quotes are verified • Server compares every PCR in the quote with known values in the database 23

  24. Incorrect Quotes • An incorrect PCR means something was modified • Failure to send a quote before a timeout is treated as a verification failure • Control server cuts power to the node and quarantines it 24

  25. Stage 2: GRUB • Retrieves, measures, and boots the imaging MFS • Will boot to disk when necessary 25

  26. Sensitive Resources • Control server closes monitors a node’s progress via quotes • A node can only receive sensitive resources (decryption keys) in a particular state 26

  27. Stage 3: Imaging MFS • Sends quote covering everything • Writes the encrypted image to disk 27

  28. Stage 4: Signoff • Disk is imaged • Extends known value into designated reboot PCR • Marks the end of the trusted chain 28

  29. Attacks That Will Fail • Any boot stage corruption • BIOS code or configuration modifications • Injecting new stages 29

  30. What this means We win 30

  31. Summary • Node state must be fully reset in a secure way o Some testbed properties make this very difficult • Using the Trusted Platform Module o Establish trust between the node and server o Verify every stage of bootchain • Trusted Disk Loading System o Tracks node progress with quotes o Guarantees node state is reset • If any check fails, the experiment creation will fail 31

  32. Future Work • Enable experimenters to verify node state • Refine the violation model • Integrate with Emulab UI • Deploy on 160 TPM-enabled nodes at Utah 32

  33. Questions? ccutler@cs.utah.edu http://www.emulab.net 33

  34. Solution: Trusted Disk Loading System • If the experiment is created successfully, disk is imaged as expected • Scalable to size of testbed • Flexibility for the addition of many boot-paths • Prototype 34

  35. Guarantees • If any check fails, the experiment creation will fail • Disk is imaged as specified 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Large-scale Virtualization in the Emulab Network Testbed Mike Hibler, Robert Ricci, Leigh

Large-scale Virtualization in the Emulab Network Testbed Mike Hibler, Robert Ricci, Leigh

Large-scale Virtualization in the Emulab Network Testbed Mike Hibler, Robert Ricci, Leigh Stoller, Jonathon Duerig, Shashi Guruprasad, Tim Stack, Kirk Webb, Jay Lepreau Emulab: Network Testbed 2 Emulab: Network Testbed 2 Emulab: Network

1.06k views • 88 slides
<virtualization> Feedback-directed emulation IP address assignment Scalable

<virtualization> Feedback-directed emulation IP address assignment Scalable

Emulab: Network Testbed Large-scale Virtualization in the Emulab Network Testbed Mike Hibler, Robert Ricci, Leigh Stoller, Jonathon Duerig, Shashi Guruprasad, Tim Stack, Kirk Webb, Jay Lepreau 2 The Basic Idea: Whats Wrong? Use

298 views • 7 slides
Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah,

Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah,

Transparent Checkpoint of Closed Distributed Systems in Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah, School of Computing Emulab Public testbed for network experimentation 2 Emulab

725 views • 45 slides
Integrated Scientific Workflow Management for the Emulab Network Testbed Eric Eide Eide , Leigh

Integrated Scientific Workflow Management for the Emulab Network Testbed Eric Eide Eide , Leigh

Integrated Scientific Workflow Management for the Emulab Network Testbed Eric Eide Eide , Leigh Eric , Leigh Stoller Stoller, , Tim Stack, Juliana Freire Freire, , Tim Stack, Juliana and Jay Lepreau Lepreau and Jay University of Utah,

430 views • 17 slides
TransparentCheckpointofClosed DistributedSystemsin Emulab

TransparentCheckpointofClosed DistributedSystemsin Emulab

TransparentCheckpointofClosed DistributedSystemsin Emulab AntonBurtsev,PrashanthRadhakrishnan, MikeHibler,andJayLepreau UniversityofUtah,SchoolofCompuEng Emulab

334 views • 30 slides
Fabin E. Bustamante EECS, Northwestern U. http://aqualab.cs.northwestern.edu Research on

Fabin E. Bustamante EECS, Northwestern U. http://aqualab.cs.northwestern.edu Research on

Fabin E. Bustamante EECS, Northwestern U. http://aqualab.cs.northwestern.edu Research on networks and distributed systems Public network testbed (e.g. Emulab, ModelNet, PlanetLab , ) Public views of network topologies (e.g.

