You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- enable menu exclusion via Jekyll front matter
- link to presentations for OpenXT Summit 2016
- link to calls and conferences
- link to OpenXT content from other events
Signed-off-by: Rich Persaud <[email protected]>
- OpenEmbedded/Yocto technical call on the [1st Tuesday](https://www.yoctoproject.org/public-virtual-meetings/)
10
+
- Xen community call on the 1st Thursday
11
+
- OpenXT [conference call](https://openxt.atlassian.net/wiki/spaces/CS/pages/14843911/Community+Calls) on the [3rd Thursday](https://openxt.atlassian.net/wiki/spaces/CS/overview)
- 2014: Xen Summit, [OpenXT, the open virtual platform](https://www.slideshare.net/xen_com_mgr/tricca-xen-summit2014)
25
+
- 2013: Xen Summit, [In-Guest Mechanisms to Strengthen Guest Separation](http://events.linuxfoundation.org/sites/events/files/slides/XenSummit_2013_Tricca.pdf)
26
+
- 2013: NDSS Symposium, [Laying a Secure Foundation for Mobile Devices](https://www.ndss-symposium.org/wp-content/uploads/2017/09/Presentation_Smalley.pdf)
27
+
- 2012: Xen Summit, [Xen and Client Virtualization](https://www.slideshare.net/xen_com_mgr/xen-and-client-virtualization-the-case-of-xenclient-xt)
* Devices permitted, wireless internet and some power outlets available
13
-
* Breakfast, Lunch & Snack will be served
14
-
*[Directions](#location)
15
-
16
-
## 2016 OpenXT Summit
10
+
The inaugural OpenXT Summit brought together developers and ecosystem participants for a 2-day conference in Fairfax, VA, USA on June 7-8, 2016. The event was hosted by Intel Corporation. The audience for this event included kernel and application developers, hardware designers, system integrators and security architects.
17
11
18
-
The inaugural OpenXT Summit brings together developers and ecosystem participants for a 2-day conference in Fairfax, VA, USA on June 7-8, 2016. The event is hosted by Intel Corporation. The audience for this event includes kernel and application developers, hardware designers, system integrators and security architects.
12
+
Released as open-source software in 2014, OpenXT stands on the shoulders of the Xen Project, OpenEmbedded Linux and Citrix XenClient XT. It is optimized for hardware-assisted virtualization with an IOMMU and a TPM. Guest operating systems include Windows, Linux and FreeBSD.
19
13
20
-
Released as open-source software in 2014, OpenXT stands on the shoulders of the Xen Project, OpenEmbedded Linux and Citrix XenClient XT. It is optimized for hardware-assisted virtualization with an IOMMU and a TPM. Guest operating systems include Windows, Linux and FreeBSD.
14
+
OpenXT enables loose coupling of open-source and proprietary software components, verifiable measurements of hardware and software, and verified launch of derivative products. It has been used to develop centrally managed software appliances that isolate high-risk workloads, networks and devices.
21
15
22
-
OpenXT enables loose coupling of open-source and proprietary software components, verifiable measurements of hardware and software, and verified launch of derivative products. It has been used to develop centrally managed software appliances that isolate high-risk workloads, networks and devices.
23
-
24
-
The 2016 OpenXT Summit will chart the evolution of OpenXT from cross-domain endpoint virtualization to an extensible systems innovation platform, enabling derivative products to make security assurances for diverse hardware, markets and use cases.
25
-
26
-
### Registration
27
-
28
-
There is no fee for attendance, but space is limited and building security will check identification against the list of registered attendees. To reserve a seat, please email [[email protected]](mailto:[email protected]?Subject=OpenXT%20Summit%20Registration,%20June%207-8,%20Fairfax,%20VA) with the following information:
29
-
30
-
* First and last name
31
-
* Organizational affiliation
32
-
* Publish name and organization in public attendee list: Yes/No
33
-
34
-
### <aname="location"></a> Location
35
-
36
-
The event will take place at Intel Corporation, [4100 Monument Corner Drive](https://goo.gl/maps/hqaSDhDshx62), Suite 540, Fairfax, VA 22030.
37
-
38
-
### Transportation
39
-
40
-
* Visitor parking: free, available on-site
41
-
* 6 miles, Washington Metro station, Vienna/Fairfax-GMU (Orange Line)
42
-
* 12 miles, Dulles (IAD) Airport
43
-
* 22 miles, Washington Reagan (DCA) Airport
44
-
* 24 miles, Amtrak Union Station
16
+
The 2016 OpenXT Summit charted the evolution of OpenXT from cross-domain endpoint virtualization to an extensible systems innovation platform, enabling derivative products to make security assurances for diverse hardware, markets and use cases.
