PlanetLab is a globally distributed network of hosts designed to support the deployment and evaluation of planetary scale applications. Support for planetary applications development poses several security challenges to the team maintaining PlanetLab. The planetary nature of PlanetLab mandates nodes distributed across the globe, far from the physical control of the team. The application development requirements force every user to have access to the equivalent of root on each machine, and use of firewalls is discouraged. If an account is compromised, PlanetLab administrators needed a way to track the actions of users on the nodes. If an entire node is compromised, then the administrators need a way to regain control despite the lack of physical access. Encryption was built into PlanetLab to ensure confidentiality and integrity of system downloads. A special reset packet, combined with keeping a boot CD in the machine, enables PlanetLab system administrators to remotely regain control of machines if they are compromised and return to the nodes into a safe known state. The Linux VServer implementation is used to provide root access to PlanetLab users for development purposes while isolating users from each other. A network abstraction layer provides accounting of traffic and allows safe access to raw sockets. These mechanisms have proven very useful in managing PlanetLab. After a compromise of large numbers of PlanetLab hosts, control of the PlanetLab network was regained in 10 minutes. The compromise spawned a review of PlanetLab security, which pointed out a number of flaws. The need for a central site for maintaining PlanetLab was cited as a key weakness. Future work includes distributing the functions of PlanetLab's central administrative database and improving integrity checks.
[1]
David Mazières,et al.
Democratizing Content Publication with Coral
,
2004,
NSDI.
[2]
Ian T. Foster,et al.
Globus and PlanetLab resource management solutions compared
,
2004,
Proceedings. 13th IEEE International Symposium on High performance Distributed Computing, 2004..
[3]
Larry L. Peterson,et al.
Reliability and Security in the CoDeeN Content Distribution Network
,
2004,
USENIX Annual Technical Conference, General Track.
[4]
Larry L. Peterson,et al.
Making paths explicit in the Scout operating system
,
1996,
OSDI '96.
[5]
Martin Roesch,et al.
Snort - Lightweight Intrusion Detection for Networks
,
1999
.
[6]
David Wetherall,et al.
Scriptroute: A Public Internet Measurement Facility
,
2003,
USENIX Symposium on Internet Technologies and Systems.
[7]
Marianne Shaw,et al.
Denali: a scalable isolation kernel
,
2002,
EW 10.
[8]
David E. Culler,et al.
A blueprint for introducing disruptive technology into the Internet
,
2003,
CCRV.
[9]
Andrew Warfield,et al.
Xen and the art of virtualization
,
2003,
SOSP '03.
[10]
Laura de Leon,et al.
Our Users have Root!
,
1993,
LISA.