Download presentation
Presentation is loading. Please wait.
Published byMarilynn Banks Modified over 9 years ago
1
THE DETER PROJECT: SCIENTIFIC, SAFE AND EASY CYBERSECURITY EXPERIMENTATION Jelena Mirkovic USC Information Sciences Institute sunshine@isi.edu Sponsored by Dr. Doug Maughan, DHS S&T http://www.isi.edu/deter
2
2 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research
3
3 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research
4
4 DETER Background I 20+ years investment in network security research Platforms needed to efficiently explore design space Time Risk Capability
5
5 DETER Background II DimensionBarrier LanguageShared Vocabulary SafetyRisk management CorrectnessRealism of setup ScaleResources ConfidenceRigor, Repeatability EfficiencyAutomation Sharing & Community FlexibilityProgrammability Barriers to network security experimentation Systematically addressed by DETER project
6
6 DETER Goals Advance science of cybersecurity experimentation – Rigorous experiments – Repeatable experiments Advance testbed technologies – Federation – Risky experiment management Share infrastructure / broaden participation – Data, code, results, set up, ideas – Create community knowledge – Simplify, automate use – Testbeds in education
7
7 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research
8
8 The DETER Facility Located at USC/ISI and UC Berkeley Funded by NSF and DHS, started in 2004 400+ Nodes ~ 200 each at ISI and UC Berkeley Built with Emulab technology (http://www.emulab.net)
9
9 Data Center
10
10 Hardware 11 x Sun pc2800 64 x IBM pc733 64 x Dell pc3000 30 x Sun bpc2800 32 x Dell bpc3000 40 x HP 80 x Dell 64 x Dell UCB Cisco 6509 Nortel 5510 Foundry 1500 Nortel 5510 ~150Mbps with IPSec 2x 5x 1x 2x 8 x 1Gbps 4 x 1Gbps 2 x 1Gbps 1 GBps (4 later) Juniper M7i Juniper IDP-200 Cloud Shield 2200 McAfee Intrushield 2600 ISI
11
11 Master Server Node Power Controller N X 4 @1000bT Data ports ‘User’ Server Router with Firewall External VLAN Node Control Network VLAN User Control DB Node Serial Line Server Power Serial Line Server User files Ethernet Bridge with Firewall Programmable Patch Panel (VLAN switch) SwitchControlInterface Internet Web/DB/SNMP, Switch Mgmt User Acct & Data logging server Users VLAN Boss VLAN Control Hardware VLAN Architecture
12
12 What is an experiment? Standard definition Background environment – Topology (physical nodes), OSes, applications – Cross-traffic – Cross-events Events of interest – Attack, intrusion – Worm spread – Botnet recruitment Perhaps a defense Scenario combining the above Measurement tools, metrics of success A user specifies EVERY detail
13
13 Using DETER – summary All you need is a Web browser and an SSH client Open a user account (open to all users) Create (faculty members or PIs from labs/companies are eligible) or join a project Log on to our Web site Run experiments – Create a topology, or retrieve an existing one – Nodes are assigned to you Exclusive, sudoer access – Load software you need or use DETER sw to create traffic and events of interest, deploy defenses, monitor (SSH) Swap out (return nodes) or terminate (if no longer needed) experiments
14
14 Using DETER – open account, manage exps http://www.deterlab.net
15
15 Using DETER – start an experiment topology
16
16 Using DETER – draw a topology
17
17 Using DETER – manage an experiment
18
18 Java front-end and Python back-end, support for many OSes Open-source, extensible tool Using DETER – drive an experiment via SEER http://seer.isi.deterlab.net
19
19 DETER Advanced Capabilities Policy based federation – Integration of diverse testbeds Risky experiment management – Balance realism and safety
20
20 Federation On-demand creation of experiments spanning multiple, independently controlled facilities Researcher – Controls experiment embedding Federants – Control resource access – Constrain resource use Related to (but not same as) experiment composition http://fedd.isi.deterlab.net
21
21 Win for Everyone Unique facilities access to specialized resources at different sites Many communities of interest geographical areas, federation controlled by policy Data and knowledge sharing facilitates collaboration Information hiding enables multi-party scenarios with controlled views Extreme scale larger number of nodes than at any single site Multiple operating testbed environments
22
