Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy-Sensitive VM Retrospection Wolfgang Richter 1, Glenn Ammons 3, Jan Harkes 1, Adam Goode 4, Nilton Bila 2, Eyal de Lara 2, Vasanth Bala 3, Mahadev.

Published byMarianna Flowers Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy-Sensitive VM Retrospection Wolfgang Richter 1, Glenn Ammons 3, Jan Harkes 1, Adam Goode 4, Nilton Bila 2, Eyal de Lara 2, Vasanth Bala 3, Mahadev."— Presentation transcript:

1 Privacy-Sensitive VM Retrospection Wolfgang Richter 1, Glenn Ammons 3, Jan Harkes 1, Adam Goode 4, Nilton Bila 2, Eyal de Lara 2, Vasanth Bala 3, Mahadev Satyanarayanan 1 1 Carnegie Mellon University 2 University of Toronto 3 IBM Research 4 Google

2 Introspection vs Retrospection ● Examine active state of VM during execution ● Examine historical state of VMs and their snapshots VM Instance A Examine live logs A'A1A2 B'B1B2... Examine all historic logs A*

3 Change: Shift in Thinking ● Traditionally a VM == executable content ● VM Image Libraries break this paradigm ● Think of VMs as big data ● What can we do with them?

4 Change: Shift in Thinking ● Traditionally a VM == executable content ● VM Image Libraries break this paradigm ● Think of VMs as big data ● What can we do with them? Apple's Time Machine over all VM instances including their complete snapshotted history

5 Retrospection ● Deep search over historical VM data ● Snapshots, Virtual Disks, … ● Help with: ● Debugging and troubleshooting ● Legal establishment of data/code provenance ● Malware tracking ● License violations

6 Deep Search? ● Search content of files ● Pictures, Documents, Binary files ● Enable proprietary plugins ● Adobe, MS Office, Norton, SW Discovery Tools ● While respecting privacy...

7 Example: Forensics - Before Compromised VMQuarantined VM 1. Crawl live or frozen logs 2. Pull backups if available 3. Examine differences 4. Determine root causes 5. Redeploy

8 Example: Forensics - After Compromised VMQuarantined VM 1. Crawl live or frozen logs 2. Retrospect entire history 3. Examine differences 4. Determine root causes 5. Redeploy

9 Example: Forensics - After Compromised VMQuarantined VM 1. Crawl live or frozen logs 2. Retrospect entire history 3. Examine differences 4. Determine root causes 5. Redeploy Unified interface for searching historic state: uncover suspicious log entries, infected binaries, etc. at once

10 Example: Copyright ● Examine a set of instances ● Retrospect to find history of transforms ● Provide evidence in court ● Multiple companies with similar cloud infrastructures supporting retrospection could perform the same queries

11 Privacy via Cryptography ● Complete trust, if encrypted keys shared ● Some trust, key escrow service ● No trust, no external search infrastructure ● Per-file, per-directory, per-partition

12 Design Principles 1) Support on-demand queries, scoped to a minimal set of data. 2) Control of retrospection policy resides with VM owners, not cloud operators. 3) Place as few constraints as possible on the generality of search computations.

13 Retrospection ● VMs become big data ● New opportunities with deep search over historical VM data ● Retrospection is the unifying mechanism for examining historical VM data ● Nanuk – Our implementation

14 Questions?

15 Nanuk Dataretriever Client Server Scope Mirage MySQL Dataretriever Scope Definition Query+Cookie Metadata Query Raw Data Request Objects Dataretriever

16 IBM Research Mirage ● Virtual Image Library ● File-level deduplication ● Files are referenced by SHA-1 ● Reads VM Image partitions and file systems

17 OpenDiamond Platform ● Distributed, interactive, unindexed search ● Focuses on the principle of early discard ● Enables arbitrary search queries ● Arbitrary x86 binary code as query primitives

18 Achievable Efficient Retrospection

19 Effect of Deduplication - Bytes Reduce Storage Space Data from 78 NCSU VCL VM Images based on Windows XP

20 Reduce Search Time Data from 78 NCSU VCL VM Images based on Windows XP Effect of Deduplication - Files

Download ppt "Privacy-Sensitive VM Retrospection Wolfgang Richter 1, Glenn Ammons 3, Jan Harkes 1, Adam Goode 4, Nilton Bila 2, Eyal de Lara 2, Vasanth Bala 3, Mahadev."

