wiki:OFUWA-2010Q1-status

Version 1 (modified by Josh Smift, 12 years ago) (diff)

--

OFUWA Project Status Report

Period: 2010-Q1

We have started the process of enhancing the network infrastructure within the Paul Allen Center for Computer Science and Engineering at the University of Washington to enable research into the coordination of end hosts, network switches and network routers in Enterprise GENI, and its integration with wide area networks.

Our goal is to build a testbed and develop building blocks that would allow researchers to investigate the optimal placement of middlebox functionality in today's enterprise networks. We have begun the deployment of OpenFlow enabled HP Procurve switches in the computer science building here at University of Washington. The deployment is initially being used by a small number of graduate students in systems and networking for both research and day-to-day use. Eventually it will be phased in as the primary network for a larger set of users. After phase in, we will continue to operate a research network so that researchers can test their ideas before validating them on the production system.

A key thrust has been to develop end-host and router mechanisms for generating and validating attestations of end-host behavior. An end-host containing a Trusted Platform Module (TPM) can provide an attestation of its current platform state to an external entity in order to bootstrap trust. At a high level, this attestation can be thought of as a signed statement detailing the software run on the computer at the point when the attestation was made---the boot loader, the OS, the application software, and the configuration information for these components. We have been able to leverage recent innovations (such as Intel's Trusted eXecution Technology) that allow for attestation of small, independent pieces of code running inside of VMs. We are now examining how to extend the HP switch firmware to validate TPM attestation information from the endpoints, so that attested traffic can be handled at the appropriate privilege and performance level.