Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE DETER PROJECT: SCIENTIFIC, SAFE AND EASY CYBERSECURITY EXPERIMENTATION Jelena Mirkovic USC Information Sciences Institute Sponsored.

Published byMarilynn Banks Modified over 9 years ago

Similar presentations

Presentation on theme: "THE DETER PROJECT: SCIENTIFIC, SAFE AND EASY CYBERSECURITY EXPERIMENTATION Jelena Mirkovic USC Information Sciences Institute Sponsored."— Presentation transcript:

1 THE DETER PROJECT: SCIENTIFIC, SAFE AND EASY CYBERSECURITY EXPERIMENTATION Jelena Mirkovic USC Information Sciences Institute sunshine@isi.edu Sponsored by Dr. Doug Maughan, DHS S&T http://www.isi.edu/deter

2 2 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research

3 3 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research

4 4 DETER Background I 20+ years investment in network security research Platforms needed to efficiently explore design space Time Risk Capability

5 5 DETER Background II DimensionBarrier LanguageShared Vocabulary SafetyRisk management CorrectnessRealism of setup ScaleResources ConfidenceRigor, Repeatability EfficiencyAutomation Sharing & Community FlexibilityProgrammability Barriers to network security experimentation Systematically addressed by DETER project

6 6 DETER Goals Advance science of cybersecurity experimentation – Rigorous experiments – Repeatable experiments Advance testbed technologies – Federation – Risky experiment management Share infrastructure / broaden participation – Data, code, results, set up, ideas – Create community knowledge – Simplify, automate use – Testbeds in education

7 7 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research

8 8 The DETER Facility Located at USC/ISI and UC Berkeley Funded by NSF and DHS, started in 2004 400+ Nodes ~ 200 each at ISI and UC Berkeley Built with Emulab technology (http://www.emulab.net)

9 9 Data Center

10 10 Hardware 11 x Sun pc2800 64 x IBM pc733 64 x Dell pc3000 30 x Sun bpc2800 32 x Dell bpc3000 40 x HP 80 x Dell 64 x Dell UCB Cisco 6509 Nortel 5510 Foundry 1500 Nortel 5510 ~150Mbps with IPSec 2x 5x 1x 2x 8 x 1Gbps 4 x 1Gbps 2 x 1Gbps 1 GBps (4 later) Juniper M7i Juniper IDP-200 Cloud Shield 2200 McAfee Intrushield 2600 ISI

11 11 Master Server Node Power Controller N X 4 @1000bT Data ports ‘User’ Server Router with Firewall External VLAN Node Control Network VLAN User Control DB Node Serial Line Server Power Serial Line Server User files Ethernet Bridge with Firewall Programmable Patch Panel (VLAN switch) SwitchControlInterface Internet Web/DB/SNMP, Switch Mgmt User Acct & Data logging server Users VLAN Boss VLAN Control Hardware VLAN Architecture

12 12 What is an experiment? Standard definition Background environment – Topology (physical nodes), OSes, applications – Cross-traffic – Cross-events Events of interest – Attack, intrusion – Worm spread – Botnet recruitment Perhaps a defense Scenario combining the above Measurement tools, metrics of success A user specifies EVERY detail

13 13 Using DETER – summary All you need is a Web browser and an SSH client Open a user account (open to all users) Create (faculty members or PIs from labs/companies are eligible) or join a project Log on to our Web site Run experiments – Create a topology, or retrieve an existing one – Nodes are assigned to you Exclusive, sudoer access – Load software you need or use DETER sw to create traffic and events of interest, deploy defenses, monitor (SSH) Swap out (return nodes) or terminate (if no longer needed) experiments

14 14 Using DETER – open account, manage exps http://www.deterlab.net

15 15 Using DETER – start an experiment topology

16 16 Using DETER – draw a topology

17 17 Using DETER – manage an experiment

18 18 Java front-end and Python back-end, support for many OSes Open-source, extensible tool Using DETER – drive an experiment via SEER http://seer.isi.deterlab.net

19 19 DETER Advanced Capabilities Policy based federation – Integration of diverse testbeds Risky experiment management – Balance realism and safety

20 20 Federation On-demand creation of experiments spanning multiple, independently controlled facilities Researcher – Controls experiment embedding Federants – Control resource access – Constrain resource use Related to (but not same as) experiment composition http://fedd.isi.deterlab.net

21 21 Win for Everyone Unique facilities access to specialized resources at different sites Many communities of interest geographical areas, federation controlled by policy Data and knowledge sharing facilitates collaboration Information hiding enables multi-party scenarios with controlled views Extreme scale larger number of nodes than at any single site Multiple operating testbed environments

22 22 Federation System Architecture Experiment Creation Tool Federator Testbeds Experiment Creation Tool Experiment Creation Tool Testbed Properties Experiment Requirements Experiment Topology CEDL “Assembly Code” Standard Experiment Representation Experiment Decomposition Tools Testbed Properties

23 23 Risky Experiment Management Risks for: testbed, experiments, Internet Prohibit risky experiments – But these are necessary for security research Strict isolation – Really interesting experiments need to talk to the outside: visit Web sites, download files, Interact with a bot master Fixed containment – Difficult to come up with a set of fixed rules that would work for every experiment Experiment-driven containment – Hardest to achieve but results in best utility for experimenters — our approach

24 24 Two-constraint Approach to Experiment Risk Management Unconstrained behavior Constrained behavior Experiment behavior constraint transform: T1 Testbed behavior constraint transform: T2 Behavioral composition model: External behavior = T2(T1(experiment)) Safe and useful behavior Testbed safety goals User goals for research utility

25 25 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Multi-year program to catalyze cybersecurity science

26 26 DETER Users ClassValue Security Researchers Exploring/validating new ideas Publishing results Sharing data/tools Small CompaniesTesting product prototypes Sharing tools DHS ConstituenciesScenario exploration Training Emerging TechnologiesData sharing (e.g., PREDICT) Scenario exploration Training EducationRepeatability Abstraction Hands-on experience

27 27 DETER Users

28 28 DETER User Organizations Academia Carnegie Mellon University Columbia University Cornell University Dalhousie University DePaul University George Mason University Georgia State University Hokuriku Research Center ICSI IIT Delhi IRTT ISI Johns Hopkins University Jordan University of Science & Technology Lehigh University MIT New Jersey Institute of Technology Norfolk State University Pennsylvania State University Purdue University Rutgers University Sao Paulo State University Southern Illinois University TU Berlin TU Darmstadt Texas A&M University UC Berkeley Government Air Force Research Laboratory Lawrence Berkeley National Lab Lawrence Livermore National Lab Naval Postgraduate School Sandia National Laboratories USAR Information Operations Command Industry Agnik, LLC Aerospace Corporation Backbone Security BAE Systems, Inc. BBN Bell Labs Cs3 Inc. Distributed Infinity Inc. EADS Innovation Works FreeBSD Foundation iCAST Institute for Information Industry Intel Research Berkeley IntruGuard Devices, Inc. Purple Streak Secure64 Software Corp Skaion Corporation SPARTA SRI International Telcordia Technologies UC Davis UC Irvine UC Santa Cruz UCLA UCSD UIUC UNC Chapel Hill UNC Charlotte Universidad Michoacana de San Nicolas Universita di Pisa University of Advancing Technology University of Illinois, Urbana-Champaign University of Maryland University of Massachusetts University of Oregon University of Southern Callfornia University of Washington University of Wisconsin - Madison USC UT Arlington UT Austin UT Dallas Washington State University Washington University in St. Louis Western Michigan University Xiangnan University Youngstown State University

29 29 UCBttc: Example Project DETER Project Profile

30 30 Research done on DETER

31 31 Education on DETER Air Force Research Lab Colorado State University IIT Delhi Jordan University of S&T Lehigh University Santa Monica College http://www.isi.edu/deter/education Special support for education projects – Recyclable student accounts, automated setup – Class hand-off – Special resource access control – Resource reservation Shared exercise materials Education usage so far Sao Paolo State University UC Berkeley UCLA US ARMY School of IT University of Nebraska - Lincoln University of Southern California Youngstown State University

32 32 Talk Outline Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity Platform: Advanced testbed technology – Robust, diverse, and scalable experiments Growing Community: Collaborative science – Effective and efficient sharing Next Steps: DETECT – Program to catalyze cybersecurity research

33 33 What is an experiment? New definition Events of interest Background environment, domain-specific – Virtual topology (varies with phenomenon), could be dynamic, abstract, expresses needs and constraints – Cross-traffic, cross-events Perhaps a defense Scenario combining the above, domain-specific Measurement tools, metrics of success, domain- specific Research goals, domain-specific Invariants (truths that must hold), domain-specific A user specifies ONLY details of interest Experiment description separate from deployment

34 34 DETECT: DETER Next Generation Elements Goals Invariants Experiment Creation System Abstract Elements Containers Embedder Federation System Description Federated Systems Map Elements into Containers Assign Containers to Distributed Resources Interconnected Abstract Elements Increased testbed-wide expressiveness and control Significantly expands the set of feasible & interesting experiments

35 35 New Capabilities Elements Goals Invariants Experiment Creation System Embedder Federation System Description Federated Systems Map Elements into Containers Assign Containers to Distributed Resources Interconnected Abstract Elements New Style of Experiments (Advanced Scientific Instrument) New Abstractions (Advanced Testbed Technology) New Mapping Algorithms (Advanced Testbed Technology) New Security & Control Algorithms (Advanced Testbed Technology) New Domains New Sharing Mechanisms New Resources (New Domains)

