1 Federation of Emulabs and Relevant New Development Jay Lepreau with Rob Ricci, Mike Hibler, Leigh Stoller University of Utah USC/ISI Federation Workshop.

Slides:

Advertisements

Similar presentations

EMu New Features 2013 Bernard Marshall KE Software.

Advertisements

Chapter 20 Oracle Secure Backup.

New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014

The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Transparent Checkpoint of Closed Distributed Systems in Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah,

Server-Side vs. Client-Side Scripting Languages

An Experimentation Workbench for Replayable Networking Research Eric Eide, Leigh Stoller, and Jay Lepreau University of Utah, School of Computing NSDI.

Integrated Scientific Workflow Management for the Emulab Network Testbed Eric Eide, Leigh Stoller, Tim Stack, Juliana Freire, and Jay Lepreau and Jay Lepreau.

Oxford Jan 2005 RAL Computing 1 RAL Computing Implementing the computing model: SAM and the Grid Nick West.

Emulab Federation Preliminary Design Robert Ricci with Jay Lepreau, Leigh Stoller, Mike Hibler University of Utah USC/ISI Federation Workshop December.

Glenn Research Center at Lewis Field Software Assurance of Web-based Applications SAWbA Tim Kurtz SAIC/GRC Software Assurance Symposium 2004.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

MongoDB Sharding and its Threats

Web Application Testing with AppScan Terry Labach.

By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

1 Web Database Processing. Web Database Applications Static Report Publishing a report is prepared from a database application and exported to HTML DB.

Craig Berntson Chief Software Gardener Mojo Software Worx Branches and Merges are Bears, Oh My!

OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.

Page 1 Trilinos Software Engineering Technologies and Integration Capability Area Overview Roscoe A. Bartlett Trilinos Software Engineering Technologies.

A Security Review Process for Existing Software Applications

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

CH2 System models.

IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.

COLD FUSION Deepak Sethi. What is it…. Cold fusion is a complete web application server mainly used for developing e-business applications. It allows.

Security Testing Case Study 360logica Software Testing Services.

1 Supporting the development of distributed systems CS606, Xiaoyan Hong University of Alabama.

Microsoft Security Development Lifecycle

Presented by: Alicia Goodwin

10/14/2015 Introducing Worry-Free SecureSite. Copyright Trend Micro Inc. Agenda Problem –SQL injection –XSS Solution Market opportunity Target.

Software Project Documentation. Types of Project Documents  Project Charter  Requirements  Mockups and Prototypes  Test Cases  Architecture / Design.

Putting it all together Dynamic Data Base Access Norman White Stern School of Business.

1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.

 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.

October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University

Security (Keep your site secure at extension level) Sergey Gorstka Fastw3b.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

1 Testbeds Breakout Tom Anderson Jeff Chase Doug Comer Brett Fleisch Frans Kaashoek Jay Lepreau Hank Levy Larry Peterson Mothy Roscoe Mehul Shah Ion Stoica.

Computer Literacy for IC 3 Unit 1: Computing Fundamentals © 2010 Pearson Education, Inc. | Publishing as Prentice Hall.1 Chapter 4: Identifying Software.

OARN Database UPDATE – SEPTEMBER We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured: 

Microsoft Management Seminar Series SMS 2003 Change Management.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

DataFlow Diagram – Level 0

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Based upon slides from Jay Lepreau, Utah Emulab Introduction Shiv Kalyanaraman

MANUAL TESTING KS SESSION PRESENTED BY 26/11/015 VISHAL KUMAR.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

Date : 3/04/2010 Web Technology Solutions Class: PHP Web Application Frameworks.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Role Of Network IDS in Network Perimeter Defense.

Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Testing and delivery Web design principles. Web development is software development.

ArcGIS for Server Security: Advanced

Web Technology Solutions

Business System Development

Common Methods Used to Commit Computer Crimes

CheckPoint Accelerated CCSE NGX R65

Server Concepts Dr. Charles W. Kann.

A Security Review Process for Existing Software Applications

PHP / MySQL Introduction

Introduction of Week 3 Assignment Discussion

(Test Driven) Software Development

Eoin Keary Code review Lead Irish Chapter Lead

Lecture 2 - SQL Injection

Security at the Source.

