Daoli: Grid security via Trusted Computing protected virtualization

Speaker: Wenbo Mai, EMC Research

Abstract:
A grid builds a virtual organization (VO) of unbounded computational and storage capacity by pooling heterogeneous resources from real organizations. A grid user is typically a resource scarce entity while having a large quantity of jobs to be processed. With the user in need of resources from resourceful organizations, we shall name a user a resource lessee and the latter entities resource lessors. Currently grids in such a lessee-lessor-VO structure are not in commercial adoption yet. Ideally, commercial enterprises, like resource-abundant-and-under-utilized financial institutions, should go for the grid, i.e., become lessors. Inadequate grid security currently prevents commercial organizations from being lessors. A missing security service is behavior conformity: VO code must not damage the lessor, and conversely, the lessor must not compromise the VO proprietary information.

Project Daoli attempts to strengthen grid security by adding behavior conformity to grid computing. We will apply Trusted Computing Group's (TCG) technology as our means to behavior conformity and we do so by working on virtualization in two layers in the software stack. In the OS layer, a highly-privileged hypervisor for memory arbitration will be measured by a Trusted Platform Module (TPM) to achieve isolation between processes. Above OSes a grid middleware will achieve virtualization of hardware platforms and commodity OSes so that a unique VO code for policy enforcement can run on the middleware across a heterogeneous environment. The VO code and/or data which need confidentiality and/or integrity protection are secured by cryptographic credentials. By calling the standard credential migration function of TCG, VO credentials can be migrated from one TPM to another along the leased platforms.

Time: 11 December 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)

Tradeoffs in Retrofitting Security: An Experience Report

Speaker: Mark S. Miller, Google

Abstract:
In 1973, John Reynold's and James Morris' Gedanken Language retrofit object-capability security into an Algol-like base language. Today, there are active projects retrofitting Java, Javascript, Python, Mozart/Oz, OCaml, Perl, and Pict. These represent a variety of approaches, with different tradeoffs regarding legacy compatibility, safety, and expressivity. In this talk I propose a taxonomy of these approaches, and discuss some of the lessons learned to date.

Time: 4 December 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)