1 / 28

Virtual Container Attestation: Customized Secure Containers for On-Demand Computing

This senior thesis explores the design and implementation of a trusted computing system using OpenSolaris, TPM, and DTrace tools. The solution focuses on virtual container attestation for enhanced security in computing environments. The study delves into the challenges, tools, and results of testing applications. Future work includes improving security checks and communication among zones.

quinlan-shepherd
Télécharger la présentation

Virtual Container Attestation: Customized Secure Containers for On-Demand Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Container Attestation: Customized trusted containers for on-demand computing. • Katelin Bailey • Senior Thesis 2010 • Dartmouth College • Department of Computer Science

  2. Where are we going? • Introduction • The Problem of Trusted Computing • Tools: OpenSolaris, TPM, DTrace • Design & Implementation • Motivation for the Testing Applications • Testing Applications. • Results & Conclusions

  3. The Problem of Trusted Computing • Why do we need to trust computers? • How can we develop that trust?

  4. Previous Approaches • Attestation • Property-based attestation • Compartmented attestation • Virtualization • Trusted Computing on Demand

  5. Tools used in the implementation...

  6. OpenSolaris • Zones (containers) • DTrace • Open-source

  7. Zones • OS-level virtualization is lightweight • Global zone’s window into the containers • Zone cloning • Easy configuration • More complete virtualization, not just process isolation

  8. TPM • Cryptographic Capabilities • Platform Control Registers • Trusted Root • Trusted Boot • In relation to Trusted Computing

  9. Virtual Container AttestationThe Goals • Uses client-requested containers • Interface to local and remote machines • Remain usable to client applications • Employs property-attributed certificates • Monitors attributes of each container • Halts zones which do not comply • Ensures that revoked zones remain inactive

  10. In summary... • Flexibility of policy • Containers on demand • Isolation • Policy enforcement • Simple property attestation

  11. Open source software as the basis for the testing applications Unfortunately, we had to create our own...

  12. Power Grid Software • Input comes from device measurements • Format the incoming data • Process in any (possibly multiple) way • Export for large-scale processing • Format/prepare the outgoing data

  13. Hurdles • Zone startup times • TSS stack

  14. Future Work • Fix the hurdles! • Varied revocation scheme • Additional security checks • Negotiation of security • Better zone communication

  15. Conclusions

  16. Thank you!

More Related