-
Notifications
You must be signed in to change notification settings - Fork 0
meetingNotes
Perry Alexander edited this page Jul 1, 2014
·
47 revisions
- Perry, Leon, Prasad, Justin, Jason, Paul, Adam
- Internal presentation of Demo 1 - @done
- Discussion of Demo 2 - @done
- Weekly status updates - @done
- Demo 1 notes
- separate VM communication is working fine
- single VM
vchancommunication is crashing still - two terminals on compute 5
- two VMs with fixed IDs
- start attestation with fixed domain id for appraiser
- start appraiser with fixed domain is for attestation
- domain IDs used for communication
- demo 1 is in the books
- issues
- static IPs are still a problem
- single VM
vchanis still failing - data is still going over the control network rather than the data network
- sharing keys is still a pain, but we know that
- key management is largely a mess
- demo 2
- no changes from initial plan for now
- major goals
- communication with measurer
- more interesting measurements
- protocol execution
- composite evidence
- inter-Xen communication (cloud)
- first steps toward verification
- status updates
- None
- None
- Perry, Andy, Prasad, Evan, Paul, Adam, Jason
- Architecture discussion - @done
- Crypto mechanism - @done
- Demo 1 Progress - @done
- Demo 2 Progress - @done
- Literature studies - @done
- Odds and Ends - @done
- Rockwell Collins Debrief - @done
- Monitors, keyboards, compute nodes - @done
- Architecture discussion
- Communication mechanisms
- VM infrastructure
- Cloud infrastructure
- Demo 1
- Attestation and appraisal are separate VMs
- crypto functionality is working, but not necessarily what we want long term
- Galois has crypto for HaLVM
- Caution for download
- no typed channel yet, but should get there
- can do by agreement
- sign with type
- nifty Haskell package out of this
- Verification infrastructure
- thinking about comm verification
- thinking about structure of verification subsystem
- proof for serialization
- Demo 2
- Updates in web and architecture paper
- mainly figures
- Order compute node for cluster
- Order 2 monitors for student desks
- Consider purchasing several Raspberry PIs
- target IFL for paper on typed communication channel
- Think about HTTP as a measurement target
- Think about the verification aspects of demo 1
- Look at verification of the communications infrastructure
- Look at cryptographic protocol verification {>>This should be trivial, but needs to be done<<}
- Implement Quickcheck across software infrastructure
- Jason, Justin, Paul, Adam
- Communication mechanisms - @done
- Demo 1 status - @done
- Repo issues - @done
- wiki and planning issues - @done
- Still working on issues related to tracking
- will try the wiki now
- other stuff is not well integrated
- CentOS is painful, but there may be no advantage to moving
- one compute node at fedora to mimic Galois
- Galois is using a custom Xen kernel
- communication infrastructure
- looking at cloud Haskell for communication among Xen installations
- looking at
vchanand HaLVM for IVC - really want one API in the protocol language
- Protocol executions going
- using parallel Haskell before we have comm
- working on protocol execution
- Using static analysis to predict what patterns ahold not appear
- a dynamic state that static analysis does not predict is a problem
- already do call graph and control flow
- Dig up notes on repo branching - @done
- See what crypto libraries Galois uses - @done
- New People - @done
- Discussion of demonstrations - @done
- Task status - @done
- Look at GitHub issues tracking system - @done
- Assign background readings - @done
- XenStore has a pragmatic limitation on message size
- vchan in Haskell is coming along
- Issues currently with control characters in communication
- Communication is typed - the things that are communicated have Haskell types
- Found a blog post on protocols in Haskell
- Need to check out how it fits with
vchan - Need to integrate approach with our mechanisms
- Need to check out how it fits with
- Need standard crypto libraries for Haskell
- RSA standard and nonce creation
- Build quote creation software
- Getting
vchanand STM library living together - @entered - Put blog on communication on website - @entered
- Find standard crypto library - @done
- Write quote creation software working outward to protocol - @done
- Communication between measurement and infrastructure - @done
- Readings to GitHub - @done
- Tasks and schedule to GitHub - @done
- New People
- Introduce demonstrations
- Discuss todo lists and logs
- Assign background readings
- Using github issues for assignments
- Haskell is opening vchan
- starting communication in Haskell
- vchan issues
- isn't designed to compile in MiniOS
- HaLVM is MiniOS based
- vchan in HalVM must be done
- Look at OpenAttestation - @done
- Look at IBM Integrity Measurement Architecture - @done
- Perry, Prasad, Andy, Leon, Jason, Justin, Evan
- Summary reports
- Go through attack plan
- Justin and Leon have vchan working
- C right now
- Will move into Haskell
- Looking at XSM integration
- Not using Cloud Haskell
- Will roll our own from the cloud Haskell infrastructure
- Publish this in IFL this fall
- HaLVM is being investigated
- Evan said we're close
- Evan said we're not close after that - Still working
- Connection to mutant cloud haskell will be awesome
- Research outline
- Lots of discussion about what we're doing and when
- Capture on the outline on the wiki along with comments
- See Work Plan for outcomes from this
- Push the outline onto the wiki - @done
- Set up a publications repo - @done
- Perry, Prasad, Andy, Leon
- Debrief the kickoff and HCSS
- Will add notes from HCSS, the kickoff and post-kickoff to another entry on the wiki
- None
- Andy Gill, Pete Loscocco, Machon Gregory, Daniel de Graff, Perry Alexander
- Discuss kickoff meeting
- Discuss Pete's design description
- catch up on TRP activities
- User space measurement is harder than OS measurement
- every measurer is different
- parts of executable May swap out
- memory structures can change from version to version
- Can the compiler inform measurement
- We believe so
- This was our NSF proposal
- really no choice if we want to do it
- User space measurement of environment is limited
- By what the measurer can "see"
- looking down is quite different than looking up
- measurer still needs a root-of-trust or safe place to work from
- How "lightweight" can this actually be?
