Federico Lucifredi

Ceph is an open source distributed object store, network block device, and file system designed for reliability, performance, and scalability. It runs on commodity hardware, has no single point of failure, and is supported in the Linux kernel.

This tutorial will describe the Ceph architecture, share its design principles, and discuss how it can be part of a cost-effective, reliable cloud stack.

 

Ceph is an Open Source distributed object store, network block device, and file system designed for reliability, performance, and scalability. It runs on commodity hardware, has no single point of failure, and is supported in the Linux kernel.

This tutorial will describe the Ceph architecture, share its design principles, and discuss how it can be part of a cost-effective, reliable cloud stack.

Introduction to Ceph

We explore the security model exposed by Rook with Ceph, the leading software-defined storage platform of the Open Source world. Digging increasingly deeper in the stack, we examine hardening options for Ceph storage appropriate for a variety of threat profiles.

Federico discusses what is required to integrate clusters of ARM SBCs, with a focus on Raspberry PI units due to their popularity; the software integration necessary to make them practical, what is necessary to easily configure nodes, and issue commands for system operation; and concludes with how to execute numerical workloads using the MPI interface.

This is a live demonstration of hacking with keystroke injection attacks. We will be taking advantage of the inherent trust that computers place on what is believed to be a regular keyboard to unleash pre-programmed keystroke payloads at well over 1000 words a minute. We then dissect an easily-sourced, low-cost hardware implant embedded in a standard, innocent-looking USB cable providing an attacker with even more capabilities, including geolocation.

Using the lowest amount of custom hardware and pouring Perl and Shell Script over everything as the glue binding it all, we create two minimalistic devices delivering a perfectly tuned network time source (synchronizing with a GPS satellite), and a naturally random entropy source (leveraging a Geiger tube’s measurement of natural background radiation).

This is a live demonstration of hacking into the processor embedded in an SD card, effectively turning the device into a potentially covert Raspberry Pi-class computer under your complete control and clocking in at an impressive 426 BogoMIPS - We can't possibly leave that territory unexplored, can we?

Join the Ubuntu Server Product and Engineering Managers for a deep dive including a full overview of security features, and our choice of favorite new capabilities found in kernel and userland features.