garrett drown tianyi xing group #4 cse548 – advanced computer network security
TRANSCRIPT
![Page 1: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/1.jpg)
VIRTUAL TRUSTED DOMAIN
Garrett Drown
Tianyi Xing
Group #4
CSE548 – Advanced Computer Network Security
![Page 2: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/2.jpg)
Virtual Trusted Domains
What are Virtual Trusted Domains?
A virtual trusted domain (VTD) is a collection of machines, regardless of physical boundaries, that trust one another.
![Page 3: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/3.jpg)
Project Goal Create and manage virtual trusted
domains for virtual machines through the use of a NetFPGA.
Provide the virtual machines with reliable, secure, and fast connections to others in their virtual trusted domain.
![Page 4: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/4.jpg)
What is NetFPGA? Low-cost platform, primarily designed as
a tool for teaching networking hardware and router design
![Page 5: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/5.jpg)
Technical DetailsRoadmap of project: By midterm:
Research how to program NetFPGAs. Research and design an implementation for Virtual Trusted Domains on
a NetFPGA. Research Path Splicing, which implements similar features that we
would like to use in our project. Setup environment and begin coding our program which creates and
manages Virtual Trusted Domains on a NetFPGA Find and (if time permitting) set up an existing similar solution (if there is
one) for VTDs as a basis for our work. By final:
Modify the existing solution which can or potentially can implement the VTD.
Deploy the program and setup a test-bed on a NetFPGA. Tested and debugged. Final documents completed.
![Page 6: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/6.jpg)
Design of VTD for NetFPGA
Our idea: Have the controller maintain and utilize a
database which contains the list of approved computers, their domain, and security level.
The packet header will be modified to include the user’s trust level and the VTD he wishes to communicate with.
![Page 7: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/7.jpg)
Virtual Trusted Model
Two fields:Domain
○ This domain field is used for indicating the domain that a group of VMs belong to.
○ Machines in the same domain are able to talk with each other
Trust Level○ Trust level indicates the trust relationship among
different machines in the same domain
![Page 8: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/8.jpg)
System Setup Hardware
Pre-build NetFPGA serverDell Rack Server (Xenserver)
SoftwareCentOS 5NetFPGA base packageOpenflow SwitchNox Controller
![Page 9: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/9.jpg)
Network Structure
Cloudserver1 Cloudserver2
VM1
VM2
VM3
VM4
6 3
6 3
6 2
0 3
NetFPGA-Based Openflow Switch
NOX Controller
DataBase
![Page 10: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/10.jpg)
How to Implement the VTD field?
Domain/Trust Level
![Page 11: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/11.jpg)
Details of the VTD Field
Domain Field10 bits, so it can support up to 1024 domains in
the system. Trust Level (TL)
2 bits, so it has 4 trust levels (from 0 to 3). And we defined that 3 is the highest trust level.
Domain Field Trust Level
10Bits 2Bit
![Page 12: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/12.jpg)
Working Flow (cont.) The VM1(6,3) initiates the traffic to
VM2(6,2) The Openflow Switch receives the
packet from VM1 There is not entry in the flow table The packet is sent to the NOX controller.
![Page 13: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/13.jpg)
NOX controller checks the domain and TL, found in the packet, and compares these with the destination in the database. If they are not in the same domain, then the packet is dropped.
If src and dst are in the same domain, then check the trust level.
If the TL(src) ≥ TL(dst), traffic is forwarded, otherwise, traffic is disallowed.
Working Flow
![Page 14: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/14.jpg)
Conclusion We design a virtual trust domain concept for
cloud system. We deploy a innovative platform (Openflow
over NetFPGA) We successfully implemented our VTD
concept in the real cloud system
![Page 15: Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security](https://reader030.vdocuments.us/reader030/viewer/2022032722/56649f455503460f94c668eb/html5/thumbnails/15.jpg)
Questions?