SODA: Service-On-Demand Architecture for Application Service Hosting Utility Platforms Dongyan Xu, Xuxian Jiang Lab FRIENDS (For Research In Emerging Network and Distributed Services) Department of Computer Sciences Center for Education and Research in Information Assurance and Security (CERIAS) Purdue University
58
Embed
SODA : Service-On-Demand Architecture for Application Service Hosting Utility Platforms Dongyan Xu, Xuxian Jiang Lab FRIENDS (For Research In Emerging.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SODA: Service-On-Demand Architecture for
Application Service Hosting Utility Platforms
Dongyan Xu, Xuxian Jiang
Lab FRIENDS (For Research In Emerging Network and Distributed Services)
Department of Computer Sciences Center for Education and Research in Information Assurance
and Security (CERIAS) Purdue University
Outline
Motivations and goals Related work Research components of SODA Summary and on-going work
Motivations
Vision of utility computing Computation utility Storage utility
Application service hosting Conference management e-Campaign Digital government Serving the underserved communities IT function shadowing for disaster recovery
Virtual enterprise, collaboratory, and community
Our Goal
To build a value-added application service hosting platform based on shared infrastructure, achieving: On-demand creation and provisioning Virtualization Isolation Protection Accountability Privacy
Utility computing architectures VERITAS, HP UDC, IBM Oceano
Grid computing on VM: Virtuoso (Northwestern), Entropia
Virtual cluster: Cluster-on-Demand (Duke)
Related Work
SODA Service-On-Demand Architecture for
application service hosting utility platforms
Research components of SODA General architecture Protection, intrusion detection, logging Confined and VM-based overlay Market-driven planning and management
Outline
Research components of SODA: General architecture Security and protection Confined VM-based overlay ‘Property’ planning and management
Detailed Information Xuxian Jiang, Dongyan Xu, "SODA: a Service-On-Demand
Architecture for Application Service Hosting Utility Platforms", Proceedings of The 12th IEEE International Symposium on High Performance Distributed Computing (HPDC-12), Seattle, WA, June 2003.
Application service (AS) Guest OS Internetworking enabled
One SODA host
Host OS
…Guest OS Guest OS
AS1 ASn
SODA Master SODA Agent
Host OS
Guest OS
Service SSODA
Daemon
Host OS
Guest OS
Service S
SODADaemon
Host OS
Guest OS
Service S’SODA
DaemonGuest OS
Service S’
Service Switch for S Service Switch for S’
Service Requests From ClientsService Requests From Clients
Service Creation Requests From ASP
Virtual servicenode
On the Same SODA Host
WWW service Honeypot
Host OS and Guest OS Guest OS: based on User-Mode Linux
(UML), an open-source virtual OS (different from UMLinux and VServer ) By Jeff Dike, http://user-mode-linux.sourceforge.net Running in user space of host OS Separate kernel address space Physical memory usage limit
Host OS: Linux (linux-2.4.19, enhanced) CPU fair share scheduler (for CPU isolation
between virtual service nodes)
Experiment: CPU Isolation
Original Linux Scheduler Enhanced Linux Scheduler
VM1: CPU-intensive VM2: IO-intensive VM3: Web
On-Demand Service Priming
Performed by SODA Daemon Customization of guest OS (“cook to
order” ) Active service image downloading Automatic bootstrapping of virtual
service node
Service Bootstrapping Time
Linux Configuration
Image sizeTime
(seattle)Time
(tacoma)
Rootfs_tomrtbt_1.7.205
15 MB 2.0 sec. 3.0 sec.
Rootfs_base_1.0 29.3 MB 3.0 sec. 4.0 sec.
Root_fs_lfs_4.0 400 MB 4.0 sec. 16.0 sec.
Root_fs.rh-7.2-server.pristine.2
0021012253 MB 22.0 sec. 42.0 sec.
Slow-Down (w/o optimization)
1,368 37,004gettimeofday
1,200 27,044munmap
1,208 27,864mmap
1,084 26,904dup2
1,064 26,648geteuid
1,208 27,276getpid
Linux UMLSystem call
System call level(clock cycles)
Application level
Outline
Research components of SODA: General architecture Security and protection Confined VM-based overlay ‘Property’ planning and management
Detailed Information Xuxian Jiang, Dongyan Xu, Rudolf Eigenmann, "Protection
Mechanisms for Application Service Hosting Platforms", Proceedings of IEEE/ACM Int'l Symposium on Cluster Computing and the Grid (CCGrid 2004), Chicago, IL, April 2004.
