DOCSLIB.ORG

Rapid Trust Establishment for Pervasive Personal Computing

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Rapid Trust Establishment for Pervasive Personal Computing SECURITY & PRIVACY Rapid Trust Establishment for Pervasive Personal Computing Trust-Sniffer’s staged approach to establishing confidence in untrusted machines balances security and ease-of-use, facilitating rapid use of transient hardware. n the emerging Internet Suspend/Resume hardware use to become commonplace, users must mobile computing model,1–3 users exploit be able to quickly establish a similar confidence pervasive deployments of inexpensive, mass- level in hardware that they don’t own or manage. market PC hardware rather than carrying To address this problem, we’ve created Trust- portable hardware. ISR’s driving vision is Sniffer, a tool that helps users incrementally gain Ithat plummeting hardware costs will someday elim- confidence in an initially untrusted machine. inate the need to carry computing environments in Trust-Sniffer focuses on software attacks but portable computers. Instead, ISR will deliver an doesn’t guard against hardware attacks, such as exact replica of the last checkpointed state of a user’s modifying the basic I/O system. Potential defenses entire computing environment (including the oper- against hardware attacks include physical sur- ating system, applications, files, and customiza- veillance or the use of tamper-proof or tamper- tions), on demand over the Internet to hardware evident hardware. Although Trust-Sniffer is de- located nearby. So, ISR cuts the tight binding signed to safeguard mobile users, you can couple between PC state and PC hard- it with system operators’ security technologies, Ajay Surie, Adrian Perrig, ware. ISR is implemented by lay- such as full disk encryption, direct memory-access Mahadev Satyanarayanan, ering a virtual machine on dis- monitoring, and remote attestation. and David J. Farber tributed storage. The virtual Trust-Sniffer’s staged approach to establishing Carnegie Mellon University machine encapsulates execution confidence in an untrusted machine balances the and user customization; the dis- needs for security, usability, and speed (for a com- tributed storage transports that parison of Trust-Sniffer and other approaches, state across space and time. see the sidebar). In this new computing model, establishing trust in unmanaged hardware for transient use becomes Design overview a major issue. Today, when a user sits down at a Trust-Sniffer aims to enhance security with computer in the office or home, he or she implic- modest user effort. A key design principle, moti- itly assumes that the machine hasn’t been tampered vated by ISR’s unique characteristics, is to vali- with and that it doesn’t contain malware, such as date only the software a user needs for a task. a keystroke logger. This assumption is reasonable Specifically, most of a user’s execution environ- because unauthorized physical access to the ment is fetched from a trusted server over an machine is restricted. The same assumption applies authenticated, encrypted channel. This includes to a portable computer that the user physically the guest operating system and applications that safeguards at all times. For ISR’s vision of transient execute inside the user’s virtual machine. Cached 24 PERVASIVEcomputing Published by the IEEE Computer Society ■ 1536-1268/07/$25.00 © 2007 IEEE Figure 1. Trust-Sniffer’s staged approach to trust establishment. Initially, all Untrusted code Trusted application software is untrusted. (a) The trust Trusted code 1 initiator’s boot uses a minimal trusted operating system to validate the on-disk Minimal trusted OS Trusted host OS Trusted host OS OS. (b) Next, the trusted host OS is (from trust initiator) (from disk) (from disk) booted from disk, which validates Validate OS Validate application 1 applications as required. (c) The host OS only permits trusted applications to execute. Application 2 Application 2 Application 2 Application 1 Application 1 Application 1 virtual-machine state on disk is always encrypted, and ISR verifies its integrity OS OS OS before a virtual machine uses it. So, it’s only necessary to verify the integrity of a Host hardware Host hardware Host hardware small core of local ISR and Linux soft- (a) (b) (c) ware. Other compromised state isn’t a threat if it’s never used when a machine Time is functioning as an ISR client. This min- imalist approach speeds trust establish- ment and makes ISR more ubiquitous. A reboot from disk, which is now known robust than en-masse validation with second important design principle is to to be safe. This ensures that a full suite respect to ISR software evolution. If a prevent the execution of untrusted soft- of drivers for the local hardware (such new release of ISR client software uses a ware. This is in contrast to attestation as graphics accelerators) as well as cor- local software component that previous techniques, which facilitate the detection rect local environment settings (such as releases didn’t use, Trust-Sniffer