1 / 25

Virtual Trusted Domain

Garrett Drown Tianyi Xing Group #4. Virtual Trusted Domain. CSE548 – Advanced Computer Network Security. Virtual Trusted Domains. What are Virtual Trusted Domains?

beryl
Download Presentation

Virtual Trusted Domain

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Garrett Drown Tianyi Xing Group #4 Virtual Trusted Domain CSE548 – Advanced Computer Network Security

  2. Virtual Trusted Domains What are Virtual Trusted Domains? A virtual trusted domain (VTD) is a collection of virtual machines, regardless of physical boundaries, that trust one another and share the same security policy.

  3. Project Goal • Create and manage virtual trusted domains for virtual machines through the use of a NetFPGA. • Provide the virtual machines with reliable, secure, and fast connections to others in their virtual trusted domain.

  4. What is NetFPGA? • Low-cost platform, primarily designed as a tool for teaching networking hardware and router design

  5. NetFPGA Features • PCI card containing a large Xilinx FPGA • 4 Gigabit Ethernet ports • Double-date Rate(DDR2) Dynamic RAM(DRAM) • Reprogrammable CPCI bus • NetFPGApackages(NFPs) containing source code(both for hard/software)

  6. Major Component of NetFPGA

  7. So it’s characteristics are… • Line-Rate • Processes back-to-back packets • Without dropping packets • At full rate of Gigabit Ethernet Links • Operating on packet headers • For switching, routing, and firewall rules • And packet payloads • For content processing and intrusion prevention

  8. So it’s characteristics are… • Open-source hardware • Similar to open-source software • Full source code available • BSD-style License But harder, because: • Hardware modules must meet timing • Verilog& VHDL components have more complex interfaces • Hardware designers need high confidence in specification of modules

  9. Preliminary Setup PING PC 192.168.1.1 NetFPGA Controller OpenFlow protocol openflow_switch.bit ofdatapath.ko ofdatapath_netfpga.ko controller ofprotocol 192.168.2.1 Kernel / Hardware Userspace

  10. Group Project Description Tasks: • Research how to program NetFPGAs. • Research and design an implementation for Virtual Trusted Domains on a NetFPGA. • Research Path Splicing, which implements similar features that we would like to use in our project. • Create/find/edit a program to manage Virtual Trusted Domains by way of a NetFPGA. • Deploy the program and setup a test-bed on a NetFPGA. • Test, debug, and troubleshoot.

  11. Group Project Description Tasks (distribution among team members): • Research how to program NetFPGAs. • Garrett, 50% • Tianyi, 50% • Research and design an implementation for Virtual Trusted Domains on a NetFPGA. • Garrett, 50% • Tianyi, 50% • Research Path Splicing, which implements similar features that we would like to use in our project. • Garrett, 50% • Tianyi, 50%

  12. Group Project Description Tasks (distribution among team members): • Create/find/edit a program to manage Virtual Trusted Domains by way of a NetFPGA. • Garrett, 50% • Tianyi, 50% • Deploy the program and setup a test-bed on a NetFPGA. • Test, debug, and troubleshoot. • Garrett, 50% • Tianyi, 50%

  13. Technical Details Software & Hardware Used:

  14. Technical Details Network Topology & Requirements . . . Application Application . . . App App Controller Windows (OS) OpenFlowSwitches Computer NetFPGA

  15. Experiments we would like to do • Network security • Mobility management • Network-wide energy management • New naming/addressing schemes • Network access control

  16. But, Unfortunately… • Commercial vendor won’t open software and hardware development environment • Complexity of support • Market protection and barrier to entry • Hard to build your own • Prototypes are flakey • Software only: too slow • Hardware/software: Fan-out too small

  17. What we want is …

  18. OpenFlowBasics

  19. Novel Idea

  20. OpenFlow Switching Controller

  21. OpenFlow Example Controller

  22. Flow Table Entry

  23. Technical Details Roadmap of project: • By midterm: • Research how to program NetFPGAs. • Research and design an implementation for Virtual Trusted Domains on a NetFPGA. • Research Path Splicing, which implements similar features that we would like to use in our project. • Begin coding our program to create and manage Virtual Trusted Domains on a NetFPGA • Set up a similar solution(if there is…) for VTDs as a basis for our future work. • By final: • Modify the existing solution which can or potentially can implement the VTD. • Deploy the program and setup a test-bed on a NetFPGA. • Tested and debugged. • Final documents completed.

  24. Risks and Benefits • Novel Aspects of this Project • Establish virtual trusted domain for virtual machines in a cloud system. • Provide fast access to other virtual machines in a secure manner. • Divide bandwidth into multiple pieces based on the different requirements (like security level). • Risks and Challenges • May not be possible to find an existing similar solution that we can work from. • Potential Applications and Benefits • Virtual trusted –based network/VM management system.

  25. Questions?

More Related