Mobile Device Management

對於攜入個人智慧行動裝置(Bring Your Own Device)於軍事管制區,目前國防部已著手導入行動裝置管理(Mobile Device Management)第三方解決方案來處理其所造成的資安隱憂。但由於管制區內的人事物有其敏感性,若僅仰賴第三方解決方案,恐形成一極大的國安漏洞。因此在本研究中我們對Android智慧行動裝置安全管控各項功能之實作可行性進行評估進而掌握其背後所需的關鍵技術,包括如裝置資訊取得、裝置控制、管控系統自體防護以及架構設計等。本研究的成果可立即作為國防部於初期導入第三方MDM解決方案的採購評量參考,而針對中長期須自行開發MDM系統的目標,本研究所發展的諸項關鍵技術也將具有極高的參考價值。

FUSION: A Unified Application Model for Virtual Mobile Infrastructure

We proposed a unified application model for virtual mobile infrastructure called FUSION. FUSION bridges the gap between the remote VMI server and the client-side mobile device via supporting bi-directional IPC(inter-process communication) and loosely synchronized file system. FUSION classifies IPC events into two types: IPC events without accessing local resources and IPC events accessing local resource. For IPC events without accessing local resources, FUSION simply hooks the IPC events, forwards them to the remote peer and replays them in the remote environment. For complex IPC events involving with accessing files located in the local device, FUSION will analyze each individual IPC event and transmit the corresponding files to the remote peer with respect to each IPC event. Once the remote application completes its job and the user tries to disconnect with the remote peer, FUSION will synchronize those files back to the local side. The synchronization makes the file changes updated by the remote application visible to the local side. Base on our experimental results, FUSION incurs less than 1% overhead on the system. For simple IPC events without local resource access, FUSION can transmit those IPC events to the remote peer under various network conditions in less than 1200ms. For complex IPC events involving local resource access, FUSION can also serialize and transmit the files efficiently.

SDN Consistency

Software Defined Networking (SDN) allows the construction of virtual networks on top of a datacenter network infrastructure. However, the flexibility also increases the chance of inconsistencies in the network configurations caused by component failures, software bugs, or human errors. The inconsistencies may result in service outage or security policy violation. We propose a model-based verification system to check the consistency of a virtual network. The system models the requirements as logic constraints and extracts the configuration states of a virtual network. The configuration states are checked against the logic constraints by using a SMT solver. The prototype system successfully detects various inconsistencies injected to the testbed and incurs reasonable amount of overheads.

VDC Security Monitoring

Virtualized datacenter (VDC) has become a popular approach to large-scale system consolidation and the enabling technology for infrastructure-as-a-service cloud computing. The consolidation inevitably aggregates the security threats once faced by individual systems towards a VDC, and a VDC operator should remain vigilant of the threats at all times. We envision the need for on-demand mandatory security monitoring of critical guest systems as a means to track and deter security threats that could jeopardize the operation of a VDC. Unfortunately, existing VDC security monitoring mechanisms all require pre-installed guest components to operate. The security monitoring would either be up to the discretion of individual tenants or require costly direct management of guest systems by the VDC operator. We propose the EagleEye approach for on-demand mandatory security monitoring in VDC environment, which does not depend on pre-installed guest components. We implement a prototype on-access anti-virus monitor to demonstrate the feasibility of the EagleEye approach. We also identify challenges particular to this approach, and provide a set of solutions meant to strengthen future research in this area.

VM memory demand projection

Virtualization technology has been widely adopted in IaaS cloud computing environment. Through virtualization, the processor, network, and storage resources can be transparently shared at fine granularity, but the memory still requires explicit coarse-grained provisioning in most cases. Yet it is not always clear how much memory should be provisioned for a virtual machine (VM). It depends on the application workload and characteristics of the underlying platform. We present NIMBLE, a novel system to project the memory demand of virtual machines in IaaS cloud environment. NIMBLE monitors the page swapping activities of a VM at runtime and project its memory demand by indicating the expected execution time of the application workload for each targeted guest physical memory size. This allows more intuitive and cost-effective memory resource provisioning for VMs. The experiment results indicate that NIMBLE can effectively project memory demand for selected benchmark workloads on both Linux and Windows guest VMs. The results also indicate that NIMBLE incurs negligible performance overhead.

