CHAOS (Linux distribution)
Encyclopedia
CHAOS is a small Linux distribution
designed for creating ad hoc
computer clusters. CHAOS is a Live CD
which fits on a single business card sized CD-ROM
. This tiny disc will boot
any i586 class PC
(that supports CD booting), into a working openMosix
node
, without disturbing (or even touching) the contents of any local hard disk.
Designed for large-scale ad hoc clusters, once booted, CHAOS runs from memory allowing the CD to be used on the next node (and allowing for automated rebooting into the host operating system
). CHAOS aims to be the most compact, secure and straightforward openMosix cluster platform available.
project openMosix created by Moshe Bar
. openMosix, itself, is a piece of software that is added to the Linux
kernel, to allow many Linux computers to work together as a Single System Image
(SSI
) type cluster.
CHAOS creates a basic node
in an openMosix cluster, and is typically not deployed on its own; cluster builders will use feature rich Linux distributions (such as Quantian
or ClusterKnoppix
) as a "head node" in a cluster to provide their application software, while the CHAOS distribution runs on "drone nodes" to provide "dumb power" to the cluster.
While this deployment model suits the typical cluster builder, openMosix is a peer-based cluster, consisting of only one type of node. All openMosix nodes are inherently equal and each can be, simultaneously, parent and child.
of a node is not supplied to the booting node, it will multicast for one. The first responding node will be used as the point of negotiation. The local CHAOS node initiates an IPSEC
tunnel to the elected negotiation node using a pre-shared key
. If the tunnel fails to establish, the new node is unable to join the cluster. With the tunnel established the new node requests a copy of the openMosix cluster map from the negotiating cluster node. The new node then repeats this process with every node in the cluster map; establishing an IPSEC tunnel, validating the cluster map, then moving on. In this way, every node is interconnected with every other node by "n-1" IPSEC tunnel connections. All openMosix cluster communications are then said to be authenticated and encrypted via the CHAOS platform
.
Once an openMosix cluster is established on the CHAOS platform, openMosix can operate as if it were on any Linux platform. Any node can launch a process
and have that process migrate to the node with the best performance characteristics for executing that particular process. The openMosix environment has the "mosmon" utility to display the performance of the entire cluster, from any node. The image series on the right shows a six node openMosix cluster running on the CHAOS platform.
resources to perform pro-active brute-force cryptanalysis
against given password hashes. A brute-force attack, as its name suggests, requires an adversary
to employ a mammoth work effort into the resolution of a cryptographic problem. Typically, this is an exhaustive search of a particular key-space. For example, resolving the password for three upper-case alpha characters would require exploring the key-space for: AAA, AAB, AAC ... ZZX, ZZY, ZZZ.
In order to reduce the time required to search the key-space, portions of the work effort can be farmed out idle resources. As opposed to rainbow tables this technique allows CHAOS to perform brute-force attacks against irregular or salted
algorithms.
(JtR
). JtR was scaled by using named pipes to funnel a controlled dictionary
(a set of keys to try) into an arbitrary number of JtR clients. Each client would take one key, encrypt it, and test it against a local copy of the hash(es). John the Ripper on CHAOS differed from Cisillia as it facilitated dictionary based brute-force attacks across a large number of algorithms, rather than an entire key-space driven brute-force attack across one or two algorithms.
and IP packet filtering to the cluster node, enabling authentication
and encryption
for inter-node communications, and enabling packet filtering to prevent non-cluster devices from accessing the vulnerable openMosix communications ports. These security controls allowed the cluster builder to utilise desktop computers in semi-trusted networks with minimal risk to cluster integrity, thus increasing the number of resources available for inclusion within the cluster.
in 2003, with an initial team that included Rob Dartnell, Ian Latter and Ty Miller. There was a need to demonstrate the weakness in one particular application's security via its one hashed, network transmitted, password. The openMosix
cluster software, at that time, was available via a number of Linux distributions, but these were neither secure nor dynamic enough to support the campus PC environment that the cluster software was to be deployed into.
The CHAOS distribution was created to fill this need, and was developed under the GPL to allow the openMosix community members to benefit from the security enhancements employed around the openMosix software (the clustering technology that is added to the Linux kernel). Security improvements made by the team included IPSEC
tunnels for all cluster communications, state aware packet filtering for each node, a tiny operating system
image which allowed for PXE
booting to remote PC memory, zero-touch cluster creation, etc.
