Securing the Frisbee Multicast Disk Loader

Robert Ricci, Jonathon Duerig
{ricci,duerig}@cs.utah.edu

July 2008

The Flux Research Group
School of Computing, University of Utah
50 S. Central Campus Drive Rm. 3190
Salt Lake City, Utah 84112-9205

emulab.net

Abstract

Shared network testbeds rely on the ability to bring nodes to a known "clean" state, and to allow experimenters to customize the software installed on the nodes assigned to them. This is typically done by replacing the contents of the nodes' disks with a clean disk image. Frisbee is designed for just this purpose. It is a fast, highly scalable system for creating, distributing, and installing disk images. It rapidly and reliably distributes disk images over a LAN to many simultaneous clients, and has proven itself through many years of production use in shared testbed environments.

However, three main security features have been lacking in Frisbee: confidentiality of the image contents, integrity protection, and authentication of the image's source. Frisbee's design and target environment present challenges in providing these features. In this paper, we explore these challenges and present our design and implementation of a secure Frisbee.

Full paper appeared in Proceedings of the 2008 Workshop on Cyber Security Experimentation and Test, July 2008:

The slides from the CSET talk:

PowerPoint
PDF - 1 per page, full color

BibTex entry