An implementation of the Plugin Distribution System (formerly called Secure Plugin Managment System) proposed in [1].
Pluginized protocols is an ongoing effort to make Internet protocols programmable. The idea is to dynamically extend protocols implementations with protocol plugins. This approach solves the deployment issue of new protocols extensions. However, it raises safety issues related to the plugins behavior, e.g. do these extensions terminate or act maliciously?
The PDS is a distributed system performing offline verification on such protocols plugins. It also ensures their secure distribution to networked peers thanks to trust proofs.
- SIGCOMM'21 Poster: https://doi.org/10.1145/3472716.3472860
- Master's thesis: http://hdl.handle.net/2078.1/thesis:30634
qemu/kvm: Linux Kernel Virtual Machines (KVM's)libvirt: library to handle KVM'spacker: automate KVM's images build (Infrastructure As Code)terraform: automate KVM's images deployment (IaC)
WARNING: multiples VMs are created and the embedded verifiers are quite heavy.
Reserve at least 30GB of disk space.
Some disk images are built in /tmp. Consider using at least 16 GB of RAM or change the path from /tmp to a non-volatile disk location.
The deployment process takes a long time.
In some cases, it may fail due to network errors.
If it happens, run ./cleanup.sh and relaunch the ./setup.sh script afterwards.
cd deployment
./setup.sh
.
├── deployment # deployment specific code
├── design # design graphs and documentation
├── measures # performance measurements for the Merkle tree
├── README.md
└── src # source code of the SPMS components
src/
├── common_layers # Common container layers
│ ├── api # Embeds the required Python packages to implement REST APIs
│ ├── crypto # Embeds Python packages to handle SSL/TLS X.509 certificates
│ ├── python # Simple container embedding Python and pip
│ └── stack_render # Service used for the SPMS deployement
├── pr # PR's services
│ ├── broker
│ └── gateway
├── pv # PV's microservices
│ ├── binding_generator
│ ├── binding_manager
│ ├── logger
│ ├── mt_manager
│ ├── pr_gateway
│ ├── user_gateway
│ └── verifiers # PV's verifiers
│ ├── controller.py # Controller code common to all verifiers
│ ├── dummy_failure # Returns a failure after 5s
│ ├── dummy_success # Returns a success after 5s
│ ├── pquic-side-effects # SeaHorn pipe to verify the side-effects property on PQUIC plugins
│ └── terminator2 # T2 pipe to verify the PQUIC plugins termination
├── tests # Implements basic tests for some services
└── util # Utilitary code
deployment/
├── base_layer # Packer code required to build the base layer VM
├── build_pipe # Source code of the Build Pipe
├── certificates # Helpers to generate the SPMS root CA and certificates
├── common_layers
├── gitolite-admin-data # Specific data for the gitolite instance in the Build Pipe
├── infrastructure.tf # Terraform HCL describing the whole SPMS deployment process
├── pr # PV specific Packer code
├── pv # PR specific Packer code
├── render.py # Generic template render for file generation (Containerfiles, Makefiles, docker-compose, ....) upon deployment.
├── ssh_config # SSH configuration to access the Build Pipe gitolite instance
[1]: De Coninck et al. "Pluginizing quic." Proceedings of the ACM Special Interest Group on Data Communication. 2019. 59-74