The original CHAOS project page was at http://itsecurity.mq.edu.au/chaos/ - this page is no longer available.
In mid to late 2004 CHAOS was adapted to the Cooperative Linux (coLinux) framework, allowing openMosix to run as a node on a Microsoft Windows
PC for the first time. This was significant as there was now the ability to run ad-hoc clusters 24x7, and not just out of business hours. The version of CHAOS created for coLinux was dubbed CosMos (Chaos-OS on Microsoft
-OS) and was also released under the GPL, complete with Windows installer software.
Later that year work stalled on CHAOS and CosMos when the IT Security team broke up to work for various organisations. Development halted for most of the six months beginning Q4 2004.
In Q4 2005 Ian added CHAOS to the midnightcode.org web site (at the location advertised when leaving the University in 2004) - in the hope of better maintaining the project. Improvements desperately needed include code and protocol clean ups, better enterprise management support, operational documentation, and simpler integration with the supporting openMosix distributions (Quantian
and ClusterKnoppix
).
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...
designed for creating ad hoc
Ad hoc
Ad hoc is a Latin phrase meaning "for this". It generally signifies a solution designed for a specific problem or task, non-generalizable, and not intended to be able to be adapted to other purposes. Compare A priori....
computer clusters. CHAOS is a Live CD
Live CD
A live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern operating system on a computer lacking mutable secondary storage, such as a hard disk drive...
which fits on a single business card sized CD-ROM
CD-ROM
A CD-ROM is a pre-pressed compact disc that contains data accessible to, but not writable by, a computer for data storage and music playback. The 1985 “Yellow Book” standard developed by Sony and Philips adapted the format to hold any form of binary data....
. This tiny disc will boot
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
any i586 class PC
IBM PC compatible
IBM PC compatible computers are those generally similar to the original IBM PC, XT, and AT. Such computers used to be referred to as PC clones, or IBM clones since they almost exactly duplicated all the significant features of the PC architecture, facilitated by various manufacturers' ability to...
(that supports CD booting), into a working openMosix
OpenMosix
openMosix was a free cluster management system that provided single-system image capabilities, e.g. automatic work distribution among nodes. It allowed program processes to migrate to machines in the node's network that would be able to run that process faster...
node
Node (networking)
In communication networks, a node is a connection point, either a redistribution point or a communication endpoint . The definition of a node depends on the network and protocol layer referred to...
, without disturbing (or even touching) the contents of any local hard disk.
Designed for large-scale ad hoc clusters, once booted, CHAOS runs from memory allowing the CD to be used on the next node (and allowing for automated rebooting into the host operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
). CHAOS aims to be the most compact, secure and straightforward openMosix cluster platform available.
What it is
CHAOS is built around the open sourceOpen source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
project openMosix created by Moshe Bar
Moshe Bar
Moshe Bar is an Israeli technologist, author, investor and entrepreneur.An Israeli and US citizen, he is a co-founder of Qumranet. Qumranet was sold to Red Hat in 2008 for US$ 107 million....
. openMosix, itself, is a piece of software that is added to the Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
kernel, to allow many Linux computers to work together as a Single System Image
Single-system image
In distributed computing, a single system image cluster is a cluster of machines that appears to be one single system. The concept is often considered synonymous with that of a distributed operating system, but a single image may be presented for more limited purposes, just job scheduling for...
(SSI
Single-system image
In distributed computing, a single system image cluster is a cluster of machines that appears to be one single system. The concept is often considered synonymous with that of a distributed operating system, but a single image may be presented for more limited purposes, just job scheduling for...
) type cluster.
CHAOS creates a basic node
Node (networking)
In communication networks, a node is a connection point, either a redistribution point or a communication endpoint . The definition of a node depends on the network and protocol layer referred to...
in an openMosix cluster, and is typically not deployed on its own; cluster builders will use feature rich Linux distributions (such as Quantian
Quantian
Quantian OS is a remastering of Knoppix/Debian for computational sciences. The environment is self-configuring and directly bootable CD/DVD that turns any PC or laptop into a Linux workstation...
or ClusterKnoppix
ClusterKnoppix
ClusterKnoppix is a specialized Linux distribution based on the Knoppix distribution, but which uses the openMosix kernel.Traditionally, clustered computing could only be achieved by setting up individual RSH keys, creating NFS shares, editing host files, setting static IPs, and applying kernel...
) as a "head node" in a cluster to provide their application software, while the CHAOS distribution runs on "drone nodes" to provide "dumb power" to the cluster.