403 views • 15 slides
Why another mobile network testbed? Mobile networking growing

Why another mobile network testbed? Mobile networking growing

PhantomNet An end-to-end mobile network testbed Kobus Van der Merwe Why another mobile network testbed? Mobile networking growing traffic-wise and

271 views • 10 slides
UNINETT OpenFlow testbed UNINETT OpenFlow testbed Terena Network Architecture Workshop,

UNINETT OpenFlow testbed UNINETT OpenFlow testbed Terena Network Architecture Workshop,

UNINETT OpenFlow testbed UNINETT OpenFlow testbed Terena Network Architecture Workshop, 13-14/11-2013 Terena Network Architecture Workshop, 13-14/11-2013 Olav Kvittem, Martin Osmundsvg, Otto Wittner, Gurvinder Singh UNINETT Aryan

366 views • 7 slides
Emulators (Emulab Sucks) Friendly Environment for Evaluating Networked Systems Jonathon Duerig ,

Emulators (Emulab Sucks) Friendly Environment for Evaluating Networked Systems Jonathon Duerig ,

Flexlab: A Realistic, Controlled, and Emulators (Emulab Sucks) Friendly Environment for Evaluating Networked Systems Jonathon Duerig , Robert Ricci, Junxing Zhang, Daniel Gebhardt, Sneha Kasera, Jay Lepreau Examples: Modelnet & Emulab

422 views • 8 slides
Trusted Network Communications Architecture 2.0 Overview 20 July 2017 1 Why are we talking

Trusted Network Communications Architecture 2.0 Overview 20 July 2017 1 Why are we talking

Trusted Network Communications Architecture 2.0 Overview 20 July 2017 1 Why are we talking about this? The TCGs Trusted Network Communications Workgroup is finalizing publication of the Trusted Network Communications Architecture for

402 views • 8 slides
TCIPG Testbed Overview David M. Nicol and Tim Yardley | 1 Testbed Overview Testbed equipment

TCIPG Testbed Overview David M. Nicol and Tim Yardley | 1 Testbed Overview Testbed equipment

TCIPG Testbed Overview David M. Nicol and Tim Yardley | 1 Testbed Overview Testbed equipment and simulators span the grid system Generation Power system modeling, RTDS Transmission & Distribution Relays, Substation

309 views • 13 slides
Lecture 22: I/O, Disk Systems Todays topics: I/O overview Disk basics RAID

Lecture 22: I/O, Disk Systems Todays topics: I/O overview Disk basics RAID

Lecture 22: I/O, Disk Systems Todays topics: I/O overview Disk basics RAID Reminder: Assignment 8 due Tue 11/21 1 Input/Output CPU Cache Bus Memory Disk Network USB DVD 2 I/O Hierarchy CPU Cache Disk

891 views • 21 slides
A Testbed For Policy Closed Loop Network Management 1 Outline of the presentation In this

A Testbed For Policy Closed Loop Network Management 1 Outline of the presentation In this

A Testbed For Policy Closed Loop Network Management 1 Outline of the presentation In this presentation we will cover the following points: Paper Contribution System Architecture Network Configuration and Scenario The Policy and

178 views • 13 slides
Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen

Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen

Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown, Guru Parulkar Stanford University, Big Switch Networks, Nicira Networks Problem:

440 views • 31 slides
Network Coded Cooperation Testbed: Implementation And Performance Results DARNEC2015

Network Coded Cooperation Testbed: Implementation And Performance Results DARNEC2015

Network Coded Cooperation Testbed: Implementation And Performance Results DARNEC2015 Selahattin Gkceli ( Joint work with Semiha Tedik Baaran and Gne Karabulut Kurt ) I STANBUL T ECHNICAL U NIVERSITY D EPARTMENT OF E LECTRONICS AND C

427 views • 26 slides
Disk Management Disk Structure Disk Scheduling RAID Disk Block Management