Hypervisor-based Sensitive Data Leakage Detector

Sensitive Data Leakage (SDL) is a major issue faced by organizations due to increasing reliance on data-driven decision-making. Existing Data Leakage Prevention (DLP) solutions are being challenged by the adoption of network trans-port encryption and the presence of privileged-mode malware designed to tamper with the DLP agent programs. We propose a novel DLP system called “HyperSweep” that uses Virtual Machine Memory Introspection (VMI) technology to inspect the memory content of a guest system for sensitive information. The approach is robust against both network transport encryption and malware that attack DLP agent programs. The HyperSweep prototype is implemented on top of the KVM hypervisor. Our experiments have confirmed its applicability to real-world appli-cations, including web browsers, office applications, and social networking applications. The experiments also indicate moderate performance overhead from applying HyperSweep.

VM WAN Migration

Conventional virtual machine (VM) migration focuses on transferring a VM’s memory and CPU states across host machines. The VM’s disk image has to remain accessible to both the source and destination host machines through shared storage during the migration. As a result, conventional virtual machine migration is limited to host machines on the same local area network (LAN) since sharing storage across wide-area network (WAN) is inefficient. As datacenters are being constructed around the globe, we envision the need for VM migration across datacenter boundaries. We thus propose a system aiming to achieve efficient VM migration over wide area network. The system exploits similarity in the storage data of neighboring VMs by first indexing the VM storage images and then using the index to locate storage data blocks from neighboring VMs, as opposed to pulling all data from the remote source VM across WAN. The experiment result shows that the system can achieve an average 66% reduction in the amount of data transmission and an average 59% reduction in the total migration time.

MicroApp Architecting Web Application for Non-Uniform Trustworthiness in Cloud Computing Environment

An increasing number of web applications are now hosted in cloud infrastructures such as Amazon Web Services. Cloud infrastructures generally lack a uniform guarantee on security, reliability, performance, and cost. A privately owned cloud infrastructure may be considered more secure but less performant than a third-party public cloud infrastructure. Infrastructures that span across geographical regions may further incur complications on the trustworthiness of infrastructures due to the varying power of jurisdiction. Application developers have to be aware of the non-uniformity of infrastructure trustworthiness when deploying applications in the cloud. We propose the MicroApp architecture that help address the difficulty in dealing with the non-uniformity. MicroApp splits a web application into multiple micro applications. Each micro application encapsulates a port of the code and data with the same level of security and integrity requirement. The micro applications will then be deployed to corresponding infrastructures that satisfy the respective requirements. MicroApp provides an RPC mechanism to allow control flows across micro applications. The architecture can be transparently applied to existing web applications and allows an application to effectively adapt to the cloud environment.

Application Execution Time Prediction for Effective CPU Provisioning in Virtualization Environment

Provisioning of hardware resources through virtual machines (VMs) has been widely used for supporting server consolidation and infrastructure-as-a-cloud computing. We propose NICBLE to support accurate CPU resource provisioning for application workload running on VMs. While CPU is essential for any application workload, not every workload requires the same level of CPU resource. The VM tenants may also have different expectations of application performance and preferences. NICBLE models the execution of an application workload and employs a simulation-based algorithm to predict the impact on application execution time for a hypothetical VM configuration change on the number of CPUs. One may use NICBLE to reason about whether changing the number of CPUs will significantly affect the application performance. We built the NICBLE prototype on top of the Xen hypervisor [1]. NICBLE does not require modification to the guest systems. The performance overhead on the guest system is negligible. Our evaluation indicates that NICBLE is able to provide accurate prediction with an average error rate of less than 15% for non-adaptive application workload.