While this deployment model suits the typical cluster builder, openMosix is a peer-based cluster, consisting of only one type of node. All openMosix nodes are inherently equal and each can be, simultaneously, parent and child.
How it works
As each new node is booted it will locate one cluster node, then negotiate its entry into the cluster. If the IP addressIP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
of a node is not supplied to the booting node, it will multicast for one. The first responding node will be used as the point of negotiation. The local CHAOS node initiates an IPSEC
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
tunnel to the elected negotiation node using a pre-shared key
Pre-shared key
In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function should be used. Such systems almost always use symmetric key...
. If the tunnel fails to establish, the new node is unable to join the cluster. With the tunnel established the new node requests a copy of the openMosix cluster map from the negotiating cluster node. The new node then repeats this process with every node in the cluster map; establishing an IPSEC tunnel, validating the cluster map, then moving on. In this way, every node is interconnected with every other node by "n-1" IPSEC tunnel connections. All openMosix cluster communications are then said to be authenticated and encrypted via the CHAOS platform
Platform (computing)
A computing platform includes some sort of hardware architecture and a software framework , where the combination allows software, particularly application software, to run...
.
Once an openMosix cluster is established on the CHAOS platform, openMosix can operate as if it were on any Linux platform. Any node can launch a process
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
and have that process migrate to the node with the best performance characteristics for executing that particular process. The openMosix environment has the "mosmon" utility to display the performance of the entire cluster, from any node. The image series on the right shows a six node openMosix cluster running on the CHAOS platform.
Why it was built
CHAOS was developed to utilise idle desktop computerDesktop computer
A desktop computer is a personal computer in a form intended for regular use at a single location, as opposed to a mobile laptop or portable computer. Early desktop computers are designed to lay flat on the desk, while modern towers stand upright...
resources to perform pro-active brute-force cryptanalysis
Cryptanalysis
Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...
against given password hashes. A brute-force attack, as its name suggests, requires an adversary
Adversary (cryptography)
In cryptography, an adversary is a malicious entity whose aim is to prevent the users of the cryptosystem from achieving their goal...
to employ a mammoth work effort into the resolution of a cryptographic problem. Typically, this is an exhaustive search of a particular key-space. For example, resolving the password for three upper-case alpha characters would require exploring the key-space for: AAA, AAB, AAC ... ZZX, ZZY, ZZZ.
In order to reduce the time required to search the key-space, portions of the work effort can be farmed out idle resources. As opposed to rainbow tables this technique allows CHAOS to perform brute-force attacks against irregular or salted
Salt (cryptography)
In cryptography, a salt consists of random bits, creating one of the inputs to a one-way function. The other input is usually a password or passphrase. The output of the one-way function can be stored rather than the password, and still be used for authenticating users. The one-way function...
algorithms.
Security assessed by
The tool used to provide the cryptographic tests was John the RipperJohn the Ripper
John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms...
(JtR
John the Ripper
John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms...
). JtR was scaled by using named pipes to funnel a controlled dictionary
Dictionary
A dictionary is a collection of words in one or more specific languages, often listed alphabetically, with usage information, definitions, etymologies, phonetics, pronunciations, and other information; or a book of words in one language with their equivalents in another, also known as a lexicon...
(a set of keys to try) into an arbitrary number of JtR clients. Each client would take one key, encrypt it, and test it against a local copy of the hash(es). John the Ripper on CHAOS differed from Cisillia as it facilitated dictionary based brute-force attacks across a large number of algorithms, rather than an entire key-space driven brute-force attack across one or two algorithms.
Security provided by
CHAOS was the first openMosix distribution to provide IPSECIPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
and IP packet filtering to the cluster node, enabling authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
and encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
for inter-node communications, and enabling packet filtering to prevent non-cluster devices from accessing the vulnerable openMosix communications ports. These security controls allowed the cluster builder to utilise desktop computers in semi-trusted networks with minimal risk to cluster integrity, thus increasing the number of resources available for inclusion within the cluster.
2003: The creation of CHAOS
The project started as tool development work for the IT Security group at Macquarie UniversityMacquarie University
Macquarie University is an Australian public teaching and research university located in Sydney, with its main campus situated in Macquarie Park. Founded in 1964 by the New South Wales Government, it was the third university to be established in the metropolitan area of Sydney...
in 2003, with an initial team that included Rob Dartnell, Ian Latter and Ty Miller. There was a need to demonstrate the weakness in one particular application's security via its one hashed, network transmitted, password. The openMosix
OpenMosix
openMosix was a free cluster management system that provided single-system image capabilities, e.g. automatic work distribution among nodes. It allowed program processes to migrate to machines in the node's network that would be able to run that process faster...
cluster software, at that time, was available via a number of Linux distributions, but these were neither secure nor dynamic enough to support the campus PC environment that the cluster software was to be deployed into.
