There may be more than one scs running on a given

Info icon This preview shows pages 16–18. Sign up to view the full content.

View Full Document Right Arrow Icon
VM, thereby giving the the users associated with the slice access to the VM. There may be more than one SCS running on a given node, but for the purpose of this discussion, we describe the default SCS, known as plc.scs . 2 Upon startup, plc.scs invokes two operations on the NM: rcap[ ] = GetRcap( ) for each rcap[i] rspec[i] = GetRspec(rcap[i]) to retrieve the RSpec for each resource pool that the node owner has allocated to plc.scs . Each such slice pool RSpec identifies a slice authority server and contains an SSL certificate that plc.scs uses to create a secure connection to the SA server. The SCS then uses the service authentication protocol (see Section 5.5) to identify itself as running on a particular node, and subsequently may perform a limited set of operations using the SA interface to determine the set of slices that should be created on the node. Users may also contact the SCS directly if they wish to synchronously create a slice on a particular node. To do so the user presents a cryptographically-signed ticket , which represents the ability to create a specific slice; these tickets are essen- tially RSpec ’s that have been signed by some slice authority and can be verified using the same certificate associated with the slice pool. We return to the issue of how slice authorities and plc.scs cooperate to create slices in Section 4.7. 4.6 Auditing Service PLC audits the behavior of slices, and to aid in this process, each node runs an au- diting service (AS). The auditing service records information about packets trans- mitted from the node, and is responsible for mapping network activity to the slice that generates it. Looking at the expectations in more detail, the node owner trusts PLC to (1) ensure that only the authorized users associated with a slice can ac- cess the corresponding VMs, (2) audit each VM’s network activity, (3) map a VM to a slice name, and (4) map a slice name into the set of responsible users. En- suring each of these expectations hold, it is possible to provide the owner with a 2 This slice is actually called pl conf today, but we adopt the proposed naming scheme for this slice. 15
Image of page 16

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
trustworthy audit chain: packet signature -→ slice name -→ users where a packet’s signature consists of a source address, a destination address, and a time. This is the essential requirement for preserving the chain of responsibility. The auditing service offers a public, web-based interface on each node, through which anyone that has received unwanted network traffic from the node can deter- mine the responsible users. Today, PlanetLab exports an SQL-based interface via port 80. PLC archives this auditing information by periodically downloading an entire MySQL table from each node. The architecture is neutral on the exact way in which the auditing service is queried. 4.7 Slice Authority PLC, acting as a slice authority (SA), maintains state for the set of system-wide slices for which it is responsible. There may be multiple slice authorities but this section focuses on the one managed by PLC. For the purpose of this discussion,
Image of page 17
Image of page 18
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern