- PowerPoint PPT Presentation

About This Presentation
Title:

Description:

Example: monitor proxy server behavior and adjust overlay accordingly ... Content Caching by Proxies. Need for Trusted Passage. Simple Trusted Passage: ... – PowerPoint PPT presentation

Number of Views:93
Avg rating:3.0/5.0
Slides: 13
Provided by: sanjay3
Learn more at: https://www.csm.ornl.gov
Category:
Tags: proxies

less

Transcript and Presenter's Notes

Title:


1
Trusted Passages Meeting Trust Needs of
Distributed Applications
  • Mustaque Ahamad, Greg Eisenhauer, Jiantao Kong,
    Wenke Lee, Bryan Payne and Karsten Schwan
  • Georgia Tech Information Security Center Center
    for Experimental Computer Systems
  • Georgia Institute of Technology
  • Funded by grants from NSF and Intel.

2
Application Characteristics NeedsExample
3-tier Web Services
  • Challenges
  • Execution with distributed set of resources
  • Information creation, flow, transformation,
    caching, and access
  • End user services with well-defined properties
  • Timely information transport and processing
    responsiveness despite external threats/attacks
    valid outcomes and results
  • Need for online management
  • Continuous monitoring and trust assessment
  • Runtime reorganization to maintain high levels of
    trust

3
Trusted Passages Approach
  • Create and manage distributed information
    processing overlays
  • Example sets of proxy servers connecting
    clients with servers
  • Actively manage the overlays to provide online
    trust guarantees
  • Example monitor proxy server behavior and adjust
    overlay accordingly

4
Approach Example (refined)Content Caching by
Proxies
Simple Trusted Passage Data caching with web
proxies need for a trusted passage Client lt--gt
Proxy lt--gt Server
Client
Server
Proxy
5
Trusted Passages on Virtualized Platforms
General Concept
Overlay node1
Overlay node2
Service VM
Guest VM1
Guest VM2
Service VM
Guest VM1
Guest VM2
Trust Controller
Trust Controller
App.
App.
Host1
Host2
BE
FE
FE
BE
FE
FE
Hypervisor
Hypervisor
network
NIC
NIC
network
network
Trusted passage
6
Trusted Passages on Virtualized Platforms
Example Proxy
7
Trusted Passages - Summary of Concept
  • Trusted computing base (hypervisor)
  • Hardware support for isolation and safety (VT
    technologies)
  • Sophisticated monitoring and detection models and
    tools
  • Isolated trust controllers
  • Exploiting front end/back end device interactions
    to eliminate need to instrument Guest OSs
  • Trusted passages uses emerging technologies to
    provide new functionality to end users

8
Trust Modeling and Management
  • Trusted node is one that meets application needs
  • Delivers desired performance levels
  • Properly processes and handles information
  • Probably not compromised
  • Better trusted nodes should be selected to
    support a Trusted Passage
  • Management example use redundant processing and
    communication paths to attain higher overall
    levels of trust

9
Dynamic Trust Evolution
  • Trust Controller (TC) monitors actions of a VM
    participating in a Trusted Passage
  • Chosen measurements of VM code and data
  • Logging of externally observed actions (e.g.,
    virtualized device access via Service VM)
  • Trust Controllers compare their measurements for
    replicated activity
  • Incorrect results or incorrect operations degrade
    trust in node, whereas correct operations
    increase trust level
  • Experiment with methods like trust incentives

10
Platform-level Online Monitoring and Introspection
  • Alternative techniques for monitoring guest OS
    activity
  • Intercept system activity (e.g., devices vs.
    using hardware like performance counters)
  • Dynamic integrity checking (e.g., use OS
    knowledge to capture and compare key structures
    jump tables)
  • Other methods (e.g., middleware instrumentation)
  • Evaluate performance impact of monitoring
  • Assistance from platform monitoring services?
  • Experiment with trust violations

11
Future Platforms and Services for Trusted Passages
  • Multi-gt Many-Core
  • Trusted Passages Using VMs
  • Specialized VMs performance impact of using
    trust controllers
  • Management VMs trust controller actions on
    single machines and interactions across multiple
    machines
  • Monitoring VMs costs of dynamic trust
    assessment, introspection,
  • Future Platform Services
  • For Trusted Passages
  • TrustBus system mechanisms for hardware support
    for efficient monitoring and management, for
    on-chip VM-VM interactions, for cross-platform
    interactions
  • Adaptive Scheduling for guest VMs vs. Trust
    Controllers (TC), in response to threats
  • Isolation Isolating TC-TC from VM-VM
    interactions for improved survivability

12
Summary
  • Trusted Passages new functionality relevant to
    large class of applications
  • Information stream processing (multimedia, event
    based systems e.g., business activity
    monitoring, caching services with proxies, )
  • Exploits new technologies (virtualization,
    multi-core, hardware performance counters)
  • Research Contributions
  • Useful trust models and dynamic trust evolution
  • Platform level monitoring and introspection
    techniques
  • Provides insights for potential new services for
    multi-core platforms
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!