virtual trusted domain

VIRTUAL TRUSTED DOMAIN

Garrett DrownTianyi Xing

Group #4

CSE548 – Advanced Computer Network Security

Virtual Trusted Domains

What are Virtual Trusted Domains?

A virtual trusted domain (VTD) is a collection of virtual machines, regardless of physical boundaries, that trust one another and share the same security policy.

Project Goal Create and manage virtual trusted

domains for virtual machines through the use of a NetFPGA.

Provide the virtual machines with reliable, secure, and fast connections to others in their virtual trusted domain.

What is NetFPGA? Low-cost platform, primarily designed as

a tool for teaching networking hardware and router design

NetFPGA Features PCI card containing a large Xilinx FPGA 4 Gigabit Ethernet ports Double-date Rate(DDR2) Dynamic

RAM(DRAM) Reprogrammable CPCI bus NetFPGA packages(NFPs) containing

source code(both for hard/software)

Major Component of NetFPGA

So it’s characteristics are…

Line-RateProcesses back-to-back packets

○ Without dropping packets○ At full rate of Gigabit Ethernet Links

Operating on packet headers○ For switching, routing, and firewall rules

And packet payloads○ For content processing and intrusion prevention

So it’s characteristics are…

Open-source hardwareSimilar to open-source software

○ Full source code available○ BSD-style License But harder, because:○ Hardware modules must meet timing○ Verilog& VHDL components have more complex

interfaces○ Hardware designers need high confidence in

specification of modules

Preliminary Setup

PC

PING

OpenFlowprotocol

NetFPGAController

controllerofprotocolopenflow_switch.bit

ofdatapath.koofdatapath_netfpga.ko

UserspaceKernel / Hardware

192.168.1.1

192.168.2.1

Group Project Description

Tasks: Research how to program NetFPGAs. Research and design an implementation for

Virtual Trusted Domains on a NetFPGA. Research Path Splicing, which implements similar

features that we would like to use in our project. Create/find/edit a program to manage Virtual

Trusted Domains by way of a NetFPGA. Deploy the program and setup a test-bed on a

NetFPGA. Test, debug, and troubleshoot.

Group Project DescriptionTasks (distribution among team members): Research how to program NetFPGAs.

Garrett, 50% Tianyi, 50%

Research and design an implementation for Virtual Trusted Domains on a NetFPGA.

Garrett, 50% Tianyi, 50%

Research Path Splicing, which implements similar features that we would like to use in our project.

Garrett, 50% Tianyi, 50%

Group Project Description

Tasks (distribution among team members): Create/find/edit a program to manage Virtual

Trusted Domains by way of a NetFPGA. Garrett, 50% Tianyi, 50%

Deploy the program and setup a test-bed on a NetFPGA. Test, debug, and troubleshoot.

Garrett, 50% Tianyi, 50%

Technical DetailsSoftware & Hardware Used:

Technical DetailsNetwork Topology & Requirements

NetFPGA

Computer

Windows(OS)

App . . .Application Application. . .

Controller

OpenFlow Switches

App

Experiments we would like to do

Network security Mobility management Network-wide energy management New naming/addressing schemes Network access control

But, Unfortunately… Commercial vendor won’t open software

and hardware development environmentComplexity of supportMarket protection and barrier to entry

Hard to build your ownPrototypes are flakeySoftware only: too slowHardware/software: Fan-out too small

What we want is …

OpenFlow Basics

Novel Idea

OpenFlow Switching

Controller

OpenFlow Example

Controller

Flow Table Entry

Technical DetailsRoadmap of project: By midterm:

Research how to program NetFPGAs. Research and design an implementation for Virtual Trusted Domains on a

NetFPGA. Research Path Splicing, which implements similar features that we would

like to use in our project. Begin coding our program to create and manage Virtual Trusted Domains

on a NetFPGA Set up a similar solution(if there is…) for VTDs as a basis for our future

work. By final:

Modify the existing solution which can or potentially can implement the VTD.

Deploy the program and setup a test-bed on a NetFPGA. Tested and debugged. Final documents completed.

Risks and Benefits Novel Aspects of this Project

Establish virtual trusted domain for virtual machines in a cloud system.

Provide fast access to other virtual machines in a secure manner.

Divide bandwidth into multiple pieces based on the different requirements (like security level).

Risks and Challenges May not be possible to find an existing similar solution that

we can work from. Potential Applications and Benefits

Virtual trusted –based network/VM management system.

Questions?