• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cs seminar 20071207
 

Cs seminar 20071207

on

  • 286 views

 

Statistics

Views

Total Views
286
Views on SlideShare
286
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cs seminar 20071207 Cs seminar 20071207 Presentation Transcript

    • An Example-Driven Look at the Rapid Recovery System A CS Seminar Presentation by Todd Deshane
    • Motivation
      • Security of computers is a big problem
      • "New methods are being invented, new tricks, and every year it gets worse... We are losing the battle... Most companies don't know they have been attacked." - Bruce Schneier
      • Virtualization is going to be everywhere
      • Virtualization will be part of nearly every aspect of IT by 2015 – Gartner (May 2007)‏
    • John is a typical desktop computer user that uses his computer to communicate with friends on IM and email, and surf the web. Ooooh! I got some pics from my buddy Joe :)
    • Without the Rapid Recovery System John didn't know that the pics were actually a trojan, and now his computer is part of a botnet that is sharing all of his personal information to the world. 010010000100000101000011010010110100010101000100 Credit Card Numbers, Email Contacts, Passwords
    • With the Rapid Recovery System John tries to load the pictures in his photo VM, but the action is denied, since the “pics” are actually executables. An error message is displayed to John.
    • With the Rapid Recovery System John really wants to see the pics, so he ignores the error and copies the “pics” to his Internet VM and clicks on them. The executable runs and it instantly tries to run its built-in IRC server and starts scanning for personal data.
    • The executable runs and it instantly tries to run its built-in IRC server and starts scanning for personal data.
    • SYSTEM ARCHITECTURE Internet Internal Network Segment Isolated Network Segment Management Management Hardware Xen Hypervisor NIC NET-VM VMA 1 VMA 2 VMA N FS-VM Disk Domain 0 Management
    • THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Open an attachment containing a mass emailing virus Without the Rapid Recovery System Newest backup is 1 month old, some recent reports and pictures lost 3 weeks later get the machine back with the OS re-installed Call tech support, make an appointment to take the computer into the shop Look in process list, attempt to kill suspicious process, regenerates itself Reboot machine, still slow Notice a slow down of the machine, unsure of cause.
    • THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Open an attachment containing a mass emailing virus With the Rapid Recovery System Rollback and remount personal data store The system asks the user if they want to rollback to the last known good image. The NET-VM flags a violation of the network contract and pauses the VM. The attachment is written into the email log. Some system data (logs, etc.) in VM appliance is lost, but no personal data is lost. The machine is back in working order in less than 1 hour.
    • THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Surf to the wrong website Without the Rapid Recovery System The program installs a backdoor for later use by the attacker The program sends out a small amount of data containing the information discovered The user does not notice any sign of trouble A malicious program scans the hard drive for credit card numbers
    • THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Surf to the wrong website With the Rapid Recovery System Rollback and remount personal data store The system asks the user if they want to rollback to the last known good image The FS-VM triggers a violation of the data access contract and pauses the VM The malicious programs begins to read the hard drive for credit card numbers The scan is not completed, the information is not sent, the backdoor is prevented
    • THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Install a required software update Without the Rapid Recovery System It takes a few hours to assemble the installation media, to find the product keys, and to follow the instructions The best recommendedation is to completely uninstall and re-install the applications The user calls tech support and they confirm the problems with the patch After the update, several applications cannot find some required components
    • THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Install a required software update With the Rapid Recovery System The machine is back up in running in minutes The user decides to rollback to the last known good image The user calls tech support and they confirm the problems with the patch After the update, several applications cannot find some required components
    • SYSTEM ARCHITECTURE Internet Internal Network Segment Isolated Network Segment Management Management Hardware Xen Hypervisor NIC NET-VM VMA 1 VMA 2 VMA N FS-VM Disk Domain 0 Management
    • SYSTEM PERFORMANCE
    • Current Status/Future Work
      • NET-VM a driver domain in Xen
      • Add FS-VM as openfiler appliance
      • Breakdown system performance of NET-VM and FS-VM
      • Use real attacks to test functionality
    • Questions/Comments?