- Pete is skeptical of what can be removed
- I believe reduced generality of the infrastructure will result in lighter applications
- Interesting discussions of not having roots of trust
- further confirmation that software roots of trust are weak
- Next generation PIONEER work is just as weak
- How much trp infrastructure can we use?
- SDP is too brittle and old
- Galois components are not integrated
- HaLVM has promise for us
- we'll use what we can and look around
- Daniel has pushed quite a bit into OpenStack
- we need to coordinate with Daniel
- vTPM is integrated
- Coordinate work with Daniel - @entered
- look for infrastructure that implements domain builder and vTPM then
dom0- @entered
- University of Kansas: Dr. Perry Alexander (Presenter) and Dr. Andy Gill
- Southern Cross Engineering: Ed Bishop
- Government: Tim Thimmesch, Frank Taylor, Alice Pelkey, Jim Rauscher, Orville Stockland, Anita Woodley, Marchon Gregory, Pete Loscocco
- Describe the ArmoredSoftware program
- Gather information from the customer
Dr. Alexander presented the slides provided via soft copy to Mr. Thimmesch on May 9, 2014.
- Pete Loscocco explained that in place of the TRP acronym, we should use SVP (Supervisor Virtual Platform).
- Orville Stockland suggested that OPEN STACK legacy includes USC, CMU, Aerospace, Hewlett Packard and others. Also McAfee and Black Duck Software are notable validators
- Mr. Stockland asked what the license cost was projected to be for Armored SW and Perry stated it was planed to be open-source.
- It was suggested that the Armored SW team talk with USC-SI’s Dr. Steve Krago (spelling?) as well as Dr. Joe Banister (spelling?) at Aerospace.
- It was also suggested the we connect with Dr. Alex Slay at Hopkins to explore if we may leverage the "Big Sky" model.
- It was suggested the we copyright "Armored SW"
- It was suggested the Perry access Open Attestation.com to explore how we may leverage what is available herein.
- Suggested that we have an unclass teleconference as introduction of Armored SW team with CMU and Aerospace.
- The question was asked; what Hardware does Armored SW require
- Answer nothing special - Intel based processors with TPM
- There was question as to whether Armored SW would attest FPGA code.
- Yes if measurers can be written for the FPGA source it would require no additional infrastructure
- The comment was made by the Government that Armored SW was good fundamental work.
- It was recommended that we review the IBM-IMA (Integrity Measurement Architecture.
- IMA is utilized in LINUX.
- Anita recommended that Armored SW collaborate with Open Stack Group
- It would be a big plus for DoD to get this.
- Look at Daniel De Graff's involvement
- Spoke with Daniel after the kickoff and he is interested
- Need to get formal approval to do this
- Pete suggested that we take the approach to ask "Where is trust required?"
- How can that be requested in a generic way?
- Trust as a service
- SGX (Intel) is a potential execution environment
- This is a real emerging technology for trusted execution
- Encrypted memory only clear in cache
- Is this a technology that will enable us to better support our assumptions?
- This is a real emerging technology for trusted execution
- vTPM Light and Lightweight infrastructure
- it was suggest that we take care to not make it too light that it may limit trustworthiness.
- Demo Suggestions:
- Protection of Grades
- Segregation of HR data
- Orville offered to provide contact information for Open Stack Consortium members - @entered
- Talk with USC-SI’s Dr. Steve Krago (spelling?) - @entered
- Talk with Dr. Joe Banister (spelling?) at Aerospace - @entered.
- Talk with Dr. Alex Slay at Hopkins to explore if we may leverage the "Big Sky" model - @entered.
- Copyright "Armored SW" - @entered
- look at Open Attestation.com - @entered
- Review the IBM-IMA (Integrity Measurement Architecture) used in Linux - @entered
- Recommended that Armored SW collaborate with OpenStack Group - @entered
- Look at Daniel De Graff's involvement - @entered
- Look at SGX from Intel - @entered
- Andy, Perry, Prasad, Justin, Jason
- HCSS planning
- weekly review
- Poster Requirements
- what are you doing?
