Speaker/Bio
Jason Hennessey is a postdoc with the Mass Open Cloud at BU (an effort to foster open, multi-vendor, secure clouds), where he leads the Hardware Isolation Layer and Secure Cloud/Bolted efforts. His interests and works include improving security & privacy (especially side-channels and defensive techniques), cloud and operating systems, analyzing the use of online scholarly resources and bioinformatics.
Prior to completing his PhD in Computational Sciences and Statistics at South Dakota State University, Jason spent 12 years in the computer industry, doing Operating Systems at Digital/Compaq/Hewlett Packard and Cloud Computing at VMware.
Abstract
This work introduces Bolted, an architecture for increasing a tenant's
trust of the firmware and software installed on a leased bare metal
server. In general, when executing in a cloud environment, the tenant
must trust all the software on top of which it executes. When tenants
make use of bare metal nodes, there is less software to trust, but more
opportunities for previous tenants to compromise the privileged software
and firmware, introducing persistent malware to a machine.
To increase a tenant's trust in the bare metal node, we propose an architecture and implementation that uses an exokernel-like approach to enable a tenant to select the components that meet their security and efficiency requirements by mixing components.
Bolted makes use of: Heads (a hardened, minimal Linux packaged as a Coreboot payload) as
the main firmware infrastructure; Keylime as a distributed,
tenant-operated attestation infrastructure that leverages a node's TPM;
HIL, a network isolation and maximal tenant control; and BMI, for very
fast imagine provisioning under tenant's control.
In this way, tenants can have a level of confidence in the components
based on two mechanisms: they can be inspected for correct
functionality; and attestations can be provided based on their
measurements to show that no modifications had been made between boots.
A collaboration between BU, Northeastern, Two Sigma and MIT Lincoln Labs.