1 / 28

Virtual Container Attestation: Customized trusted containers for on-demand computing.

Virtual Container Attestation: Customized trusted containers for on-demand computing. Katelin Bailey Senior Thesis 2010 Dartmouth College Department of Computer Science. Where are we going? Introduction The Problem of Trusted Computing Tools: OpenSolaris, TPM, DTrace

quinlan-shepherd
Download Presentation

Virtual Container Attestation: Customized trusted containers for on-demand computing.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Container Attestation: Customized trusted containers for on-demand computing. • Katelin Bailey • Senior Thesis 2010 • Dartmouth College • Department of Computer Science

  2. Where are we going? • Introduction • The Problem of Trusted Computing • Tools: OpenSolaris, TPM, DTrace • Design & Implementation • Motivation for the Testing Applications • Testing Applications. • Results & Conclusions

  3. The Problem of Trusted Computing • Why do we need to trust computers? • How can we develop that trust?

  4. Previous Approaches • Attestation • Property-based attestation • Compartmented attestation • Virtualization • Trusted Computing on Demand

  5. Tools used in the implementation...

  6. OpenSolaris • Zones (containers) • DTrace • Open-source

  7. Zones • OS-level virtualization is lightweight • Global zone’s window into the containers • Zone cloning • Easy configuration • More complete virtualization, not just process isolation

  8. TPM • Cryptographic Capabilities • Platform Control Registers • Trusted Root • Trusted Boot • In relation to Trusted Computing

  9. Virtual Container AttestationThe Goals • Uses client-requested containers • Interface to local and remote machines • Remain usable to client applications • Employs property-attributed certificates • Monitors attributes of each container • Halts zones which do not comply • Ensures that revoked zones remain inactive

  10. In summary... • Flexibility of policy • Containers on demand • Isolation • Policy enforcement • Simple property attestation

  11. Open source software as the basis for the testing applications Unfortunately, we had to create our own...

  12. Power Grid Software • Input comes from device measurements • Format the incoming data • Process in any (possibly multiple) way • Export for large-scale processing • Format/prepare the outgoing data

  13. Hurdles • Zone startup times • TSS stack

  14. Future Work • Fix the hurdles! • Varied revocation scheme • Additional security checks • Negotiation of security • Better zone communication

  15. Conclusions

  16. Thank you!

More Related