Disk Management Disk Structure Disk Scheduling RAID Disk Block Management

CPSC 410 / 611 : Operating Systems Disk Management Disk Management Disk Structure Disk Scheduling RAID Disk Block Management Modern Secondary Storage Technologies Disk Management Disk Structure Disk Scheduling RAID

555 views • 18 slides
HOME Investment Partnerships Program Administrative Draws and Project Completion Reporting

HOME Investment Partnerships Program Administrative Draws and Project Completion Reporting

HOME Investment Partnerships Program Administrative Draws and Project Completion Reporting Administered by Because theres no place like HOME. What are Administrative Costs? Because theres no place like HOME. Administrative costs

687 views • 47 slides
TCG TPM2 Software Stack & Embedded Linux Philip Tricca philip.b.tricca@intel.com Agenda

TCG TPM2 Software Stack & Embedded Linux Philip Tricca philip.b.tricca@intel.com Agenda

TCG TPM2 Software Stack & Embedded Linux Philip Tricca philip.b.tricca@intel.com Agenda Background Security basics Terms TPM basics What it is / what it does Why this matters / specific features TPM Software Stack

480 views • 26 slides
Welcome! An Introduction to Vibrant America Clinical Labs COVID Antibody & RT-PCR Test

Welcome! An Introduction to Vibrant America Clinical Labs COVID Antibody & RT-PCR Test

9/1/20 Welcome! An Introduction to Vibrant America Clinical Labs COVID Antibody & RT-PCR Test Presented By: Your Representative: T.W. Taylor, RPh Sherleen Olson Williamsburg Drug Co. Solson@Vibrant-America.com Cell- 908-902-4563

409 views • 12 slides
G. Marcolini 1 , F. Giovanardi 1 , M. Rudan 1 , F. Buscemi 1 , E. Piccinini 1 , R. Brunetti 2 , A.

G. Marcolini 1 , F. Giovanardi 1 , M. Rudan 1 , F. Buscemi 1 , E. Piccinini 1 , R. Brunetti 2 , A.

G. Marcolini 1 , F. Giovanardi 1 , M. Rudan 1 , F. Buscemi 1 , E. Piccinini 1 , R. Brunetti 2 , A. Cappelli 2 1 Advanced Research Center on Electronic Systems (ARCES), University of Bologna, Bologna, Italy. University of Bologna 2 Physics

323 views • 18 slides
TLA + specification of PCR parallel programming pattern Work in Progress e E. Solsona 1 Sergio

TLA + specification of PCR parallel programming pattern Work in Progress e E. Solsona 1 Sergio

TLA + specification of PCR parallel programming pattern Work in Progress e E. Solsona 1 Sergio Yovine 2 Jos Universidad ORT Uruguay September 2020 1 solsona@fi365.ort.edu.uy 2 yovine@fi365.ort.edu.uy TLA + specification of PCR Jos e E.

775 views • 35 slides
TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone

TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone

TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone @uffeux Principal Consultant @ NCC Group Focus on hardware and embedded systems security Previously: 10 years product security @

1.41k views • 54 slides
STK-IN4300 Methods using Derived Input Directions Statistical Learning Methods in Data Science

STK-IN4300 Methods using Derived Input Directions Statistical Learning Methods in Data Science

STK-IN4300 - Statistical Learning Methods in Data Science Outline of the lecture Model Assessment and Selection Cross-Validation Bootstrap Methods STK-IN4300 Methods using Derived Input Directions Statistical Learning Methods in Data Science

445 views • 11 slides
COVID-19 Press Briefing June 12, 2020 CCBH Jurisdiction Cases Overview Lab-confirmed cases

COVID-19 Press Briefing June 12, 2020 CCBH Jurisdiction Cases Overview Lab-confirmed cases

COVID-19 Press Briefing June 12, 2020 CCBH Jurisdiction Cases Overview Lab-confirmed cases 3,082 Probable cases 612 Total cases 3,694 Date of illness onset February 28 June 9 Recovered cases 1441 Number

670 views • 29 slides

More recommend