Similar presentations

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Marketplace and Appliance Management Charles (Cal) Loomis & Mohammed Airaj LAL, Univ. Paris-Sud, CNRS/IN2P3 24-25 October 2013.

Marketplace and Appliance Management Charles (Cal) Loomis & Mohammed Airaj LAL, Univ. Paris-Sud, CNRS/IN2P October 2013.
Retrospecting VM Images Wolfgang Richter Glenn Ammons *, Jan Harkes, Adam Goode, Vasanth Bala *, Nilton Bila +, Eyal de Lara +, Mahadev Satyanarayan *

Retrospecting VM Images Wolfgang Richter Glenn Ammons *, Jan Harkes, Adam Goode, Vasanth Bala *, Nilton Bila +, Eyal de Lara +, Mahadev Satyanarayan *
1/30/2015 Just-in-Time Virtual Machine Provisioning for Cloud Offload Kiryong Ha Carnegie Mellon University.

1/30/2015 Just-in-Time Virtual Machine Provisioning for Cloud Offload Kiryong Ha Carnegie Mellon University.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.

MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.
Virtualization and the Cloud

Virtualization and the Cloud
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Cloud Computing Systems Lin Gu Hong Kong University of Science and Technology Sept. 21, 2011 Windows Azure—Overview.

Cloud Computing Systems Lin Gu Hong Kong University of Science and Technology Sept. 21, 2011 Windows Azure—Overview.
Enables businesses achieve greater efficiency by sharing data and processes Shared application data across legal entities— party, location, products…

Enables businesses achieve greater efficiency by sharing data and processes Shared application data across legal entities— party, location, products…
1© Copyright 2013 EMC Corporation. All rights reserved. EMC and Microsoft SharePoint Server Data Protection Name Title Date.

1© Copyright 2013 EMC Corporation. All rights reserved. EMC and Microsoft SharePoint Server Data Protection Name Title Date.
Effectively and Securely Using the Cloud Computing Paradigm.

Effectively and Securely Using the Cloud Computing Paradigm.
Systems Analysis and Design in a Changing World, 6th Edition

Systems Analysis and Design in a Changing World, 6th Edition
Symantec Ghost Effective Disk Cloning Software. What is Ghost? “Ghost is a software product from Symantec that can clone (copy) the entire contents of.

Symantec Ghost Effective Disk Cloning Software. What is Ghost? “Ghost is a software product from Symantec that can clone (copy) the entire contents of.
© Spinnaker Labs, Inc. Google Cluster Computing Faculty Training Workshop Open Source Tools for Teaching.

© Spinnaker Labs, Inc. Google Cluster Computing Faculty Training Workshop Open Source Tools for Teaching.
Projects. High Performance Computing Projects Design and implement an HPC cluster with one master node and two compute nodes. (Hint: use Rocks HPC Cluster.

Projects. High Performance Computing Projects Design and implement an HPC cluster with one master node and two compute nodes. (Hint: use Rocks HPC Cluster.
Introduction to Cloud Computing

Introduction to Cloud Computing
Introduction to Apache OODT Yang Li Mar 9, 2012. What is OODT Object Oriented Data Technology Science data management Archiving Systems that span scientific.

Introduction to Apache OODT Yang Li Mar 9, What is OODT Object Oriented Data Technology Science data management Archiving Systems that span scientific.
Real World Case Study KM Summer Institute June 12-16 2006 Rano Joshi, Vorsite.

Real World Case Study KM Summer Institute June Rano Joshi, Vorsite.
CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t Daniel Gomez Ruben Gaspar Ignacio Coterillo * Dawid Wojcik *CERN/CSIC funded by Spanish.

CERN IT Department CH-1211 Geneva 23 Switzerland t Daniel Gomez Ruben Gaspar Ignacio Coterillo * Dawid Wojcik *CERN/CSIC funded by Spanish.

Similar presentations

Ads by Google