will dis- of untrusted software but don’t prevent those for printers, networks, and time) cover its use, even if a software devel- its execution. is obtained. During this boot process, oper fails to list it. Trust-Sniffer dynamically loads the trust Staged approach extender module into the kernel, which Example use Figure 1 shows Trust-Sniffer’s staged extends the zone of trust as execution The following example illustrates our approach to trust establishment. proceeds. On the first attempt to execute system’s use. Bob boots up a PC at his any code that lies outside the current hotel’s business center using his USB key. Establishing a root of trust. First, the user zone of trust (including dynamically Trust-Sniffer’s initial scan quickly vali- performs a minimal boot of the untrusted linked libraries), the kernel triggers a dates the on-disk operating system, which machine from a small, lightweight device trust fault. The trust extender handles a is subsequently booted. Bob then initiates such as a USB memory stick that the user trust fault by verifying the suspect mod- the resume step of ISR. Once Trust-Snif- owns and carries at all times. This trust ule’s integrity and stops execution if the fer verifies the ISR client software’s initiator device serves as the root of trust module’s integrity cannot be established. integrity, ISR fetches Bob’s personal exe- in Trust-Sniffer. Relying on a trusted cution environment over a trusted com- physical possession is convenient and Validating other local software on trust munication channel. The locally installed easy for the user to understand. This faults. As each component of ISR client Web browser is riddled with malware, but stage involves a minimal boot, because software is accessed for the first time, the this doesn’t affect Bob’s task because he its sole purpose is for Trust-Sniffer to kernel generates trust faults and Trust- works only within his trusted personal ex- examine the local disk and verify that it’s Sniffer validates the component’s inte- ecution environment. safe to perform a normal boot using the grity. Once the user gains confidence in on-disk operating system and its associ- the machine and its ISR software, he or Threat model and assumptions ated boot software. The minimal boot she can perform the resume step of ISR. Machines used as ISR clients are vul- ignores the network and any devices On the other hand, if Trust-Sniffer can’t nerable to attacks such as modifications other than the disk. validate any component of ISR client to client or system software and installa- software, it alerts the user and terminates tion of malware such as key-logging or Booting the on-disk operating system. the ISR resume sequence. screen-capture software. Trust-Sniffer’s Next, Trust-Sniffer performs a normal On-demand validation is much more goal is to avoid potential loss or disclosure OCTOBER–DECEMBER 2007 PERVASIVEcomputing 25 SECURITY & PRIVACY Applications Trust alerter • Minimal OS Trust-fault Mismatched data USB User space • Measurement utilities • Reference measurements Kernel space Trust extender Kernel modules Linux kernel Trust initiator Untrusted machine Figure 2. The Trust-Sniffer architecture. The trust initiator plugs into an untrusted machine, validates its operating system, and equips it with a list of trusted applications’ SHA-1 hashes (reference measurements). Applications that haven’t been validated cause a trust fault, which the trust extender handles. If an application can’t be validated, the user-space trust alerter notifies the user. of user data by validating software on an mentation of Integrity Measurement Validating applications ISR client machine before a user accesses Architecture for Linux.5 IMA checks Trust-Sniffer validates an application his or her personal execution environment. the system software stack’s integrity by comparing its sample measurement, We assume that, to use our system, the by computing a SHA-1 hash over an obtained when the application is loaded, user may reboot the untrusted machine executable’s contents when it’s loaded. to a known list of reference measure- and that the BIOS allows booting from a This SHA-1 hash is called a measure- ments generated from trusted applica- USB memory stick. We also assume that ment. IMA is built into the kernel and tions. A mismatch is an inequality be- modifying the BIOS is difficult. So, we is invoked whenever executable code tween a sample measurement and every don’t guard against virtual-machine- is loaded, accounting for user-level bi- reference measurement in the list. In based attacks, such as SubVirt,4 where a naries, dynamically loadable libraries, contrast to attestation, where measure- compromised BIOS could boot directly kernel modules, and scripts. IMA mea- ments detect untrusted software after it into a malicious virtual-machine monitor. sures each loaded executable and has been loaded, validation refers to In addition, Trust-Sniffer is based on stores its measurement in a list in the detection of untrusted software before load-time binary validation, so it doesn’t kernel.
