Securing the Frisbee Multicast Disk Loader

Robert Ricci and Jonathon Duerig
University of Utah, School of Computing
{ricci, duerig}


Shared network testbeds rely on the ability to bring nodes to a known “clean” state, and to allow experimenters to customize the software installed on the nodes assigned to them. This is typically done by replacing the contents of the nodes' disks with a clean disk image. Frisbee is designed for just this purpose. It is a fast, highly scalable system for creating, distributing, and installing disk images. It rapidly and reliably distributes disk images over a LAN to many simultaneous clients, and has proven itself through many years of production use in shared testbed environments.

However, three main security features have been lacking in Frisbee: confidentiality of the image contents, integrity protection, and authentication of the image's source. Frisbee's design and target environment present challenges in providing these features. In this paper, we explore these challenges and present our design and implementation of a secure Frisbee.

Appeared in Proceedings of the 2008 Workshop on Cyber Security Experimentation and Test (CSET), San Jose, CA, July 2008.

The slides from the CSET 2008 presentation are also available.

Eric Eide <>
Last modified: Sat Mar 14 13:42:51 MDT 2009