论文信息 - Trusted Disk Loading in the Emulab Network Testbed

Trusted Disk Loading in the Emulab Network Testbed

Network testbeds like Emulab allocate physical computers to users for the duration of an experiment. During an experiment, a user has nearly unfettered access to the devices under his or her control. Thus, at the end of an experiment, an allocated computer can be in an arbitrary state. A testbed must reclaim devices and ensure they are properly configured for future experiments. This is particularly important for security-related experiments: for example, a testbed must ensure that malware cannot persist on a device from one experiment to another. This paper presents the prototype trusted disk-loading system (TDLS) that we have implemented for Emulab. When Emulab allocates a PC to an experiment, the TDLS ensures that if experiment set-up succeeds, the PC is configured to boot the operating system specified by the user. The TDLS uses the Trusted Platform Module (TPM) of an allocated PC to securely communicate with Emulab's control infrastructure and attest about the PC's configuration. The TDLS prevents state from surviving from one experiment to another, and it prevents devices in the testbed from impersonating one another. The TDLS addresses the challenges of providing a scalable and flexible service, which allows large testbeds to support a wide range of systems research. We describe these challenges, detail our TDLS for Emulab, and present the lessons we have learned from its construction.

[1] Tal Garfinkel,et al. A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[2] Robert Ricci,et al. Securing the Frisbee Multicast Disk Loader , 2008, CSET.

[3] Mac G. Newbold,et al. RELIABILITY AND STATE MACHINES IN AN ADVANCED NETWORK TESTBED , 2004 .

[4] Mike Hibler,et al. An integrated experimental environment for distributed systems and networks , 2002, OPSR.

[5] Bernhard Kauer. OSLO: Improving the Security of Trusted Computing , 2007, USENIX Security Symposium.

[6] Patrick D. McDaniel,et al. Rootkit-resistant disks , 2008, CCS.

[7] Mike Hibler,et al. USENIX Association Proceedings of the General Track : 2003 USENIX Annual , 2003 .

[8] Adrian Perrig,et al. SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[9] Michael K. Reiter,et al. Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[10] Tal Garfinkel,et al. Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[11] Brent Waters,et al. Cloaking Malware with the Trusted Platform Module , 2011, USENIX Security Symposium.