250 likes | 363 Views
Garrett Drown Tianyi Xing Group #4. Virtual Trusted Domain. CSE548 – Advanced Computer Network Security. Virtual Trusted Domains. What are Virtual Trusted Domains?
E N D
Garrett Drown Tianyi Xing Group #4 Virtual Trusted Domain CSE548 – Advanced Computer Network Security
Virtual Trusted Domains What are Virtual Trusted Domains? A virtual trusted domain (VTD) is a collection of virtual machines, regardless of physical boundaries, that trust one another and share the same security policy.
Project Goal • Create and manage virtual trusted domains for virtual machines through the use of a NetFPGA. • Provide the virtual machines with reliable, secure, and fast connections to others in their virtual trusted domain.
What is NetFPGA? • Low-cost platform, primarily designed as a tool for teaching networking hardware and router design
NetFPGA Features • PCI card containing a large Xilinx FPGA • 4 Gigabit Ethernet ports • Double-date Rate(DDR2) Dynamic RAM(DRAM) • Reprogrammable CPCI bus • NetFPGApackages(NFPs) containing source code(both for hard/software)
So it’s characteristics are… • Line-Rate • Processes back-to-back packets • Without dropping packets • At full rate of Gigabit Ethernet Links • Operating on packet headers • For switching, routing, and firewall rules • And packet payloads • For content processing and intrusion prevention
So it’s characteristics are… • Open-source hardware • Similar to open-source software • Full source code available • BSD-style License But harder, because: • Hardware modules must meet timing • Verilog& VHDL components have more complex interfaces • Hardware designers need high confidence in specification of modules
Preliminary Setup PING PC 192.168.1.1 NetFPGA Controller OpenFlow protocol openflow_switch.bit ofdatapath.ko ofdatapath_netfpga.ko controller ofprotocol 192.168.2.1 Kernel / Hardware Userspace
Group Project Description Tasks: • Research how to program NetFPGAs. • Research and design an implementation for Virtual Trusted Domains on a NetFPGA. • Research Path Splicing, which implements similar features that we would like to use in our project. • Create/find/edit a program to manage Virtual Trusted Domains by way of a NetFPGA. • Deploy the program and setup a test-bed on a NetFPGA. • Test, debug, and troubleshoot.
Group Project Description Tasks (distribution among team members): • Research how to program NetFPGAs. • Garrett, 50% • Tianyi, 50% • Research and design an implementation for Virtual Trusted Domains on a NetFPGA. • Garrett, 50% • Tianyi, 50% • Research Path Splicing, which implements similar features that we would like to use in our project. • Garrett, 50% • Tianyi, 50%
Group Project Description Tasks (distribution among team members): • Create/find/edit a program to manage Virtual Trusted Domains by way of a NetFPGA. • Garrett, 50% • Tianyi, 50% • Deploy the program and setup a test-bed on a NetFPGA. • Test, debug, and troubleshoot. • Garrett, 50% • Tianyi, 50%
Technical Details Software & Hardware Used:
Technical Details Network Topology & Requirements . . . Application Application . . . App App Controller Windows (OS) OpenFlowSwitches Computer NetFPGA
Experiments we would like to do • Network security • Mobility management • Network-wide energy management • New naming/addressing schemes • Network access control
But, Unfortunately… • Commercial vendor won’t open software and hardware development environment • Complexity of support • Market protection and barrier to entry • Hard to build your own • Prototypes are flakey • Software only: too slow • Hardware/software: Fan-out too small
OpenFlow Switching Controller
OpenFlow Example Controller
Technical Details Roadmap of project: • By midterm: • Research how to program NetFPGAs. • Research and design an implementation for Virtual Trusted Domains on a NetFPGA. • Research Path Splicing, which implements similar features that we would like to use in our project. • Begin coding our program to create and manage Virtual Trusted Domains on a NetFPGA • Set up a similar solution(if there is…) for VTDs as a basis for our future work. • By final: • Modify the existing solution which can or potentially can implement the VTD. • Deploy the program and setup a test-bed on a NetFPGA. • Tested and debugged. • Final documents completed.
Risks and Benefits • Novel Aspects of this Project • Establish virtual trusted domain for virtual machines in a cloud system. • Provide fast access to other virtual machines in a secure manner. • Divide bandwidth into multiple pieces based on the different requirements (like security level). • Risks and Challenges • May not be possible to find an existing similar solution that we can work from. • Potential Applications and Benefits • Virtual trusted –based network/VM management system.