virtual trusted domain
DESCRIPTION
Garrett Drown Tianyi Xing Group #4. Virtual Trusted Domain. CSE548 – Advanced Computer Network Security. Virtual Trusted Domains. What are Virtual Trusted Domains? - PowerPoint PPT PresentationTRANSCRIPT
VIRTUAL TRUSTED DOMAIN
Garrett DrownTianyi Xing
Group #4
CSE548 – Advanced Computer Network Security
Virtual Trusted Domains
What are Virtual Trusted Domains?
A virtual trusted domain (VTD) is a collection of virtual machines, regardless of physical boundaries, that trust one another and share the same security policy.
Project Goal Create and manage virtual trusted
domains for virtual machines through the use of a NetFPGA.
Provide the virtual machines with reliable, secure, and fast connections to others in their virtual trusted domain.
What is NetFPGA? Low-cost platform, primarily designed as
a tool for teaching networking hardware and router design
NetFPGA Features PCI card containing a large Xilinx FPGA 4 Gigabit Ethernet ports Double-date Rate(DDR2) Dynamic
RAM(DRAM) Reprogrammable CPCI bus NetFPGA packages(NFPs) containing
source code(both for hard/software)
Major Component of NetFPGA
So it’s characteristics are…
Line-RateProcesses back-to-back packets
○ Without dropping packets○ At full rate of Gigabit Ethernet Links
Operating on packet headers○ For switching, routing, and firewall rules
And packet payloads○ For content processing and intrusion prevention
So it’s characteristics are…
Open-source hardwareSimilar to open-source software
○ Full source code available○ BSD-style License But harder, because:○ Hardware modules must meet timing○ Verilog& VHDL components have more complex
interfaces○ Hardware designers need high confidence in
specification of modules
Preliminary Setup
PC
PING
OpenFlowprotocol
NetFPGAController
controllerofprotocolopenflow_switch.bit
ofdatapath.koofdatapath_netfpga.ko
UserspaceKernel / Hardware
192.168.1.1
192.168.2.1
Group Project Description
Tasks: Research how to program NetFPGAs. Research and design an implementation for
Virtual Trusted Domains on a NetFPGA. Research Path Splicing, which implements similar
features that we would like to use in our project. Create/find/edit a program to manage Virtual
Trusted Domains by way of a NetFPGA. Deploy the program and setup a test-bed on a
NetFPGA. Test, debug, and troubleshoot.
Group Project DescriptionTasks (distribution among team members): Research how to program NetFPGAs.
Garrett, 50% Tianyi, 50%
Research and design an implementation for Virtual Trusted Domains on a NetFPGA.
Garrett, 50% Tianyi, 50%
Research Path Splicing, which implements similar features that we would like to use in our project.
Garrett, 50% Tianyi, 50%
Group Project Description
Tasks (distribution among team members): Create/find/edit a program to manage Virtual
Trusted Domains by way of a NetFPGA. Garrett, 50% Tianyi, 50%
Deploy the program and setup a test-bed on a NetFPGA. Test, debug, and troubleshoot.
Garrett, 50% Tianyi, 50%
Technical DetailsSoftware & Hardware Used:
Technical DetailsNetwork Topology & Requirements
NetFPGA
Computer
Windows(OS)
App . . .Application Application. . .
Controller
OpenFlow Switches
App
Experiments we would like to do
Network security Mobility management Network-wide energy management New naming/addressing schemes Network access control
But, Unfortunately… Commercial vendor won’t open software
and hardware development environmentComplexity of supportMarket protection and barrier to entry
Hard to build your ownPrototypes are flakeySoftware only: too slowHardware/software: Fan-out too small
What we want is …
OpenFlow Basics
Novel Idea
OpenFlow Switching
Controller
OpenFlow Example
Controller
Flow Table Entry
Technical DetailsRoadmap of project: By midterm:
Research how to program NetFPGAs. Research and design an implementation for Virtual Trusted Domains on a
NetFPGA. Research Path Splicing, which implements similar features that we would
like to use in our project. Begin coding our program to create and manage Virtual Trusted Domains
on a NetFPGA Set up a similar solution(if there is…) for VTDs as a basis for our future
work. By final:
Modify the existing solution which can or potentially can implement the VTD.
Deploy the program and setup a test-bed on a NetFPGA. Tested and debugged. Final documents completed.
Risks and Benefits Novel Aspects of this Project
Establish virtual trusted domain for virtual machines in a cloud system.
Provide fast access to other virtual machines in a secure manner.
Divide bandwidth into multiple pieces based on the different requirements (like security level).
Risks and Challenges May not be possible to find an existing similar solution that
we can work from. Potential Applications and Benefits
Virtual trusted –based network/VM management system.
Questions?