Student Talk
Cody Cutler
University of Utah
Friday, March 23, 2012
3147 MEB
Lecture 3:40 p.m.
Title: Trusted Disk Loading in the Emulab Network Testbed
Cody Cutler
University of Utah
Friday, March 23, 2012
3147 MEB
Lecture 3:40 p.m.
Title: Trusted Disk Loading in the Emulab Network Testbed
Abstract
Network testbeds are critical for systems research but can be problematic due to their complex nature. Testbeds like Emulab allocate physical computers to users for the duration of an experiment. During an experiment, a user has nearly unfettered access to the devices under his or her control. Thus, at the end of an experiment, an allocated computer can be in an arbitrary state. A testbed must reclaim devices and ensure they are properly configured for future experiments. This is particularly important for security-related experiments: for example, a testbed must ensure that malware cannot persist on a device from one experiment to another.
Physical testbed nodes can be securely reconditioned in a scalable, maintainable way by making use of the Trusted Platform Module (TPM) and through adherence to a strict network boot protocol. This thesis presents the TDLS that we have implemented for Emulab. When Emulab allocates a PC to an experiment, the TDLS ensures that if experiment set-up succeeds, the PC is configured to boot the operating system specified by the user. The TDLS uses the TPM of an allocated PC to securely communicate with Emulab's control infrastructure and attest about the PC's configuration. The TDLS prevents state from surviving from one experiment to another, and it prevents devices in the testbed from impersonating one another. The TDLS addresses the challenges of providing a scalable and flexible service, which allows large testbeds to support a wide range of systems research. We describe these challenges, detail our TDLS for Emulab, and present the lessons we have learned from its construction.
Network testbeds are critical for systems research but can be problematic due to their complex nature. Testbeds like Emulab allocate physical computers to users for the duration of an experiment. During an experiment, a user has nearly unfettered access to the devices under his or her control. Thus, at the end of an experiment, an allocated computer can be in an arbitrary state. A testbed must reclaim devices and ensure they are properly configured for future experiments. This is particularly important for security-related experiments: for example, a testbed must ensure that malware cannot persist on a device from one experiment to another.
Physical testbed nodes can be securely reconditioned in a scalable, maintainable way by making use of the Trusted Platform Module (TPM) and through adherence to a strict network boot protocol. This thesis presents the TDLS that we have implemented for Emulab. When Emulab allocates a PC to an experiment, the TDLS ensures that if experiment set-up succeeds, the PC is configured to boot the operating system specified by the user. The TDLS uses the TPM of an allocated PC to securely communicate with Emulab's control infrastructure and attest about the PC's configuration. The TDLS prevents state from surviving from one experiment to another, and it prevents devices in the testbed from impersonating one another. The TDLS addresses the challenges of providing a scalable and flexible service, which allows large testbeds to support a wide range of systems research. We describe these challenges, detail our TDLS for Emulab, and present the lessons we have learned from its construction.