Load more

Recommended publications
  • Debian: 19 Years of Free Software, “Do-Ocracy,” and Democracy
    Debian: 19 years of Free Software, “do-ocracy,” and democracy Stefano Zacchiroli Debian Project Leader 6 October 2012 ACM Reflections | Projections 2012 University of Illinois at Urbana-Champaign Stefano Zacchiroli (Debian) 19 years of Debian reflections | projections 1 / 32 Free Software & your [ digital ] life Lester picked up a screwdriver. “You see this? It’s a tool. You can pick it up and you can unscrew stuff or screw stuff in. You can use the handle for a hammer. You can use the blade to open paint cans. You can throw it away, loan it out, or paint it purple and frame it.” He thumped the printer. “This [ Disney in a Box ] thing is a tool, too, but it’s not your tool. It belongs to someone else — Disney. It isn’t interested in listening to you or obeying you. It doesn’t want to give you more control over your life.” [. ] “If you don’t control your life, you’re miserable. Think of the people who don’t get to run their own lives: prisoners, reform-school kids, mental patients. There’s something inherently awful about living like that. Autonomy makes us happy.” — Cory Doctorow, Makers http://craphound.com/makers/ Stefano Zacchiroli (Debian) 19 years of Debian reflections | projections 2 / 32 Free Software, raw foo is cool, let’s install it! 1 download foo-1.0.tar.gz ñ checksum mismatch, missing public key, etc. 2 ./configure ñ error: missing bar, baz, . 3 foreach (bar, baz, . ) go to 1 until (recursive) success 4 make ñ error: symbol not found 5 make install ñ error: cp: cannot create regular file /some/weird/path now try scale that up to
    [Show full text]
  • Debian \ Amber \ Arco-Debian \ Arc-Live \ Aslinux \ Beatrix
    Debian \ Amber \ Arco-Debian \ Arc-Live \ ASLinux \ BeatriX \ BlackRhino \ BlankON \ Bluewall \ BOSS \ Canaima \ Clonezilla Live \ Conducit \ Corel \ Xandros \ DeadCD \ Olive \ DeMuDi \ \ 64Studio (64 Studio) \ DoudouLinux \ DRBL \ Elive \ Epidemic \ Estrella Roja \ Euronode \ GALPon MiniNo \ Gibraltar \ GNUGuitarINUX \ gnuLiNex \ \ Lihuen \ grml \ Guadalinex \ Impi \ Inquisitor \ Linux Mint Debian \ LliureX \ K-DEMar \ kademar \ Knoppix \ \ B2D \ \ Bioknoppix \ \ Damn Small Linux \ \ \ Hikarunix \ \ \ DSL-N \ \ \ Damn Vulnerable Linux \ \ Danix \ \ Feather \ \ INSERT \ \ Joatha \ \ Kaella \ \ Kanotix \ \ \ Auditor Security Linux \ \ \ Backtrack \ \ \ Parsix \ \ Kurumin \ \ \ Dizinha \ \ \ \ NeoDizinha \ \ \ \ Patinho Faminto \ \ \ Kalango \ \ \ Poseidon \ \ MAX \ \ Medialinux \ \ Mediainlinux \ \ ArtistX \ \ Morphix \ \ \ Aquamorph \ \ \ Dreamlinux \ \ \ Hiwix \ \ \ Hiweed \ \ \ \ Deepin \ \ \ ZoneCD \ \ Musix \ \ ParallelKnoppix \ \ Quantian \ \ Shabdix \ \ Symphony OS \ \ Whoppix \ \ WHAX \ LEAF \ Libranet \ Librassoc \ Lindows \ Linspire \ \ Freespire \ Liquid Lemur \ Matriux \ MEPIS \ SimplyMEPIS \ \ antiX \ \ \ Swift \ Metamorphose \ miniwoody \ Bonzai \ MoLinux \ \ Tirwal \ NepaLinux \ Nova \ Omoikane (Arma) \ OpenMediaVault \ OS2005 \ Maemo \ Meego Harmattan \ PelicanHPC \ Progeny \ Progress \ Proxmox \ PureOS \ Red Ribbon \ Resulinux \ Rxart \ SalineOS \ Semplice \ sidux \ aptosid \ \ siduction \ Skolelinux \ Snowlinux \ srvRX live \ Storm \ Tails \ ThinClientOS \ Trisquel \ Tuquito \ Ubuntu \ \ A/V \ \ AV \ \ Airinux \ \ Arabian
    [Show full text]
