Improving Mobile Infrastructure for Pervasive Personal Computing

Abstract

The emergence of pervasive computing systems such as Internet Suspend/Resume has facilitated ubiquitous access to a user's personalized computing environment by layering virtual machine technology on top of distributed storage. This usage model poses several new challenges, such as establishing trust in unmanaged hardware that a user may access, and efficiently migrating virtual machine "VM" state across low-bandwidth networks. This document describes Trust-Sniffer, a tool that reduces the security risks associated with transient use by helping a user to gain confidence in software on an untrusted machine. The root of trust is a small, user carried device such as a USB memory stick. Trust-Sniffer verifies the on-disk boot image of the target machine and incrementally expands the zone of trust by validating applications, including dynamically linked libraries, before they are executed. An application is validated by comparing its checksum to a list of known good checksums. If a binary cannot be validated, its execution is blocked. This staged approach to establishing confidence in an untrusted machine strikes a good balance between the needs of security and ease-of-use, and facilitates rapid transient use of hardware. This document also describes a solution to optimize the transfer of large amounts disk and memory state for VM migration, based on opportunistic replay of user actions. The term opportunistic means that replay need not be perfect to be useful. In contrast to other replay techniques, opportunistic replay captures user interactions with applications at the GUI level, resulting in very small replay logs that economize network utilization. Replay of user interactions on a VM at the migration target site can result in divergent VM state. Cryptographic hashing techniques are used to identify and transmit only the differences.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2007
Accession Number
ADA476800

Entities

People

  • Ajay Surie

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I
  • Cyber

DTIC Thesaurus Topics

  • Application Software
  • Computer Program Documentation
  • Computer Program Reliability
  • Computer Programs
  • Computers
  • Computing Devices
  • Cryptography
  • Graphical User Interface
  • Information Systems
  • Infrastructure
  • Internet
  • Kernels (Operating System)
  • Malware
  • Operating Systems
  • Ubiquitous Computing
  • Virtual Machines
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications
  • Parallel and Distributed Computing.