Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Bees: A Secure, Resource-Controlled, Java-Based Execution Environment Tim Stack Eric Eide Jay Lepreau University of Utah April 5, 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Bees: A Secure, Resource-Controlled, Java-Based Execution Environment Tim Stack Eric Eide Jay Lepreau University of Utah April 5, 2003."— Presentation transcript:

1 1 Bees: A Secure, Resource-Controlled, Java-Based Execution Environment Tim Stack Eric Eide Jay Lepreau University of Utah April 5, 2003

2 2 What is Bees? Mobile code system that is –Realistically deployable because it addresses needs of node administrators –Realistically usable because it provides rich interface needed by service authors We believe may be the first such environment

3 3 Key Features Flexible security primitives Resource control Flexible protocol composition Flexible control of packet propagation Isolates interaction with end-user apps Bees integrates them all

4 4 A Motivating Application Motherboard sensor monitor –Spreads over network –Reports to server –Shuts down faulty nodes Ideal for active protocol –Flexible access to sensors –Not speed-critical Health Reports Node

5 5 ANTS: Implementation Capsule –Packet associated with Java class through MD5 hash Protocol –Collection of capsule classes Application –Includes copy of protocol –Source of all capsules

6 6 ANTS: Security Healthd Sensor.classFileOutputStream.class

7 7 ANTS: Security No security infrastructure –Can’t read sensors –Can’t log to file Healthd Sensor.class Not Found FileOutputStream.class Not Found

8 8 ANTS: Resource Control TTL controls resources TTL must be replenished Report Capsule Node

9 9 ANTS: Resource Control TTL controls resources TTL must be replenished –Server sends requests Problems –More network traffic –Topology not discovered Report Capsule Node Request Capsule

10 10 ANTS: Node Discovery Discover topology –Just send to neighbors Node Capsules

11 11 ANTS: Node Discovery Discover topology –Just send to neighbors Problems –Protocol containment –More TTL issues –Hard to reuse Node Capsules External Node Border Router

12 12 ANTS: Endpoint Node unhealthy –No shutdown permission –Tell application Healthd Temperature: 180°F Fan Speed: 0 rpm Node Shutter Downer Healthd

13 13 ANTS: Endpoint Node unhealthy –No shutdown permission –Tell application Version change –Capsule hash mismatch –Application must be updated manually Healthd v2.0 Temperature: 180°F Fan Speed: 0 rpm Node Shutter Downer Healthd Drop

14 14 ANTS: Assessment Reality intervenes What is wrong? Wrong type of EE Richer EE needed

15 15 Lean vs. Rich Rich Node resident state Threads, timer events General language Complex resource control/accounting Example: Bees Lean Little to no state Forwarding loop only Specialized language Simple resource control/accounting Example SNAP/ANTS

16 16 Overview Bees –Security –Resource control –Protocol composition –Application interaction –Details of code migration Related work Conclusion

17 17 JanosVM Security: Isolation Multi-process JVM –Isolates active code –Process holds state, privileges Process is unit of resource control Auth Agent creates and terminates Healthd Auth Agent Protocol A

18 18 Security: Capabilities Capability-based security mechanism Examples –Files –Cryptographic keys –Neighbors Distributed by Auth Agent Sensor Sensor Log File Healthd Auth Agent

19 19 Example: Node Discovery Border neighbor withheld Privileges needed to escape Node Capsules External Node Border Router

20 20 Resource Control Janos infrastructure –CPU, network, and memory Process is unit of control Termination reclaims resources Network controls –Bandwidth limits not enough –TTL too restrictive

21 21 Network Control Allow only solicited forwarding External stimuli –Timer, capsule receipt, application, … Fine grained operations –Forward to neighbor –Return to source –Multicast to neighborhood –Transform to another capsule type

22 22 Capsule Operations Capsule operation counters –Protocol author defines initial values –Stimuli replenishes values –Decremented on use –Operations disallowed when zero Initial values limited by Auth Agent

23 23 Example: Resource Control Report capsule –Replenished by timer –Sent –Further use stopped Forwarding is similar –Replenished by receive Report Capsule Node