  • Master Thesis Innovation Dynamics in Open Source Software
    Master thesis Innovation dynamics in open source software Author: Name: Remco Bloemen Student number: 0109150 Email: [email protected] Telephone: +316 11 88 66 71 Supervisors and advisors: Name: prof. dr. Stefan Kuhlmann Email: [email protected] Telephone: +31 53 489 3353 Office: Ravelijn RA 4410 (STEPS) Name: dr. Chintan Amrit Email: [email protected] Telephone: +31 53 489 4064 Office: Ravelijn RA 3410 (IEBIS) Name: dr. Gonzalo Ord´o~nez{Matamoros Email: [email protected] Telephone: +31 53 489 3348 Office: Ravelijn RA 4333 (STEPS) 1 Abstract Open source software development is a major driver of software innovation, yet it has thus far received little attention from innovation research. One of the reasons is that conventional methods such as survey based studies or patent co-citation analysis do not work in the open source communities. In this thesis it will be shown that open source development is very accessible to study, due to its open nature, but it requires special tools. In particular, this thesis introduces the method of dependency graph analysis to study open source software devel- opment on the grandest scale. A proof of concept application of this method is done and has delivered many significant and interesting results. Contents 1 Open source software 6 1.1 The open source licenses . 8 1.2 Commercial involvement in open source . 9 1.3 Opens source development . 10 1.4 The intellectual property debates . 12 1.4.1 The software patent debate . 13 1.4.2 The open source blind spot . 15 1.5 Litterature search on network analysis in software development .
    [Show full text]
  • Full Circle Magazine #160 Contents ^ Full Circle Magazine Is Neither Affiliated With,1 Nor Endorsed By, Canonical Ltd
    Full Circle THE INDEPENDENT MAGAZINE FOR THE UBUNTU LINUX COMMUNITY ISSUE #160 - August 2020 RREEVVIIEEWW OOFF GGAALLLLIIUUMMOOSS 33..11 LIGHTWEIGHT DISTRO FOR CHROMEOS DEVICES full circle magazine #160 contents ^ Full Circle Magazine is neither affiliated with,1 nor endorsed by, Canonical Ltd. HowTo Full Circle THE INDEPENDENT MAGAZINE FOR THE UBUNTU LINUX COMMUNITY Python p.18 Linux News p.04 Podcast Production p.23 Command & Conquer p.16 Linux Loopback p.39 Everyday Ubuntu p.40 Rawtherapee p.25 Ubuntu Devices p.XX The Daily Waddle p.42 My Opinion p.XX Krita For Old Photos p.34 My Story p.46 Letters p.XX Review p.50 Inkscape p.29 Q&A p.54 Review p.XX Ubuntu Games p.57 Graphics The articles contained in this magazine are released under the Creative Commons Attribution-Share Alike 3.0 Unported license. This means you can adapt, copy, distribute and transmit the articles but only under the following conditions: you must attribute the work to the original author in some way (at least a name, email or URL) and to this magazine by name ('Full Circle Magazine') and the URL www.fullcirclemagazine.org (but not attribute the article(s) in any way that suggests that they endorse you or your use of the work). If you alter, transform, or build upon this work, you must distribute the resulting work under the same, similar or a compatible license. Full Circle magazine is entirely independent of Canonical, the sponsor of the Ubuntu projects, and the views and opinions in the magazine should in no way be assumed to have Canonical endorsement.