22 Federation System Architecture Experiment Creation Tool Federator Testbeds Experiment Creation Tool Experiment Creation Tool Testbed Properties Experiment Requirements Experiment Topology CEDL “Assembly Code” Standard Experiment Representation Experiment Decomposition Tools Testbed Properties
23
23 Risky Experiment Management Risks for: testbed, experiments, Internet Prohibit risky experiments – But these are necessary for security research Strict isolation – Really interesting experiments need to talk to the outside: visit Web sites, download files, Interact with a bot master Fixed containment – Difficult to come up with a set of fixed rules that would work for every experiment Experiment-driven containment – Hardest to achieve but results in best utility for experimenters — our approach
24
24 Two-constraint Approach to Experiment Risk Management Unconstrained behavior Constrained behavior Experiment behavior constraint transform: T1 Testbed behavior constraint transform: T2 Behavioral composition model: External behavior = T2(T1(experiment)) Safe and useful behavior Testbed safety goals User goals for research utility
25
25 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Multi-year program to catalyze cybersecurity science
26
26 DETER Users ClassValue Security Researchers Exploring/validating new ideas Publishing results Sharing data/tools Small CompaniesTesting product prototypes Sharing tools DHS ConstituenciesScenario exploration Training Emerging TechnologiesData sharing (e.g., PREDICT) Scenario exploration Training EducationRepeatability Abstraction Hands-on experience
27
27 DETER Users
28
28 DETER User Organizations Academia Carnegie Mellon University Columbia University Cornell University Dalhousie University DePaul University George Mason University Georgia State University Hokuriku Research Center ICSI IIT Delhi IRTT ISI Johns Hopkins University Jordan University of Science & Technology Lehigh University MIT New Jersey Institute of Technology Norfolk State University Pennsylvania State University Purdue University Rutgers University Sao Paulo State University Southern Illinois University TU Berlin TU Darmstadt Texas A&M University UC Berkeley Government Air Force Research Laboratory Lawrence Berkeley National Lab Lawrence Livermore National Lab Naval Postgraduate School Sandia National Laboratories USAR Information Operations Command Industry Agnik, LLC Aerospace Corporation Backbone Security BAE Systems, Inc. BBN Bell Labs Cs3 Inc. Distributed Infinity Inc. EADS Innovation Works FreeBSD Foundation iCAST Institute for Information Industry Intel Research Berkeley IntruGuard Devices, Inc. Purple Streak Secure64 Software Corp Skaion Corporation SPARTA SRI International Telcordia Technologies UC Davis UC Irvine UC Santa Cruz UCLA UCSD UIUC UNC Chapel Hill UNC Charlotte Universidad Michoacana de San Nicolas Universita di Pisa University of Advancing Technology University of Illinois, Urbana-Champaign University of Maryland University of Massachusetts University of Oregon University of Southern Callfornia University of Washington University of Wisconsin - Madison USC UT Arlington UT Austin UT Dallas Washington State University Washington University in St. Louis Western Michigan University Xiangnan University Youngstown State University
29
29 UCBttc: Example Project DETER Project Profile
30
30 Research done on DETER
31
31 Education on DETER Air Force Research Lab Colorado State University IIT Delhi Jordan University of S&T Lehigh University Santa Monica College http://www.isi.edu/deter/education Special support for education projects – Recyclable student accounts, automated setup – Class hand-off – Special resource access control – Resource reservation Shared exercise materials Education usage so far Sao Paolo State University UC Berkeley UCLA US ARMY School of IT University of Nebraska - Lincoln University of Southern California Youngstown State University
32
32 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research
33
33 What is an experiment? New definition Events of interest Background environment, domain-specific – Virtual topology (varies with phenomenon), could be dynamic, abstract, expresses needs and constraints – Cross-traffic, cross-events Perhaps a defense Scenario combining the above, domain-specific Measurement tools, metrics of success, domain- specific Research goals, domain-specific Invariants (truths that must hold), domain-specific A user specifies ONLY details of interest Experiment description separate from deployment
34
34 DETECT: DETER Next Generation Elements Goals Invariants Experiment Creation System Abstract Elements Containers Embedder Federation System Description Federated Systems Map Elements into Containers Assign Containers to Distributed Resources Interconnected Abstract Elements Increased testbed-wide expressiveness and control Significantly expands the set of feasible & interesting experiments
35
35 New Capabilities Elements Goals Invariants Experiment Creation System Embedder Federation System Description Federated Systems Map Elements into Containers Assign Containers to Distributed Resources Interconnected Abstract Elements New Style of Experiments (Advanced Scientific Instrument) New Abstractions (Advanced Testbed Technology) New Mapping Algorithms (Advanced Testbed Technology) New Security & Control Algorithms (Advanced Testbed Technology) New Domains New Sharing Mechanisms New Resources (New Domains)
36
36 Advanced Scientific Instrument Experiment abstraction: Decrease barrier, increase efficiency – Models – Recipes – Workbenches Invariants: Language for behavior – Refinement – Validity management – Risky experiment management Science of Repeatability Elements Goals Invariants
37
37 Experiment Health System Helps users understand their experiment’s behavior Generates, records and uses higher level knowledge about the experiment – Desired invariants – Expected behavior Takes corrective or notification action if invariant is violated – Monitor invariants – Trigger actions Captures invariants in exportable form for experiment reuse, repeatability and validation, etc. Event Architecture Diagnostics & Analytics Services ThirdEye Diagnostics and Analysis Framework for Testbed Experiments
38
38 Advanced Testbed Technologies Focus: Virtualization and abstraction Components: – Element = abstract representation of capability e.g., VM, SCADA simulation – Container = physical resources for element realization e.g., emulation hardware, PC Flexible, multi-level abstractions beyond VMs – Fine-grained control for advanced users – Interfaces and extension mechanisms – Mapping/embedding challenges Map Elements into Containers Assign Containers to Distributed Resources Inter- connected Abstract Elements
39
39 New Specialization Domains Botnets – Modeling multiple infection vectors – Characterizing propagation models – Incorporating recent discoveries Critical Infrastructure – Simulation packages as modules – Visualization – Integration with vulnerability data (S 2 TAR) Wireless – Integration with emulators – Wireless/wired risky experiments – Extend testbed with notions of mobility © impactlab.com © reset.jp ©geeksquad.com © reset.jp
40
40 Community Development Content sharing support – Experiments, data, models, recipes – Class materials, recent research results, ideas Shared spaces – Outreach: Conferences, tutorials, presentations – Share and connect: Website, exchange server, social networking tools – Common experiment description: Templates – Build community knowledge: domain-specific communities Education support – NSF CCLI grant: develop hands-on exercises for classes – Capture-the-Flag exercises – Moodle server for classes on DETER
41
41 Graduated, visual, and powerful experiments Domain-specific (DDoS, worm, botnet) capabilities Built-in sharing capabilities Experiment Templates Elements Goals Invariants
42
42 Enhanced Infrastructure Efficiency and scalability – Configuration management and infrastructure protection – VLAN bandwidth (10Gbps) – VM models/archival capabilities High-performance co-processing – NetFPGA node deployment – Hardware modules Advanced O&M – Fault location and management – Integrate IPMI (Intelligent Platform Monitor Interface) for early detection of problems – Idleness detection and management
43
43 DETER Summary DETER project develops scientific methods and infrastructure for advancing security in identified hard problems Six years of experience from multiple fronts – Operations – Research – Teaching Significantly improved safety, utility and usability of testbeds so far Exciting new developments planned, so stay tuned!
44
44 Thank you We’d love to hear your questions and comments! Jelena Mirkovic sunshine@isi.edu DETER Operations testbed-ops@isi.deterlab.net DETER project Web page http://www.isi.edu/deter DETER testbed Web page http://www.deterlab.net
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.