Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE DETER PROJECT: SCIENTIFIC, SAFE AND EASY CYBERSECURITY EXPERIMENTATION Jelena Mirkovic USC Information Sciences Institute Sponsored.

Similar presentations


Presentation on theme: "THE DETER PROJECT: SCIENTIFIC, SAFE AND EASY CYBERSECURITY EXPERIMENTATION Jelena Mirkovic USC Information Sciences Institute Sponsored."— Presentation transcript:

1 THE DETER PROJECT: SCIENTIFIC, SAFE AND EASY CYBERSECURITY EXPERIMENTATION Jelena Mirkovic USC Information Sciences Institute Sponsored by Dr. Doug Maughan, DHS S&T

2 2 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research

3 3 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research

4 4 DETER Background I 20+ years investment in network security research Platforms needed to efficiently explore design space Time Risk Capability

5 5 DETER Background II DimensionBarrier LanguageShared Vocabulary SafetyRisk management CorrectnessRealism of setup ScaleResources ConfidenceRigor, Repeatability EfficiencyAutomation Sharing & Community FlexibilityProgrammability Barriers to network security experimentation Systematically addressed by DETER project

6 6 DETER Goals Advance science of cybersecurity experimentation – Rigorous experiments – Repeatable experiments Advance testbed technologies – Federation – Risky experiment management Share infrastructure / broaden participation – Data, code, results, set up, ideas – Create community knowledge – Simplify, automate use – Testbeds in education

7 7 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research

8 8 The DETER Facility Located at USC/ISI and UC Berkeley Funded by NSF and DHS, started in Nodes ~ 200 each at ISI and UC Berkeley Built with Emulab technology (http://www.emulab.net)

9 9 Data Center

10 10 Hardware 11 x Sun pc x IBM pc x Dell pc x Sun bpc x Dell bpc x HP 80 x Dell 64 x Dell UCB Cisco 6509 Nortel 5510 Foundry 1500 Nortel 5510 ~150Mbps with IPSec 2x 5x 1x 2x 8 x 1Gbps 4 x 1Gbps 2 x 1Gbps 1 GBps (4 later) Juniper M7i Juniper IDP-200 Cloud Shield 2200 McAfee Intrushield 2600 ISI

11 11 Master Server Node Power Controller N X Data ports ‘User’ Server Router with Firewall External VLAN Node Control Network VLAN User Control DB Node Serial Line Server Power Serial Line Server User files Ethernet Bridge with Firewall Programmable Patch Panel (VLAN switch) SwitchControlInterface Internet Web/DB/SNMP, Switch Mgmt User Acct & Data logging server Users VLAN Boss VLAN Control Hardware VLAN Architecture

12 12 What is an experiment? Standard definition Background environment – Topology (physical nodes), OSes, applications – Cross-traffic – Cross-events Events of interest – Attack, intrusion – Worm spread – Botnet recruitment Perhaps a defense Scenario combining the above Measurement tools, metrics of success A user specifies EVERY detail

13 13 Using DETER – summary All you need is a Web browser and an SSH client Open a user account (open to all users) Create (faculty members or PIs from labs/companies are eligible) or join a project Log on to our Web site Run experiments – Create a topology, or retrieve an existing one – Nodes are assigned to you Exclusive, sudoer access – Load software you need or use DETER sw to create traffic and events of interest, deploy defenses, monitor (SSH) Swap out (return nodes) or terminate (if no longer needed) experiments

14 14 Using DETER – open account, manage exps

15 15 Using DETER – start an experiment topology

16 16 Using DETER – draw a topology

17 17 Using DETER – manage an experiment

18 18 Java front-end and Python back-end, support for many OSes Open-source, extensible tool Using DETER – drive an experiment via SEER

19 19 DETER Advanced Capabilities Policy based federation – Integration of diverse testbeds Risky experiment management – Balance realism and safety

20 20 Federation On-demand creation of experiments spanning multiple, independently controlled facilities Researcher – Controls experiment embedding Federants – Control resource access – Constrain resource use Related to (but not same as) experiment composition