24 24 Protocol Composition No protocol is an island –Protocols depend on each other Protocol is the unit of composition –Primary paired with companions Protocols form a hierarchy System provided –Code downloader

25 25 Pathfinder Primitive routing protocol Routing scenarios: –Client to server –Server to all clients –Server response to client request Implementation –Spanning tree behavior –No addresses

26 26 Example: Node Discovery Periodic broadcast –Finds path to server –Spreads code Client Node Discovered Path Server Node

27 27 Application Interaction Protocol Session provides application interface Trust barrier –Only byte arrays are exchanged Abstracts raw protocol –Insulation from versioning issues Similar to standard socket interfaces

28 28 Example: Endpoint Node unhealthy –Tell application Other protocols can use same interface Temperature: 180°F Fan Speed: 0 rpm Cluster Scheduler Node Shutter Downer Healthd

29 29 Code Migration Unknown capsule Healthd Auth App DLID AD

30 30 Code Migration Unknown capsule Map capsule to Healthd Healthd Auth App DLID AD

31 31 Code Migration Unknown capsule Map capsule to Healthd Download auth data Healthd Auth App DLID AD ID

32 32 Code Migration Unknown capsule Map capsule to Healthd Download auth data Check auth data Healthd Auth App DLIDAD IDAD

33 33 Code Migration Unknown capsule Map capsule to Healthd Download auth data Check auth data Create process Healthd Auth App DLIDAD IDAD Healthd DL

34 34 Code Migration Unknown capsule Map capsule to Healthd Download auth data Check auth data Create process Start download Healthd DLIDAD IDAD Healthd DL Auth App

35 35 Code Migration Unknown capsule Map capsule to Healthd Download auth data Check auth data Create process Start download Finish download Healthd DLIDAD IDAD Healthd Auth App DL

36 36 Related Work Resource control –RCANE[Menage00], SNAP[Moore01] Security –SANE[Alexander98], SANTS[Murphy01] Protocol composition –CANES[Bhattacharjee99]

37 37 Bees v0.5.0 50,000+ Lines of Code 30-page manual Example application Available at: www.cs.utah.edu/flux/janos

38 38 Conclusion Rich environment –Support for node administrators –Support for protocol authors Key Features –Security and resource control –Protocol composition –Isolates interaction with end-user apps

Download ppt "1 Bees: A Secure, Resource-Controlled, Java-Based Execution Environment Tim Stack Eric Eide Jay Lepreau University of Utah April 5, 2003."

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Windows® Deployment Services

Windows® Deployment Services
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
Impala: A Middleware System for Managing Autonomic, Parallel Sensor Systems Ting Liu and Margaret Martonosi Princeton University.

Impala: A Middleware System for Managing Autonomic, Parallel Sensor Systems Ting Liu and Margaret Martonosi Princeton University.
PlanetLab Operating System support* *a work in progress.

PlanetLab Operating System support* *a work in progress.
Routing Basics By Craig Lindstrom. Overview Routing Process Routing Process Default Routing Default Routing Static Routing Static Routing Dynamic Routing.

Routing Basics By Craig Lindstrom. Overview Routing Process Routing Process Default Routing Default Routing Static Routing Static Routing Dynamic Routing.
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)

CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)
CSE331: Introduction to Networks and Security Lecture 9 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 9 Fall 2002.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
OSMOSIS Final Presentation. Introduction Osmosis System Scalable, distributed system. Many-to-many publisher-subscriber real time sensor data streams,

OSMOSIS Final Presentation. Introduction Osmosis System Scalable, distributed system. Many-to-many publisher-subscriber real time sensor data streams,
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.

Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
Internet Networking Spring 2003

Internet Networking Spring 2003
Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.

Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.
1 Janos Patrick Tullmann Flux Research Group University of Utah.

1 Janos Patrick Tullmann Flux Research Group University of Utah.
Announcements List Lab is still under construction Next session we will have paper discussion, assign papers,

Announcements List Lab is still under construction Next session we will have paper discussion, assign papers,

Similar presentations

Ads by Google