The entropia virtual machine for desktop grids brad calder andrew a chien ju wang don yang vee 2005
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

The Entropia Virtual Machine for Desktop Grids Brad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005 PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on
  • Presentation posted in: General

The Entropia Virtual Machine for Desktop Grids Brad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005. Raju Kumar CS598C: Virtual Machines. Introduction. Desktop Grids Entropia Desktop Distributed Computing Grid (DCGrid) VMs for protection How was protection provided earlier ?.

Download Presentation

The Entropia Virtual Machine for Desktop Grids Brad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The entropia virtual machine for desktop grids brad calder andrew a chien ju wang don yang vee 2005

The Entropia Virtual Machine for Desktop GridsBrad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005

Raju Kumar

CS598C: Virtual Machines


Introduction

Introduction

  • Desktop Grids

    • Entropia Desktop Distributed Computing Grid (DCGrid)

  • VMs for protection

    • How was protection provided earlier ?


Overview

Overview

  • DCGrid

  • Goals

  • Entropia VM

  • Results

  • Conclusion


Dcgrid overview

DCGrid Overview


Dcgrid details

DCGrid Details

  • Physical Node Management

    • Resource and Application management

  • Resource Scheduling

    • Scheduling subjobs

  • Job Management

    • Decomposes job into subjobs, deploys subjobs and accumulates results

  • Entropia VM


Entropia vm requirements

Entropia VM Requirements

  • Desktop security

  • Clean execution environment

  • Unobtrusiveness

  • Application security


Entropia vm components

Entropia VM Components


Entropia vm components contd

Entropia VM Components Contd…

  • Desktop Controller

    • Provides unobtrusiveness

  • Sandbox Execution Layer

    • Provides all features including unobtrusiveness


Wrapping application

Wrapping Application

  • Wrapped inside EVM using binary modification

  • Wrapped interpreters – cmd.exe, Perl, JVM

  • vm.dll as first entry in import table

  • vm.dll’s main() dynamically modifies loaded binaries and required dlls to intercept system calls


Validating binaries

Validating Binaries

  • Checksum of each binary file

    • Whether sandboxed

    • Integrity

  • Configuration file - Checksums for all binaries

    • Encrypted and transferred to EVM

    • Encryption Key – securely communicated

  • CreateProcess for code in a new binary file

    • Check if registered in configuration file

    • Verify checksum


Desktop control

Desktop Control

  • EVM monitors subjob usage of key resources

  • If subjob uses excess resources, subjob’s processes paused or terminated – Acceptable ?

  • Unobtrusiveness –

    • Sandbox Execution Layer – resource usage restriction per process

    • Desktop Controller – resource usage restriction per subjob

  • Processes may belong to EVM or subjob

    • Separate resource control using VM Portal


Evm portal thread

EVM Portal Thread

  • Invisible Portal thread per Sandboxed application

  • Sandboxed application unaware of Portal thread

    • Thread listing does not show Portal thread

    • Terminating Portal thread not allowed by virtualizing relevant system calls

  • Heart-beat maintained between Portal thread and Desktop Controller

  • Loss of heart-beat – Portal thread kills the sandboxed application

    • When is heart-beat lost ?

  • One Portal thread for each process

    • Terminate

    • Pause

    • Resume

  • On being paused, process memory paged to disk – security issues ?


Enforcing resource limits

Enforcing Resource Limits

  • If desktop usage is high, Desktop Controller pauses subjob (via Portal thread) – all or nothing solution

  • If pausing does not decrease usage, terminate – is this correct ?

  • Different levels of unobtrusiveness

    • Highest level – pause on mouse movement, keyboard-memory-disk I/O-CPU usage of non-Entropia processes – Background processes in Windows ? Distinction between user and system processes in Windows ?

    • Lowest level – ignore keyboard and mouse usage

      • Subjobs can run between keystrokes

    • Subjob threads are run at lowest priorities


Paging issues

Paging Issues

  • Subjob requirements

    • Specified by user

    • Specified by administrator (a typical value)

  • Resource Scheduler schedules subjob on a client with sufficient resources

  • Excessive Paging implications

    • Active user

    • Incorrect value of subjob requirement provided/estimated

  • Enforcing Resource Limitation

    • Pause/terminate subjob

    • Mentions excessive memory usage as well – is it correct ?

  • Examples

    • Tracing code – Excessive disk usage

    • Erroneous process – Excessive threads


Resource problems

Resource Problems

  • Failure reported to

    • Resource Scheduler

    • DCGrid Administrator

    • Job Manager

  • Categorization

    • Desktop Resource Contention

    • Client Black Hole

    • Malformed subjob


Sandbox execution layer

Sandbox Execution Layer

  • Goal

    • Control subjob’s interaction with OS

    • Virtualize some OS components

  • Subjob’s access to all important system APIs is mediated


Os interception layer

OS Interception Layer

  • Device Driver – intercepts hardware access

  • Binary modification – virtualize some APIs

  • Sandbox Layer is a VMM


Device driver mediation

Device Driver Mediation

  • Device Driver Mediation

    • Provides Desktop Security feature

    • Mediated interfaces cannot be bypassed

    • Global mediation overhead

      • Hence mediates only interfaces with resource access

  • Dynamic Binary Modification

    • Trampoline approach


Design decisions

Design Decisions

  • Self-modifying code not allowed

    • JIT code for JVM allowed

  • Virtualized components

    • Files

    • Registry

    • GUI

    • Network

    • Threads and Processes


Application security

Application Security

  • Desktop user does not have administrator privileges

  • Subjob runs in a separate user space

  • Device driver provides complete user-space isolation

  • File encryption

  • Tampering detection


Results

Results


Results1

Results


Related work

Related Work

  • Existing desktop grid solutions

    • Require changes to code or well-behaved assumptions

  • Classic VMs

    • Obtrusive

  • JVM and .NET/MSIL based grids

    • Obtrusive, not comprehensive

  • VMs for desktop grids

    • Obtrusive, heavy

  • VMs with resource control

    • Assume closed system


Conclusion

Conclusion

  • EVM provides

    • Desktop security

    • Clean execution environment

    • Unobtrusiveness

    • Application security


The entropia virtual machine for desktop grids brad calder andrew a chien ju wang don yang vee 2005

Thanks !!


  • Login