21 21 Win for Everyone Unique facilities access to specialized resources at different sites Many communities of interest geographical areas, federation controlled by policy Data and knowledge sharing facilitates collaboration Information hiding enables multi-party scenarios with controlled views Extreme scale larger number of nodes than at any single site Multiple operating testbed environments

22 22 Federation System Architecture Experiment Creation Tool Federator Testbeds Experiment Creation Tool Experiment Creation Tool Testbed Properties Experiment Requirements Experiment Topology CEDL “Assembly Code” Standard Experiment Representation Experiment Decomposition Tools Testbed Properties

23 23 Risky Experiment Management Risks for: testbed, experiments, Internet Prohibit risky experiments – But these are necessary for security research Strict isolation – Really interesting experiments need to talk to the outside: visit Web sites, download files, Interact with a bot master Fixed containment – Difficult to come up with a set of fixed rules that would work for every experiment Experiment-driven containment – Hardest to achieve but results in best utility for experimenters — our approach

24 24 Two-constraint Approach to Experiment Risk Management Unconstrained behavior Constrained behavior Experiment behavior constraint transform: T1 Testbed behavior constraint transform: T2 Behavioral composition model: External behavior = T2(T1(experiment)) Safe and useful behavior Testbed safety goals User goals for research utility

25 25 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Multi-year program to catalyze cybersecurity science

26 26 DETER Users ClassValue Security Researchers Exploring/validating new ideas Publishing results Sharing data/tools Small CompaniesTesting product prototypes Sharing tools DHS ConstituenciesScenario exploration Training Emerging TechnologiesData sharing (e.g., PREDICT) Scenario exploration Training EducationRepeatability Abstraction Hands-on experience

27 27 DETER Users

28 28 DETER User Organizations Academia Carnegie Mellon University Columbia University Cornell University Dalhousie University DePaul University George Mason University Georgia State University Hokuriku Research Center ICSI IIT Delhi IRTT ISI Johns Hopkins University Jordan University of Science & Technology Lehigh University MIT New Jersey Institute of Technology Norfolk State University Pennsylvania State University Purdue University Rutgers University Sao Paulo State University Southern Illinois University TU Berlin TU Darmstadt Texas A&M University UC Berkeley Government Air Force Research Laboratory Lawrence Berkeley National Lab Lawrence Livermore National Lab Naval Postgraduate School Sandia National Laboratories USAR Information Operations Command Industry Agnik, LLC Aerospace Corporation Backbone Security BAE Systems, Inc. BBN Bell Labs Cs3 Inc. Distributed Infinity Inc. EADS Innovation Works FreeBSD Foundation iCAST Institute for Information Industry Intel Research Berkeley IntruGuard Devices, Inc. Purple Streak Secure64 Software Corp Skaion Corporation SPARTA SRI International Telcordia Technologies UC Davis UC Irvine UC Santa Cruz UCLA UCSD UIUC UNC Chapel Hill UNC Charlotte Universidad Michoacana de San Nicolas Universita di Pisa University of Advancing Technology University of Illinois, Urbana-Champaign University of Maryland University of Massachusetts University of Oregon University of Southern Callfornia University of Washington University of Wisconsin - Madison USC UT Arlington UT Austin UT Dallas Washington State University Washington University in St. Louis Western Michigan University Xiangnan University Youngstown State University

29 29 UCBttc: Example Project DETER Project Profile

30 30 Research done on DETER

31 31 Education on DETER Air Force Research Lab Colorado State University IIT Delhi Jordan University of S&T Lehigh University Santa Monica College Special support for education projects – Recyclable student accounts, automated setup – Class hand-off – Special resource access control – Resource reservation Shared exercise materials Education usage so far Sao Paolo State University UC Berkeley UCLA US ARMY School of IT University of Nebraska - Lincoln University of Southern California Youngstown State University

32 32 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research

33 33 What is an experiment? New definition Events of interest Background environment, domain-specific – Virtual topology (varies with phenomenon), could be dynamic, abstract, expresses needs and constraints – Cross-traffic, cross-events Perhaps a defense Scenario combining the above, domain-specific Measurement tools, metrics of success, domain- specific Research goals, domain-specific Invariants (truths that must hold), domain-specific A user specifies ONLY details of interest Experiment description separate from deployment