6. Application Software Security

Presentation transcript:

1 Federation of Emulabs and Relevant New Development Jay Lepreau with Rob Ricci, Mike Hibler, Leigh Stoller University of Utah USC/ISI Federation Workshop December 11, 2006

2 Emulab Federation Design “Levels” Level 1 - quick hack Level 2 - good design and function Level 3 - Do Everything Right and be GENI-compatible

3 Our Design's Goals Level 2 for Emulabs, including DETER Work pretty well for federation with PlanetLab (for which we're funded) Be on path to GENI compatibility Rob will describe in next talk

4 Why Federate? Obvious: Resources, resources –Larger common pool –Better statistical multiplexing –Access to different (heterogenous) resources Includes validation activity –Larger expts possible

5 Why Federate (less obvious) Access to Emulab system features not available locally –Out of date –Alpha/beta test features –Buggy (due to old code or new code) –Against policy –Different feature sets (beware the fork!) Ease testing for site-specific behavior (bug, ….) One mechanism eliminates version skew! Help build community mindset Partial/possible prototype for GENI federation

6 Why Not Federate? Stay separate (option 1) –No hard or ambiguous policy problems, including resource policies –No problems of version skew –Better privacy, esp. vs. testbed opers –Keep local users ignorant of possible better options –Simpler for the software Just merge –Physically (option 2a) For political and economic reasons, distributed resources will always exist Still, some testbeds could merge –Logically (option 2b) See later under “ASP model”

7 Approaches / User Interfaces Single portal for multi-Emulab expts Single master Emulab and all others are proxies ASP model (variant of above) Peers: submit anywhere have privileges Many masters: submit only from “home” Emulab

8 Requirements To be incentive-compatible, –Local site's users' must not get any worse access to resources than they would if non- federated –Other risks must be mitigated

9 Threats Security –boss.emulab.net (only marginally higher threat from alien users) –ops.emulab.net (don’t share) –fs.emulab.net (don’t share) Alien operators Public Internet Poorly-run Emulabs –Security, fidelity

10 Risks API version skew –Mitigate with external API only, not DB state –Mitigate with Elab-in-Elab testing Confusing to user –Policies, mechanisms, portals Software complexity Operational complexity –Eg, error reporting

11 Federation-Relevant New Emulab Development

12 New: admin Licensing: open source –release by January –Probably Affero GPL or similar –Daily (or live) update of CVS repo Note implications for security –… –White box testing required

13 Recent development (low tech) Move to uuid for users, projs, groups –For federation, expt archive – names for users Refactoring all the code into classes and instances

14 Security validation of the Emulab web site [1] Problem: Block SQL injection attacks –Web page input fields -> PHP -> MySQL queries –Unchecked inputs allow hijacking the DB. Solution: Full input field checking –Almost all fields are checked in the PHP code. –Show that *all* input fields are checked. –Automate the checking to maintain the assertion. –About 70% (?) complete

15 Security validation of the Emulab web site [2] Our approach: automated black-box/white-box scanning. –Probe a captive Emulab-in-Emulab web site and DB. Black-box: –Spider HTML pages; find forms and input fields. –Use an attack web-proxy to capture hidden GET/POST fields. White-box: –Scan the sources for forms to ensure complete coverage. –Accumulate a dictionary of valid input field values. Automation: –Script: activation, spidering, coverage checking, and probing. –Probes mix in one penetration string with other valid inputs. –Catch unchecked probes in DB Query common code.

16 More and Better Hetero Resources Fed with PlanetLab: both directions Imminent wireless testbed expansion ( nodes) – –SDR

17 New (hi tech) Stateful swapout / pre-emption –Local disk state, memory and processor state, consistent network state, time adapter/transducers –time travel coming… Branching LVM Experimentation Workbench [TR Dec’06, Usenix’06] –Total record/replay; workflow Enables assured pipelines, validation, stamp-of-approval –Possible staging/tracking of persistent file access Flexlab [HotNets’06] –Decouple network model from Emulab –Real Internet conditions and traffic from/on PlanetLab

18 Starting, slowly… Layer 2 and layer 3 devices first class Emulab objects Use it to configure / assure / audit Emulab infra itself