Xuxian Jiang, Dongyan Xu, "Collapsar: A VM-Based Architecture for Network Attack Detention Center", to appear in Proceedings of the 13th USENIX Security Symposium (Security '04), San
Diego, CA, August 2004.
Security and Protection
Virtual switching and firewalling
IDS in guest OS kernel
Untamperable logging (‘blackbox’-ing) Host OS
…Guest OS Guest OS
AS1 ASn
Virtual Switching and Firewalling
Virtualmachine(with IPaddr.)
SODA host(Invisible on
Internet)
Guest OS Guest OSGuest OS
Host OS
Firewall
Kernort: IDS in Guest OS Kernel
Problems with traditional IDS Encrypted traffic (e.g. ssh) makes NIDS less effective App-level IDS process will be “killed”, once a machine is
compromised Log may be tampered with Fail-open
Related projects Backtracker (Michigan) VMM-based retrospection (Stanford) Forensix (OHSU) ESP (Purdue CERIAS) Open-source projects: Snort, Saint Jude
Kernort
VM-based IDS Deployed in each VM
Inside guest OS kernel: a unique vista point Customizable without affecting host OS Clearer view Untamperable logging (saved to SODA host) Renewable signature (read from SODA host) Fail-close instead of fail-open
Kernort: IDS in Guest OS Kernel
Guest OS Guest OS
Kernort
Components Kernort sensor
Event-driven (system call and packet reception) Renewable signature set Matching against a small signature set (“Top 20
Research components of SODA: General architecture Security and protection Confined VM-based overlay ‘Property’ planning and management
Detailed Information Xuxian Jiang, Dongyan Xu, "vBET: a VM-Based Emulation Testbed",
Proceedings of ACM Workshop on Models, Methods and Tools for Reproducible Network Research (MoMeTools, in conjunction with ACM SIGCOMM 2003), Karlsruhe, Germany, August 2003.
Xuxian Jiang, Dongyan Xu, "VIOLIN: Virtual Internetworking on OverLay INfrastructure", Department of Computer Sciences Technical Report CSD TR 03-027, Purdue University, July 2003.
Xuxian Jiang, Dongyan Xu, “A Middleware Architecture for Confined Virtual Machine Overlays", in preparation, March 2004.
Traditional Overlay Network Problems with traditional overlays:
Open for attacks Attacks from the outside (i.e. Internet) against
overlay nodes Attacks from an overlay node against the outside
Difficult to manage An overlay across multiple administration domains A host participate in multiple overlays Difficult to enforce overlay topology and traffic
volume
VPN does not solve the problems
Traditional Overlay Network
FirewallFirewall
Firewall
VM-based Overlay The case for VM-based overlay
Multiple overlays on shared infrastructure On-demand creation Confinement and isolation
VM introduces new network administration complexity “What is this new machine that has suddenly
appeared in my domain?” “Where is the machine that was in my domain
yesterday?” “How much network connectivity should a VM have?” “How many IP addresses for VMs?”
Confined VM-based Overlay In addition to VM, we need VN for VMs
VN: a highly overloaded term (VPN, X-bone…)
What is new: Confined and VM-based overlays
Applications Multi-institutional collaborations Philanthropic (volunteer) computing systems Network emulations
Confined VM-based Overlay
Firewall Firewall
Firewall
VMVM
VM
≤1Mbps
≤2Mbps ≤2MbpsVirtual
infrastructure
Key Properties
Confined overlay topology and traffic No attack possible from inside the
overlay to the outside world Virtual IP address space No need for application modification
and re-compilation
A More Generic Picture
VIOLIN:Virtual
Internetworkingon OverLay
INfrastructure
vBET: an Example of Confined Overlays on Demand
An education tool for network and distributed system emulation