• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
549
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. System Security Lab Trusted Virtual Domains on Usable Secure Desktop Environments Hans Löhr, Thomas Pöppelmann, Johannes Rave, Martin Steegmanns, Marcel Winandy5th Annual Workshop on Scalable Trusted Computing (STC 2010)co-located to ACM CCS, Chicago, 4th October 2010
  • 2. System Security Lab Trusted Virtual Domains (TVDs) ● Coalition of virtual machines (VMs) ● Distributed over various physical platforms ● Same trust level, same security policy ● Transparent policy enforcement Marcel Winandy Trusted Virtual Domains on OpenSolaris 2
  • 3. System Security Lab TVD Implementations – Why a new one? ● TVDs on Xen: ● Required several changes in Xen and dom0 (e.g. sHype in Xen, vSwitch in dom0, etc....) ● Large VM images to deploy (e.g. Vista: ~ 2 GB) ● Focus on data centers ● TVD on OpenSolaris: ● Focus on end-user desktop systems ● Lightweight virtualization ● Requires no changes in kernel or core system Marcel Winandy Trusted Virtual Domains on OpenSolaris 3
  • 4. System Security Lab Security Features of OpenSolaris ● Zones: Lightweight (OS) virtualization ● ZFS: Efficient file system ● MLS: built-in mandatory access control ● Secure GUI: trusted path, MLS support And all comes for free !!! Marcel Winandy Trusted Virtual Domains on OpenSolaris 4
  • 5. System Security Lab TVD on OpenSolaris: Architecture Our Contribution Marcel Winandy Trusted Virtual Domains on OpenSolaris 5
  • 6. System Security Lab User Desktop Marcel Winandy Trusted Virtual Domains on OpenSolaris 6
  • 7. System Security Lab Mapping TVD to MLS ● MLS: classification (level) + compartment (category) ● TVDs: non-hierarchical ● Solution: all TVDs same level, but distinct compartments (240 possible TVDs) Trusted Virtual Domains on OpenSolaris 7
  • 8. System Security Lab TVD Management ● Simple TVD management (Admin) ● Creation: name, description, network segment ● Assignment of users and zone images ● Automatic and transparent policy distribution ● Global Policy: MLS labels, user assignments ● Local Policy: allowed zones, network config, etc. ● Platform Policy: defines secure channel between master and platforms Marcel Winandy Trusted Virtual Domains on OpenSolaris 8
  • 9. System Security Lab Efficient Zone Image Deployment (1) ● User Login: can choose working environments Marcel Winandy Trusted Virtual Domains on OpenSolaris 9
  • 10. System Security Lab Efficient Zone Image Deployment (2) ● Minimal standard zone: 1.4 GB (!) ● But: ZFS features clones and snapshots ● Every image is snapshot of a zone ● Snapshots can have dependencies (delta images) ● Tree-like organization: ● Base zone images ● Other zones are derived from base image ● Deployment: base in cache, deploy deltas only! Marcel Winandy Trusted Virtual Domains on OpenSolaris 10
  • 11. System Security Lab Protected Storage Devices (1) ● Encrypted Home Directories ● Stored on central server (via NFS) ● Loopback-mounted (lofi) with built-in encryption ● TVD layer: management of encryption key ● Mobile Storage Devices (e.g. USB sticks) ● Similar approach ● Transparent encryption after assignment to a TVD Marcel Winandy Trusted Virtual Domains on OpenSolaris 11
  • 12. System Security Lab Protected Storage Devices (2) ● User attaches new USB device Marcel Winandy Trusted Virtual Domains on OpenSolaris 12
  • 13. System Security Lab Protected Storage Devices (3) ● Transparent encryption after assignment to TVD Marcel Winandy Trusted Virtual Domains on OpenSolaris 13
  • 14. System Security Lab Conclusion ● TVD on OpenSolaris: efficient and usable TVD realization for end-user desktop systems ● Leverages existing OpenSolaris features ● Zones, MLS, ZFS, Secure GUI ● Adds new components ● Server infrastructure (TVD Master), local TVD Layer ● Transparent data encryption (home + USB sticks) ● Efficient zone image deployment ● No changes on kernel or core OS services More information: http://www.trust.rub.de/projects/tvd-solaris Marcel Winandy Trusted Virtual Domains on OpenSolaris 14