Trusted disk loading in the Emulab network testbed
作者: Mike Hibler , Eric Eide , Robert Ricci , Cody Cutler
DOI:
关键词:
摘要: Network testbeds like Emulab allocate physical computers to users for the duration of an experiment. During experiment, a user has nearly unfettered access devices under his or her control. Thus, at end allocated computer can be in arbitrary state. A testbed must reclaim and ensure they are properly configured future experiments. This is particularly important security-related experiments: example, that malware cannot persist on device from one experiment another. This paper presents prototype trusted disk-loading system (TDLS) we have implemented Emulab. When allocates PC TDLS ensures if set-up succeeds, boot operating specified by user. The uses Trusted Platform Module (TPM) securely communicate with Emulab's control infrastructure attest about PC's configuration. prevents state surviving another, it impersonating another. addresses challenges providing scalable flexible service, which allows large support wide range systems research. We describe these challenges, detail our Emulab, present lessons learned its construction.
参考文章(11)
Owen S. Hofmann, Brent Waters, Alan M. Dunn, Emmett Witchel, Cloaking malware with the trusted platform module usenix security symposium. pp. 26- 26 ,(2011)
Mac G. Newbold, RELIABILITY AND STATE MACHINES IN AN ADVANCED NETWORK TESTBED ,(2004)
Jay Lepreau, Mike Hibler, Leigh Stoller, Robert Ricci, Chad Barb, Fast, Scalable Disk Imaging with Frisbee. usenix annual technical conference. pp. 283- 296 ,(2003)
Robert Ricci, Jonathon Duerig, Securing the Frisbee multicast disk loader usenix security symposium. pp. 3- ,(2008)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Bernhard Kauer, OSLO: improving the security of trusted computing usenix security symposium. pp. 16- ,(2007)
Brian White, Jay Lepreau, Leigh Stoller, Robert Ricci, Shashi Guruprasad, Mac Newbold, Mike Hibler, Chad Barb, Abhijeet Joglekar, An integrated experimental environment for distributed systems and networks ACM SIGOPS Operating Systems Review. ,vol. 36, pp. 255- 270 ,(2002) , 10.1145/844128.844152
Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig, SecVisor Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles - SOSP '07. ,vol. 41, pp. 335- 350 ,(2007) , 10.1145/1294261.1294294
Kevin R.B. Butler, Stephen McLaughlin, Patrick D. McDaniel, Rootkit-resistant disks Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 403- 416 ,(2008) , 10.1145/1455770.1455821
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh, Terra: a virtual machine-based platform for trusted computing symposium on operating systems principles. ,vol. 37, pp. 193- 206 ,(2003) , 10.1145/1165389.945464