    [Show full text]
  • Index Images Download 2006 News Crack Serial Warez Full 12 Contact
    index images download 2006 news crack serial warez full 12 contact about search spacer privacy 11 logo blog new 10 cgi-bin faq rss home img default 2005 products sitemap archives 1 09 links 01 08 06 2 07 login articles support 05 keygen article 04 03 help events archive 02 register en forum software downloads 3 security 13 category 4 content 14 main 15 press media templates services icons resources info profile 16 2004 18 docs contactus files features html 20 21 5 22 page 6 misc 19 partners 24 terms 2007 23 17 i 27 top 26 9 legal 30 banners xml 29 28 7 tools projects 25 0 user feed themes linux forums jobs business 8 video email books banner reviews view graphics research feedback pdf print ads modules 2003 company blank pub games copyright common site comments people aboutus product sports logos buttons english story image uploads 31 subscribe blogs atom gallery newsletter stats careers music pages publications technology calendar stories photos papers community data history arrow submit www s web library wiki header education go internet b in advertise spam a nav mail users Images members topics disclaimer store clear feeds c awards 2002 Default general pics dir signup solutions map News public doc de weblog index2 shop contacts fr homepage travel button pixel list viewtopic documents overview tips adclick contact_us movies wp-content catalog us p staff hardware wireless global screenshots apps online version directory mobile other advertising tech welcome admin t policy faqs link 2001 training releases space member static join health
    [Show full text]
  • Debian: 19 Years and Counting
    Debian: 19 years and counting Stefano Zacchiroli Debian Project Leader 25 June 2012 Debian for Scientific Facilities Days European Synchrotron Radiation Facility Grenoble, France Stefano Zacchiroli (Debian) Debian: 19 years and counting ESRF, Grenoble 1 / 29 Outline 1 Debian and Wheezy 2 Specialties 3 Derivatives 4 Contribute Stefano Zacchiroli (Debian) Debian: 19 years and counting ESRF, Grenoble 2 / 29 Prelude — the notion of “distribution” distributions are meant to ease software management key notion: the abstraction of package offer coherent collections of software killer application: package managers Stefano Zacchiroli (Debian) Debian: 19 years and counting ESRF, Grenoble 3 / 29 Outline 1 Debian and Wheezy 2 Specialties 3 Derivatives 4 Contribute Stefano Zacchiroli (Debian) Debian: 19 years and counting ESRF, Grenoble 4 / 29 Debian: once upon a time Fellow Linuxers, This is just to announce the imminent completion of a brand-new Linux release, which I’m calling the Debian Linux Release. [. ] Ian A Murdock, 16/08/1993 comp.os.linux.development make GNU/Linux competitive with commercial OS easy to install built collaboratively by software experts 1st major distro developed “openly in the spirit of GNU” FSF-supported for a while Stefano Zacchiroli (Debian) Debian: 19 years and counting ESRF, Grenoble 5 / 29 Debian: the operating system flagship product: Debian stable binary distribution Source packages Binary packages 30000 completely Free (DFSG) 25000 released every 24 months (≈) 20000 15000 a dozen architectures 10000 archive-wide security support 5000 0 (3-3.5 years) 2.0 2.1 2.2 3.0 3.1 4.0 5.0 6.0 renowned for one of the largest GNU/Linux ports, stability, packaging system, porting platforms old hardware support, documentation, smooth upgrades, i18n/l10n, the testing suite, runs anywhere, technical policy, package choice, .
    [Show full text]
  • Debian and Its Ecosystem
    Debian and its ecosystem Stefano Zacchiroli Debian Developer Former Debian Project Leader 20 September 2013 OSS4B — Open Source Software for Business Prato, Italy Stefano Zacchiroli (Debian) Debian and its ecosystem OSS4B — Prato, Italy 1 / 32 Free Software & your [ digital ] life Lester picked up a screwdriver. “You see this? It’s a tool. You can pick it up and you can unscrew stuff or screw stuff in. You can use the handle for a hammer. You can use the blade to open paint cans. You can throw it away, loan it out, or paint it purple and frame it.” He thumped the printer. “This [ Disney in a Box ] thing is a tool, too, but it’s not your tool. It belongs to someone else — Disney. It isn’t interested in listening to you or obeying you. It doesn’t want to give you more control over your life.” [. ] “If you don’t control your life, you’re miserable. Think of the people who don’t get to run their own lives: prisoners, reform-school kids, mental patients. There’s something inherently awful about living like that. Autonomy makes us happy.” — Cory Doctorow, Makers http://craphound.com/makers/ Stefano Zacchiroli (Debian) Debian and its ecosystem OSS4B — Prato, Italy 2 / 32 Free Software, raw foo is cool, let’s install it! 1 download foo-1.0.tar.gz ñ checksum mismatch, missing public key, etc. 2 ./configure ñ error: missing bar, baz, . 3 foreach (bar, baz, . ) go to 1 until (recursive) success 4 make ñ error: symbol not found 5 make install ñ error: cp: cannot create regular file /some/weird/path now try scale that up to ≈20’000 sources releasing ≈3’000
    [Show full text]
  • GNU/Linux Distro Timeline LEAF Version 10.9 Skolelinux Lindows Linspire Authors: A
    1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 Libranet Omoikane (Arma) Gibraltar GNU/Linux distro timeline LEAF Version 10.9 Skolelinux Lindows Linspire Authors: A. Lundqvist, D. Rodic - futurist.se/gldt Freespire Published under the GNU Free Documentation License MEPIS SimplyMEPIS Impi Guadalinex Clonezilla Live Edubuntu Xubuntu gNewSense Geubuntu OpenGEU Fluxbuntu Eeebuntu Aurora OS Zebuntu ZevenOS Maryan Qimo wattOS Element Jolicloud Ubuntu Netrunner Ylmf Lubuntu eBox Zentyal Ubuntu eee Easy Peasy CrunchBang gOS Kiwi Ubuntulite U-lite Linux Mint nUbuntu Kubuntu Ulteo MoLinux BlankOn Elive OS2005 Maemo Epidemic sidux PelicanHPC Inquisitor Canaima Debian Metamorphose Estrella Roja BOSS PureOS NepaLinux Tuquito Trisquel Resulinux BeatriX grml DeadCD Olive Bluewall ASLinux gnuLiNex DeMuDi Progeny Quantian DSL-N Damn Small Linux Hikarunix Damn Vulnerable Linux Danix Parsix Kanotix Auditor Security Linux Backtrack Bioknoppix Whoppix WHAX Symphony OS Knoppix Musix ParallelKnoppix Kaella Shabdix Feather KnoppMyth Aquamorph Dreamlinux Morphix ZoneCD Hiwix Hiweed Deepin Kalango Kurumin Poseidon Dizinha NeoDizinha Patinho Faminto Finnix Storm Corel Xandros Moblin MeeGo Bogus Trans-Ameritech Android Mini Monkey Tinfoil Hat Tiny Core Yggdrasil Linux Universe Midori Quirky TAMU DILINUX DOSLINUX Mamona Craftworks BluePoint Yoper MCC Interim Pardus Xdenu EnGarde Puppy Macpup SmoothWall GPL SmoothWall Express IPCop IPFire Beehive Paldo Source Mage Sorcerer Lunar eIT easyLinux GoboLinux GeeXboX Dragora
    [Show full text]
  • Debian: a Geeky Quasi-Anarchy That Works
    Debian: a Geeky Quasi-Anarchy that Works Stefano Zacchiroli Debian Developer Former Debian Project Leader OSI Board Director 28 June 2014 Hackmeeting 2014 Bologna, Italy Stefano Zacchiroli (Debian) Debian: a Quasy-Anarchy that Works Hackit 0x11, Bologna 1 / 49 Outline 1 Debian and Wheezy 2 Specialties 3 Organization Stefano Zacchiroli (Debian) Debian: a Quasy-Anarchy that Works Hackit 0x11, Bologna 2 / 49 Debian: once upon a time Fellow Linuxers, This is just to announce the imminent completion of a brand-new Linux release, which I’m calling the Debian Linux Release. [. ] Ian A Murdock, 16/08/1993 comp.os.linux.development make GNU/Linux competitive with commercial OS easy to install built collaboratively by software experts 1st major distro developed “openly in the spirit of GNU” FSF-supported for a while Stefano Zacchiroli (Debian) Debian: a Quasy-Anarchy that Works Hackit 0x11, Bologna 3 / 49 1 3 of Debian: the operating system flagship product: Debian stable binary distribution Source packages Binary packages 30000 completely Free (DFSG) 25000 released every 24 months (≈) 20000 15000 a dozen architectures 10000 ñ with several kernels! 5000 archive-wide security support 0 2.0 2.1 2.2 3.0 3.1 4.0 5.0 6.0 ñ Long Term Support, 5 years one of the largest Free Software porting platforms renowned for ports, stability, packaging system, old hw support, documentation, smooth upgrades, i18n/l10n, the testing suite, runs anywhere, technical policy, package choice, . Stefano Zacchiroli (Debian) Debian: a Quasy-Anarchy that Works Hackit 0x11, Bologna 4 / 49 Debian 7.0 “Wheezy” — highlithgs multiarch ñ 3rd party software, easily ñ cross-compilation private cloud deployment ñ OpenStack, Xen/XCP, .