45
17
46
18
### <aname="presentations"></a> Sponsors
47
19
@@ -53,138 +25,126 @@ The event will take place at Intel Corporation, [4100 Monument Corner Drive](htt
53
25
* 08:00 Breakfast
54
26
55
27
* 08:45 Introduction
56
-
57
-
* 09:00 OpenXT Architecture, *Christopher Clark*, BAE Systems
58
-
28
+
29
+
* 09:00 [OpenXT Architecture](https://github.com/OpenXT/docs/raw/master/presentations/2016-06-07-openxt-summit/01%20-%20Clark%20-%20OpenXT%20Architecture.pdf), *Christopher Clark*, BAE Systems
30
+
59
31
> A whistle-stop tour of the structure of an OpenXT system today: an overview of the primary technology and distinguishing properties of the platform. This presentation will cover hardware, the Xen hypervisor and other software used by an OpenXT system. It will provide a shared foundation for OpenXT Summit discussions.
60
-
61
-
* 09:30 OpenXT Platform, *Ross Philipson*, Assured Information Security
62
-
32
+
33
+
* 09:30 [OpenXT Platform](https://github.com/OpenXT/docs/raw/master/presentations/2016-06-07-openxt-summit/02%20-%20Philipson%20-%20OpenXT%20Platform.pdf), *Ross Philipson*, Assured Information Security
34
+
63
35
> Can OpenXT be moved towards an extensible platform model? The key concepts to be covered are, (a) minimal base platform with core security attributes central to OpenXT, (b) layers that enable the base platform to be easily extended and customized.
> NSA has a long history of investing in research focused on advancing the security of computer systems. Virtualization and Trusted Computing technologies present a great opportunity to enhance system security. This presentation highlights portions of NSA's Secure Virtual Platform (SVP) research program which has been focused on how best to leverage these technologies to construct more secure systems. The concepts explored under SVP offer a potential vision for OpenXT's future as a robust secure system.
> The TPM is at the core of the OpenXT measured launch implementation. The second iteration of the Trusted Platform Module spec (TPM2) is becoming more widely deployed and this new spec isn't backward compatible with TPM 1.2. Intel released and develops a BSD-licensed implementation of the core TPM2 components for Linux. This talk introduces the architecture of this implementation and related work in the Grub2 bootloader. It will cover benefits and a potential roadmap for TPM2 integration in OpenXT. As a first step in this direction, this talk will review a reference implementation that integrates these technologies into the OpenEmbedded meta-measured layer, using the Minnowboard Max as a test platform.
> This talk will present the enhancements being made to the OpenXT Measured Launch process. It will cover the re-architecture of the Key, TPM, and Measured Launch management to provide a flexible framework that can be more easily extended. This will allow Implementers to use OpenXT as a base platform and tailor the process to meet the security needs of their platform. The presentation will conclude with some remaining challenges and longer term goals that still need to be accomplished.
78
50
79
51
* 12:00 Lunch
80
52
81
53
* 13:00 Toolstack Modernization, *Chris Rogers*, Assured Information Security
82
-
54
+
83
55
> Much OpenXT development over the past year has been motivated by our desire to bring the code base more in line with upstream counterparts. The Modernization of the toolstack is another such effort. Until now, OpenXT has used a XenServer-derived toolstack component (xenvm) underneath a domain management-level component (XenMgr). Since the Xen Project has adopted XL as its default toolstack, OpenXT should do the same in order to further reduce technical debt and support newer versions of Xen. Specifically, the Toolstack Modernization effort incorporates libXL into the base platform and focuses on four major areas of integration: communication between XenMgr and libXL, linux-based stubdomains on libXL, removal of old helper daemons such as dm-agent, and support for newer versions of blktap.
84
-
56
+
85
57
* 13:30 Display Handlers, *Brendan Kerrigan*, Assured Information Security
86
-
58
+
87
59
> Display Handler is a framework and implementation for handling diverse guest and host rendering environments in client virtualization systems. The goal of the project was to address deficiencies in OpenXT's surfman, while providing flexibility to easily integrate forthcoming virtual graphics technologies (such as Intel XenGT). This talk will cover the overall architecture, design decisions, strengths, and weaknesses of Display Handler. It will also provide a comparison of surfman, as currently integrated into OpenXT, and Display Handler. Finally, a road map for future work will be presented.