34 34 DETECT: DETER Next Generation Elements Goals Invariants Experiment Creation System Abstract Elements Containers Embedder Federation System Description Federated Systems Map Elements into Containers Assign Containers to Distributed Resources Interconnected Abstract Elements Increased testbed-wide expressiveness and control Significantly expands the set of feasible & interesting experiments

35 35 New Capabilities Elements Goals Invariants Experiment Creation System Embedder Federation System Description Federated Systems Map Elements into Containers Assign Containers to Distributed Resources Interconnected Abstract Elements New Style of Experiments (Advanced Scientific Instrument) New Abstractions (Advanced Testbed Technology) New Mapping Algorithms (Advanced Testbed Technology) New Security & Control Algorithms (Advanced Testbed Technology) New Domains New Sharing Mechanisms New Resources (New Domains)

36 36 Advanced Scientific Instrument Experiment abstraction: Decrease barrier, increase efficiency – Models – Recipes – Workbenches Invariants: Language for behavior – Refinement – Validity management – Risky experiment management Science of Repeatability Elements Goals Invariants

37 37 Experiment Health System Helps users understand their experiment’s behavior Generates, records and uses higher level knowledge about the experiment – Desired invariants – Expected behavior Takes corrective or notification action if invariant is violated – Monitor invariants – Trigger actions Captures invariants in exportable form for experiment reuse, repeatability and validation, etc. Event Architecture Diagnostics & Analytics Services ThirdEye Diagnostics and Analysis Framework for Testbed Experiments

38 38 Advanced Testbed Technologies Focus: Virtualization and abstraction Components: – Element = abstract representation of capability e.g., VM, SCADA simulation – Container = physical resources for element realization e.g., emulation hardware, PC Flexible, multi-level abstractions beyond VMs – Fine-grained control for advanced users – Interfaces and extension mechanisms – Mapping/embedding challenges Map Elements into Containers Assign Containers to Distributed Resources Inter- connected Abstract Elements

39 39 New Specialization Domains Botnets – Modeling multiple infection vectors – Characterizing propagation models – Incorporating recent discoveries Critical Infrastructure – Simulation packages as modules – Visualization – Integration with vulnerability data (S 2 TAR) Wireless – Integration with emulators – Wireless/wired risky experiments – Extend testbed with notions of mobility © impactlab.com © reset.jp ©geeksquad.com © reset.jp

40 40 Community Development Content sharing support – Experiments, data, models, recipes – Class materials, recent research results, ideas Shared spaces – Outreach: Conferences, tutorials, presentations – Share and connect: Website, exchange server, social networking tools – Common experiment description: Templates – Build community knowledge: domain-specific communities Education support – NSF CCLI grant: develop hands-on exercises for classes – Capture-the-Flag exercises – Moodle server for classes on DETER

41 41 Graduated, visual, and powerful experiments Domain-specific (DDoS, worm, botnet) capabilities Built-in sharing capabilities Experiment Templates Elements Goals Invariants

42 42 Enhanced Infrastructure Efficiency and scalability – Configuration management and infrastructure protection – VLAN bandwidth (10Gbps) – VM models/archival capabilities High-performance co-processing – NetFPGA node deployment – Hardware modules Advanced O&M – Fault location and management – Integrate IPMI (Intelligent Platform Monitor Interface) for early detection of problems – Idleness detection and management

43 43 DETER Summary DETER project develops scientific methods and infrastructure for advancing security in identified hard problems Six years of experience from multiple fronts – Operations – Research – Teaching Significantly improved safety, utility and usability of testbeds so far Exciting new developments planned, so stay tuned!

44 44 Thank you We’d love to hear your questions and comments! Jelena Mirkovic DETER Operations DETER project Web page DETER testbed Web page


Download ppt "THE DETER PROJECT: SCIENTIFIC, SAFE AND EASY CYBERSECURITY EXPERIMENTATION Jelena Mirkovic USC Information Sciences Institute Sponsored."

Similar presentations


Ads by Google