- what have you done?
- what are you going to be able do?
- why are you doing it?
- Poster outline for Andy and Prasad - @done
- Forward protocol to Andy and Justin the attestation protocol - @done
- Send Prasad HCSS booking info - @done
- List of HCSS people to talk with - @done
- Set meeting with Rockwell - @done
- Andy, Prasad, Justin, Jason, Perry
- Weekly review
- Learning trusted computing basics
- Example in repo of VMs communicating
- Not done, but running
- using Cloud Haskell
- uses IP addresses
- does not use IVC
- HCSS is accepted - we will be presenting
- Measurement
- Signal handler is done - detecting an external signal
- monitor thread is working
- Provides simple things now setting stage for bigger things
- Set up issue tracking in GitHub - @done
- Plan and organize HCSS - @done
- Figure out IVC using domain IDs as the comm mechanism - @entered
- Look at XSM and see if this can be implemented in Haskell - @entered
- Andy, Prasad, Jason, Perry
- Weekly meeting
- Andy is exploring cloud Haskell
- Messaging infrastructure - Lightweight
- typed message
- independent of messaging infrastructure
- CCI is the middleware - Common Communication Interface - government standard
- Haskell model built on the cloud Haskell model
- HotSpot is compiled
- Starting to think about modifications and monitoring
- Document protocols for demo and prototyping - @done
- HCSS submission - @done
- Perry, Andy, Prasad, Justin
- Discuss notes from telecon with Ed
- status update
- Discussed the several demonstration targets talked about with Ed
- Moving computations into secure clouds
- mutual attestation among agents working on the same data
- mutual attestation among agents working at multiple security levels
- Andy work on end-to-end demonstration in Haskell model
- Independent from implementation
- simple flow for initial demonstration
- Perry, Ed
- Catchup
- Ed is looking at potential applications
- Working with internal big-data providers
- Thoughts on applications
- Flip the big data idea from moving processes from Baltimore to date to moving processes from outside to Baltimore
- Trust in multiple processes access the same data
- Mututal attestation among users
- Multiple security levels by multiple users
- Discovering bad emergent properties
- Accessing secure VMs running on a common infrastructure
- Kind of lame, but on target
- Perry, Leon, Andy, Prasad, Justin
- Weekly status meeting
- production cluster is up
- Xen is installed
- no OpenStack for the time being
- move to 4.3 likely to be our responsibility
- stub domain is performing measurement
- Talking to hypervisor
- vchan sets up shared pages and uses XSM
- Discussed access control and how XSM uses it
- we will need to implement access control, but will not make contributions here
- domain specific language for trust will need to account for this
- Discussed MiniOS and what stub domains do
- discussed using Haskell in VMs
- Runtime for Haskell is big
- need a lightweight Haskell platform
- getting started with monitoring in the JVM
- We decided this would be our first target - Looking a virtual execution is simpler
- will make queries of the running JVM to perform measurement
- task requesting measurements from running processing
- starting with system calls
- modifying the hotspot JVM
- Haskell model for the armor
- Using blogger to record work
- request response monad for interactions - just a transliteration
- moving up in abstraction to CCI - used by cloud Haskell
- Need to understand what our development targets are
- MiniOS for stub domains
- CirrOS for lightweight domains
- CentOS or Fedora 20 for full-blown domains
- what is the abstraction level of the measurement request?
- define the interface between protocol and low level calls
- need to understand what the next
- Andy, Prasad, Leon, Perry
- Andy suggested starting working on protocol definition by modeling the architecture
- Will block out the architecture
- Identify missing elements in the architecture document
- Abstract definition of data structures
- Define measurements
- Identify specific measurement targets
- genome client
- web services
- contact ed for concrete examples
- define measurements for those targets
- Identify specific measurement targets
- Contact Ed for concrete examples - @done
- Perry, Andy, Prasad
- Monthly inputs - All
- Hiring and Spending - All
- Demonstration definition - All
- Architecture modeling - All
- Meeting with sponsor - Perry
- To Do list review - All
- Hiring is going well
- Need to establish a lab culture
- Community first
- Andy suggests a meeting with students
- Scheduling of sponsor meeting is ongoing
- development infrastructure
- Hardware - 8 compute nodes on main cluster, 3 in Leon's cluster
- Software -
- Schedule initial technical meeting with students - @done
- Principles paper is required for meeting - @done
- Perry, Andy, Prasad, Leon, Justin, Jason
- To do list review - All
- Cloud setup - Leon
- Capability briefing - Perry
- Architecture modeling - Andy
- Demonstration definition - Perry
- Meeting with sponsor - Perry
- Hiring - All
- Andy found something called Cloud Haskell
- Erlang in Haskell - lightweight threads in Haskell
- Useful for communications in Haskell
- how does this integrate with IVC?
- Hiring
- Offers out
- SELF
- Capability briefing
- Ed and perry are working in this
- standard presentation for all to carry