Download - Virtual Trusted Domain
![Page 1: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/1.jpg)
VIRTUAL TRUSTED DOMAIN
Garrett DrownTianyi Xing
Group #4
CSE548 – Advanced Computer Network Security
![Page 2: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/2.jpg)
Virtual Trusted Domains
What are Virtual Trusted Domains?
A virtual trusted domain (VTD) is a collection of virtual machines, regardless of physical boundaries, that trust one another and share the same security policy.
![Page 3: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/3.jpg)
Project Goal Create and manage virtual trusted
domains for virtual machines through the use of a NetFPGA.
Provide the virtual machines with reliable, secure, and fast connections to others in their virtual trusted domain.
![Page 4: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/4.jpg)
What is NetFPGA? Low-cost platform, primarily designed as
a tool for teaching networking hardware and router design
![Page 5: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/5.jpg)
NetFPGA Features PCI card containing a large Xilinx FPGA 4 Gigabit Ethernet ports Double-date Rate(DDR2) Dynamic
RAM(DRAM) Reprogrammable CPCI bus NetFPGA packages(NFPs) containing
source code(both for hard/software)
![Page 6: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/6.jpg)
Major Component of NetFPGA
![Page 7: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/7.jpg)
So it’s characteristics are…
Line-RateProcesses back-to-back packets
○ Without dropping packets○ At full rate of Gigabit Ethernet Links
Operating on packet headers○ For switching, routing, and firewall rules
And packet payloads○ For content processing and intrusion prevention
![Page 8: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/8.jpg)
So it’s characteristics are…
Open-source hardwareSimilar to open-source software
○ Full source code available○ BSD-style License But harder, because:○ Hardware modules must meet timing○ Verilog& VHDL components have more complex
interfaces○ Hardware designers need high confidence in
specification of modules
![Page 9: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/9.jpg)
Preliminary Setup
PC
PING
OpenFlowprotocol
NetFPGAController
controllerofprotocolopenflow_switch.bit
ofdatapath.koofdatapath_netfpga.ko
UserspaceKernel / Hardware
192.168.1.1
192.168.2.1
![Page 10: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/10.jpg)
Group Project Description
Tasks: Research how to program NetFPGAs. Research and design an implementation for
Virtual Trusted Domains on a NetFPGA. Research Path Splicing, which implements similar
features that we would like to use in our project. Create/find/edit a program to manage Virtual
Trusted Domains by way of a NetFPGA. Deploy the program and setup a test-bed on a
NetFPGA. Test, debug, and troubleshoot.
![Page 11: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/11.jpg)
Group Project DescriptionTasks (distribution among team members): Research how to program NetFPGAs.
Garrett, 50% Tianyi, 50%
Research and design an implementation for Virtual Trusted Domains on a NetFPGA.
Garrett, 50% Tianyi, 50%
Research Path Splicing, which implements similar features that we would like to use in our project.
Garrett, 50% Tianyi, 50%
![Page 12: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/12.jpg)
Group Project Description
Tasks (distribution among team members): Create/find/edit a program to manage Virtual
Trusted Domains by way of a NetFPGA. Garrett, 50% Tianyi, 50%
Deploy the program and setup a test-bed on a NetFPGA. Test, debug, and troubleshoot.
Garrett, 50% Tianyi, 50%
![Page 13: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/13.jpg)
Technical DetailsSoftware & Hardware Used:
![Page 14: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/14.jpg)
Technical DetailsNetwork Topology & Requirements
NetFPGA
Computer
Windows(OS)
App . . .Application Application. . .
Controller
OpenFlow Switches
App
![Page 15: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/15.jpg)
Experiments we would like to do
Network security Mobility management Network-wide energy management New naming/addressing schemes Network access control
![Page 16: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/16.jpg)
But, Unfortunately… Commercial vendor won’t open software
and hardware development environmentComplexity of supportMarket protection and barrier to entry
Hard to build your ownPrototypes are flakeySoftware only: too slowHardware/software: Fan-out too small
![Page 17: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/17.jpg)
What we want is …
![Page 18: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/18.jpg)
OpenFlow Basics
![Page 19: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/19.jpg)
Novel Idea
![Page 20: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/20.jpg)
OpenFlow Switching
Controller
![Page 21: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/21.jpg)
OpenFlow Example
Controller
![Page 22: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/22.jpg)
Flow Table Entry
![Page 23: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/23.jpg)
Technical DetailsRoadmap of project: By midterm:
Research how to program NetFPGAs. Research and design an implementation for Virtual Trusted Domains on a
NetFPGA. Research Path Splicing, which implements similar features that we would
like to use in our project. Begin coding our program to create and manage Virtual Trusted Domains
on a NetFPGA Set up a similar solution(if there is…) for VTDs as a basis for our future
work. By final:
Modify the existing solution which can or potentially can implement the VTD.
Deploy the program and setup a test-bed on a NetFPGA. Tested and debugged. Final documents completed.
![Page 24: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/24.jpg)
Risks and Benefits Novel Aspects of this Project
Establish virtual trusted domain for virtual machines in a cloud system.
Provide fast access to other virtual machines in a secure manner.
Divide bandwidth into multiple pieces based on the different requirements (like security level).
Risks and Challenges May not be possible to find an existing similar solution that
we can work from. Potential Applications and Benefits
Virtual trusted –based network/VM management system.
![Page 25: Virtual Trusted Domain](https://reader035.vdocuments.site/reader035/viewer/2022062501/56816295550346895dd30bc1/html5/thumbnails/25.jpg)
Questions?