Cs seminar 20071207

279
-1

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
279
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cs seminar 20071207

  1. 1. An Example-Driven Look at the Rapid Recovery System A CS Seminar Presentation by Todd Deshane
  2. 2. Motivation <ul><li>Security of computers is a big problem </li></ul><ul><li>&quot;New methods are being invented, new tricks, and every year it gets worse... We are losing the battle... Most companies don't know they have been attacked.&quot; - Bruce Schneier </li></ul><ul><li>Virtualization is going to be everywhere </li></ul><ul><li>Virtualization will be part of nearly every aspect of IT by 2015 – Gartner (May 2007)‏ </li></ul>
  3. 3. John is a typical desktop computer user that uses his computer to communicate with friends on IM and email, and surf the web. Ooooh! I got some pics from my buddy Joe :)
  4. 4. Without the Rapid Recovery System John didn't know that the pics were actually a trojan, and now his computer is part of a botnet that is sharing all of his personal information to the world. 010010000100000101000011010010110100010101000100 Credit Card Numbers, Email Contacts, Passwords
  5. 5. With the Rapid Recovery System John tries to load the pictures in his photo VM, but the action is denied, since the “pics” are actually executables. An error message is displayed to John.
  6. 6. With the Rapid Recovery System John really wants to see the pics, so he ignores the error and copies the “pics” to his Internet VM and clicks on them. The executable runs and it instantly tries to run its built-in IRC server and starts scanning for personal data.
  7. 7. The executable runs and it instantly tries to run its built-in IRC server and starts scanning for personal data.
  8. 8. SYSTEM ARCHITECTURE Internet Internal Network Segment Isolated Network Segment Management Management Hardware Xen Hypervisor NIC NET-VM VMA 1 VMA 2 VMA N FS-VM Disk Domain 0 Management
  9. 9. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Open an attachment containing a mass emailing virus Without the Rapid Recovery System Newest backup is 1 month old, some recent reports and pictures lost 3 weeks later get the machine back with the OS re-installed Call tech support, make an appointment to take the computer into the shop Look in process list, attempt to kill suspicious process, regenerates itself Reboot machine, still slow Notice a slow down of the machine, unsure of cause.
  10. 10. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Open an attachment containing a mass emailing virus With the Rapid Recovery System Rollback and remount personal data store The system asks the user if they want to rollback to the last known good image. The NET-VM flags a violation of the network contract and pauses the VM. The attachment is written into the email log. Some system data (logs, etc.) in VM appliance is lost, but no personal data is lost. The machine is back in working order in less than 1 hour.
  11. 11. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Surf to the wrong website Without the Rapid Recovery System The program installs a backdoor for later use by the attacker The program sends out a small amount of data containing the information discovered The user does not notice any sign of trouble A malicious program scans the hard drive for credit card numbers
  12. 12. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Surf to the wrong website With the Rapid Recovery System Rollback and remount personal data store The system asks the user if they want to rollback to the last known good image The FS-VM triggers a violation of the data access contract and pauses the VM The malicious programs begins to read the hard drive for credit card numbers The scan is not completed, the information is not sent, the backdoor is prevented
  13. 13. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Install a required software update Without the Rapid Recovery System It takes a few hours to assemble the installation media, to find the product keys, and to follow the instructions The best recommendedation is to completely uninstall and re-install the applications The user calls tech support and they confirm the problems with the patch After the update, several applications cannot find some required components
  14. 14. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Install a required software update With the Rapid Recovery System The machine is back up in running in minutes The user decides to rollback to the last known good image The user calls tech support and they confirm the problems with the patch After the update, several applications cannot find some required components
  15. 15. SYSTEM ARCHITECTURE Internet Internal Network Segment Isolated Network Segment Management Management Hardware Xen Hypervisor NIC NET-VM VMA 1 VMA 2 VMA N FS-VM Disk Domain 0 Management
  16. 16. SYSTEM PERFORMANCE
  17. 17. Current Status/Future Work <ul><li>NET-VM a driver domain in Xen </li></ul><ul><li>Add FS-VM as openfiler appliance </li></ul><ul><li>Breakdown system performance of NET-VM and FS-VM </li></ul><ul><li>Use real attacks to test functionality </li></ul>
  18. 18. Questions/Comments?

×