88
60
89
-
* 14:00 Looking to the Future: ARM Client Virtualization and Operating with an Untrusted dom0, *Kyle Temkin*, Assured Information Security
90
-
61
+
* 14:00 [Looking to the Future: ARM Client Virtualization and Operating with an Untrusted dom0](https://github.com/OpenXT/docs/raw/master/presentations/2016-06-07-openxt-summit/08%20-%20Temkin%20-%20Dom0%20Trust%20and%20ARM.pdf), *Kyle Temkin*, Assured Information Security
62
+
91
63
> As the OpenXT platform has developed and matured, the upstream Xen community has focused on a number of new architectural developments and enhancements—many of which can be used to significantly enhance the OpenXT project. This talk explores two separate areas that may significantly shape the future of OpenXT: the development of client virtualization support for ARM platforms, and the potential to leverage new Xen features and disaggregation techniques to significantly improve OpenXT’s security posture
92
64
93
65
* 14:30 Test Automation (UI, ATF, BVT), *Chris Rogers*, Assured Information Security
94
-
66
+
95
67
> How do we implement an automated test framework on a virtualized platform? The current CLI-based implementation (BVT) provides a great foundation, and is currently being expanded. In parallel, a UI-based OO automation framework/plugin is being explored which utilizes Intel's AMT KVM and the SikuliX Java application. As with any automated framework, certain compromises are made, and by integrating the two technologies we look to expand the testing capabilities and bring the test devices as close to a production configuration as possible.
> As networks become increasingly targeted by attackers in search of sensitive data, a new data protection model is arising: one in which data must be protected even on contested networks. In this new paradigm, a stronger isolation boundary is needed than the current process model of the status quo: hardware-enforced enclaves are a step towards true data protection in contested networks. This talk provides a background of enclaves provided by Intel SGX, followed by an example case study of well-known malware that could have been prevented through the deployment of enclave technologies. Finally a discussion on the weaknesses of the current enclave technologies is provided before concluding remarks.
102
-
103
-
* 15:45 Securing dom0 today and in the future, *Doug Goldstein*, Star Lab
104
-
74
+
75
+
* 15:45 [Securing dom0 today and in the future](https://github.com/OpenXT/docs/raw/master/presentations/2016-06-07-openxt-summit/11%20-%20Goldstein%20-%20Securing%20Xen%20Today%20and%20Beyond.pdf), *Doug Goldstein*, Star Lab
76
+
105
77
> Over time there has been a lot of talks and proposals for improving Xen and dom0 basic security principles, but many are not followed years later. This talk will focus on a few items that can be done today, items that can be done relatively easily and items that we would like to undertake in the future. Attendees are invited to join the discussion and help come up with a plan. The end goal will be to make this a standing topic at future Xen conferences to keep focus on this area and continue to evolve the security of Xen and of the dom0 baseline.
106
-
78
+
107
79
* 16:15 Virtualization Based Security – Big Deal or BS?, *Sherban Naum*, Bromium
108
80
109
81
> Endpoints and their human users are increasingly subjected to sophisticated, targeted attacks that evade detection to compromise the system in some unforeseen way. But a new defensive technique can change the odds in favor of security “by design”. Virtualization Based Security is a term that incorporates several approaches: micro-virtualization mutually isolates applications, whereas a virtual secure mode within an OS can be used to protect key data and processes – as in Windows 10. Intel VT can enable hardware enforced isolation between tasks within a single OS – using micro-virtualization and a specialized hypervisor that has been modified for inter-task isolation, called a Microvisor. In our work we use an extension of the Xen Project® hypervisor. Micro-virtualization reduces the attack surface of the OS by several orders of magnitude. It can be integrated into a PC or mobile device in a way that does not interfere with the user experience. Finally, its granular isolation of single tasks permits real-time introspection and detection of otherwise undetectable malware.
110
-
82
+
111
83
* 16:45 Virtualization and Business Models, *Rich Persaud*, BAE Systems
112
-
84
+
113
85
> License revenue for proprietary operating systems on OEM hardware is being supplanted by vertically integrated hardware, utility pricing of hosted services, and fees for "app store" software distribution. End-users often work across multiple device form factors, connected to public and private services. As diverse hardware and networked services proliferate, in complex supply chains with open and closed components, how can virtualization architectures support evolving business models?
0 commit comments