The CHAOS distribution was created to fill this need, and was developed under the GPL to allow the openMosix community members to benefit from the security enhancements employed around the openMosix software (the clustering technology that is added to the Linux kernel). Security improvements made by the team included IPSEC
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
tunnels for all cluster communications, state aware packet filtering for each node, a tiny operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
image which allowed for PXE
Preboot Execution Environment
The Preboot eXecution Environment is an environment to boot computers using a network interface independently of data storage devices or installed operating systems.PXE was introduced as part of the Wired for Management framework by Intel and is described in the specification The Preboot...
booting to remote PC memory, zero-touch cluster creation, etc.
The original CHAOS project page was at http://itsecurity.mq.edu.au/chaos/ - this page is no longer available.
2004: CHAOS, CoSMoS and team departure
A presentation was made to the Australian Unix Users Group (AUUG) Security Symposium in February 2004 at about two thirds of the way through CHAOS' initial two year development cycle.In mid to late 2004 CHAOS was adapted to the Cooperative Linux (coLinux) framework, allowing openMosix to run as a node on a Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
PC for the first time. This was significant as there was now the ability to run ad-hoc clusters 24x7, and not just out of business hours. The version of CHAOS created for coLinux was dubbed CosMos (Chaos-OS on Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
-OS) and was also released under the GPL, complete with Windows installer software.
Later that year work stalled on CHAOS and CosMos when the IT Security team broke up to work for various organisations. Development halted for most of the six months beginning Q4 2004.
2005: Relocation and public dissemination
There was renewed interest in CHAOS development when both Ian and Ty began work at Pure Hacking in Q2 2005. Pure Hacking could identify a need with the resource that CHAOS provided and offered to sponsor further CHAOS development so that it could remain under the GPL. A package updated version of CHAOS was released at that stage, but Pure Hacking provided no additional development time, leaving the project to grind to a halt again. CHAOS was "Slashdotted" during this time, due to the press that came from Pure Hacking's sponsorship announcement. Unfortunately, Pure Hacking were unable to provide the time needed to develop or maintain CHAOS. Version 1.6 of CHAOS, the only version released in Q1-3 of 2005, was released from development work performed in private time.In Q4 2005 Ian added CHAOS to the midnightcode.org web site (at the location advertised when leaving the University in 2004) - in the hope of better maintaining the project. Improvements desperately needed include code and protocol clean ups, better enterprise management support, operational documentation, and simpler integration with the supporting openMosix distributions (Quantian
Quantian
Quantian OS is a remastering of Knoppix/Debian for computational sciences. The environment is self-configuring and directly bootable CD/DVD that turns any PC or laptop into a Linux workstation...
and ClusterKnoppix
ClusterKnoppix
ClusterKnoppix is a specialized Linux distribution based on the Knoppix distribution, but which uses the openMosix kernel.Traditionally, clustered computing could only be achieved by setting up individual RSH keys, creating NFS shares, editing host files, setting static IPs, and applying kernel...
).
2006-2007: Redevelopment
Many of the code clean-up issues (focused on Init and Tyd, particularly) will be resolved with the integration of the Midnight Code libraries. While currently being developed these libraries already provide better program execution, configuration control, network interface manipulation and status management than those currently in CHAOS.See also
- List of Linux distributions
- Live CDLive CDA live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern operating system on a computer lacking mutable secondary storage, such as a hard disk drive...
- List of Live CDs
- openMosixOpenMosixopenMosix was a free cluster management system that provided single-system image capabilities, e.g. automatic work distribution among nodes. It allowed program processes to migrate to machines in the node's network that would be able to run that process faster...
External links
- CHAOS homepage at Midnight Code
- CHAOS-1.6 at Pure Hacking
- Securely deploying SSI cluster technology over untrusted networking infrastructure
- Running ClusterKnoppix as a master node to a CHAOS drone army
- Wired News: Linux Distribution Tames CHAOS
- Slashdot: Linux Distro turns PCs into Night-time Clusters
- ZDNet Australia: Linux distro turns PCs into supercomputers