    [Show full text]
  • Rapid Trust Establishment for Transient Use of Unmanaged Hardware
    Rapid Trust Establishment for Transient Use of Unmanaged Hardware Ajay Surie, Adrian Perrig, M. Satyanarayanan, David Farber December 2006 CMU-CS-06-176 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 Abstract Transient use of PCs has grown in importance with the advent of Internet cafes and the emergence of personalization systems such as Migo, GoToMyPC, and Internet Suspend/Resume. r Unfortunately, users have no choice today but to trust any transient hardware they use. They are often unaware of the risks they face in placing faith in public computers. We address this problem through Trust-Sniffer, a tool that helps a user to gain confidence in the software stack on an untrusted machine. The root of trust is a small, lightweight device such as a USB memory stick that is owned by the user. Once the integrity of the boot image is verified, Trust-Sniffer uses a staged process to expand the zone of trust. It generates a trust fault when a user first attempts to execute any binary that lies outside the current zone of trust. A trust fault handler verifies the integrity of the suspect binary by comparing its checksum with that of known good binaries. Execution stops if the binary's integrity cannot be established. This staged approach to establishing confidence in an untrusted machine strikes a good balance between the needs of security and ease-of-use, and enables rapid use of transient hardware. This research was supported by the National Science Foundation (NSF) under grant number CNS-0509004, and by the Army Research Office (ARO) through grant number DAAD19-02-1-0389 ("Perpetually Available and Secure Information Systems") to Carnegie Mellon University's CyLab.
    [Show full text]
  • Here's My Resume
    [email protected] https://www.finnie.org/ Ryan Finnie https://github.com/rfinnie Highly experienced Linux stack engineer, covering the gamut from hardware through application. Offering expertise in systems engineering, software development, scale-out, open source and more. SKILLS ● Work from home / remote collaboration ● Python, Bash, Ruby scripting ● Open source community development ● Linux OS design and development ● Public clouds (AWS, Azure, GCE) ● CI/CD systems (GitHub Workflows, Travis, ● OpenStack private clouds Jenkins, Gerrit) ● Containers (Kubernetes, Docker, LXD) ● Monitoring/metrics (Prometheus, Nagios) ● Scaling systems deployment and ● Version control (Git, bzr) management (Puppet, Ansible, Juju, MAAS) EXPERIENCE Canonical (Ubuntu) ​— Remote (Americas) Site Reliability Engineer, IS Operations ​(2012 - 2020) ● Developed tools (primarily in Python) and procedures to maintain, monitor and produce metrics against Canonical's hundreds of service environments ● Worked with and supported company-internal teams and the greater Ubuntu community ● Maintained tens of thousands of concurrent instances across multiple private and public clouds, and thousands of geographically-disperse bare-metal servers ● Designed and deployed large-scale OpenStack private clouds ● Specialized in incident response and mitigation procedures, with an even greater emphasis on incident prevention ● Contributed to open source projects as part of daily work; most Canonical SRE tooling is publicly available and developed ● Worked in an all-remote worldwide department
    [Show full text]
  • Lightweight Operating Systems for Scalable Native and Virtualized Supercomputing
    Lightweight Operating Systems for Scalable Native and Virtualized Supercomputing April 20, 2009 ORNL Visit Kevin Pedretti Senior Member of Technical Staff Scalable System Software, Dept. 1423 [email protected] Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. Acknowledgments · Kitten Lightweight Kernel ± Trammel Hudson, Mike Levenhagen, Kurt Ferreira ± Funding: Sandia LDRD program · Palacios Virtual Machine Monitor ± Peter Dinda & Jack Lange (Northwestern Univ.) ± Patrick Bridges (Univ. New Mexico) · OS Noise Studies ± Kurt Ferreira, Ron Brightwell · Quad-core Catamount ± Sue Kelly, John VanDyke, Courtenay Vaughan Outline · Introduction · Kitten Lightweight Kernel · Palacios Virtual Machine Monitor · Native vs. Guest OS results on Cray XT · Conclusion Going on Four Decades of UNIX Operating System = Collection of software and APIs Users care about environment, not implementation details LWK is about getting details right for scalability See Key for Units Challenge: Exponentially Increasing ParallelismExponentially Increasing Challenge: 33% per year 89% per year 12 GF/core 12 75K cores 75K 900 TF 900 72% per year 1.7M cores (green) cores 1.7M 28M cores (blue) cores 28M 588 GF/core 588 35 GF/core 35 2019 1 EF 1 or LWK Overview Basic Architecture Memory Management N 1 ¼ ¼ n n o o i Policy i t t a a c c Page 3 Page 3 i i l Maker l p p Libc.a Libc.a p (PCT) p A A Page 2 Page 2
    [Show full text]