36 36 Advanced Scientific Instrument Experiment abstraction: Decrease barrier, increase efficiency – Models – Recipes – Workbenches Invariants: Language for behavior – Refinement – Validity management – Risky experiment management Science of Repeatability Elements Goals Invariants

37 37 Experiment Health System Helps users understand their experiment’s behavior Generates, records and uses higher level knowledge about the experiment – Desired invariants – Expected behavior Takes corrective or notification action if invariant is violated – Monitor invariants – Trigger actions Captures invariants in exportable form for experiment reuse, repeatability and validation, etc. Event Architecture Diagnostics & Analytics Services ThirdEye Diagnostics and Analysis Framework for Testbed Experiments

38 38 Advanced Testbed Technologies Focus: Virtualization and abstraction Components: – Element = abstract representation of capability e.g., VM, SCADA simulation – Container = physical resources for element realization e.g., emulation hardware, PC Flexible, multi-level abstractions beyond VMs – Fine-grained control for advanced users – Interfaces and extension mechanisms – Mapping/embedding challenges Map Elements into Containers Assign Containers to Distributed Resources Inter- connected Abstract Elements

39 39 New Specialization Domains Botnets – Modeling multiple infection vectors – Characterizing propagation models – Incorporating recent discoveries Critical Infrastructure – Simulation packages as modules – Visualization – Integration with vulnerability data (S 2 TAR) Wireless – Integration with emulators – Wireless/wired risky experiments – Extend testbed with notions of mobility © impactlab.com © reset.jp ©geeksquad.com © reset.jp

40 40 Community Development Content sharing support – Experiments, data, models, recipes – Class materials, recent research results, ideas Shared spaces – Outreach: Conferences, tutorials, presentations – Share and connect: Website, exchange server, social networking tools – Common experiment description: Templates – Build community knowledge: domain-specific communities Education support – NSF CCLI grant: develop hands-on exercises for classes – Capture-the-Flag exercises – Moodle server for classes on DETER

41 41 Graduated, visual, and powerful experiments Domain-specific (DDoS, worm, botnet) capabilities Built-in sharing capabilities Experiment Templates Elements Goals Invariants

42 42 Enhanced Infrastructure Efficiency and scalability – Configuration management and infrastructure protection – VLAN bandwidth (10Gbps) – VM models/archival capabilities High-performance co-processing – NetFPGA node deployment – Hardware modules Advanced O&M – Fault location and management – Integrate IPMI (Intelligent Platform Monitor Interface) for early detection of problems – Idleness detection and management

43 43 DETER Summary DETER project develops scientific methods and infrastructure for advancing security in identified hard problems Six years of experience from multiple fronts – Operations – Research – Teaching Significantly improved safety, utility and usability of testbeds so far Exciting new developments planned, so stay tuned!

44 44 Thank you We’d love to hear your questions and comments! Jelena Mirkovic sunshine@isi.edu DETER Operations testbed-ops@isi.deterlab.net DETER project Web page http://www.isi.edu/deter DETER testbed Web page http://www.deterlab.net

Download ppt "THE DETER PROJECT: SCIENTIFIC, SAFE AND EASY CYBERSECURITY EXPERIMENTATION Jelena Mirkovic USC Information Sciences Institute Sponsored."

Similar presentations

INDIANAUNIVERSITYINDIANAUNIVERSITY GENI Global Environment for Network Innovation James Williams Director – International Networking Director – Operational.

INDIANAUNIVERSITYINDIANAUNIVERSITY GENI Global Environment for Network Innovation James Williams Director – International Networking Director – Operational.
TIED: A Cluster of One TIED: Trial Integration Environment DETER built on.

TIED: A Cluster of One TIED: Trial Integration Environment DETER built on.
This work was supported by the TRUST Center (NSF award number CCF-0424422) 1. Setting up experiment on DETER testbed a)Created twelve pc backbone nodes.

This work was supported by the TRUST Center (NSF award number CCF ) 1. Setting up experiment on DETER testbed a)Created twelve pc backbone nodes.
GENI: Global Environment for Networking Innovations Larry Landweber Senior Advisor NSF:CISE Joint Techs Madison, WI July 17, 2006.

GENI: Global Environment for Networking Innovations Larry Landweber Senior Advisor NSF:CISE Joint Techs Madison, WI July 17, 2006.
The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.

The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.
Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute 2008. 10. 22.

Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,

© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.

Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.
1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.

1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.
1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University

1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University
1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.

1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.
NGNS Program Managers Richard Carlson Thomas Ndousse ASCAC meeting 11/21/2014 Next Generation Networking for Science Program Update.

NGNS Program Managers Richard Carlson Thomas Ndousse ASCAC meeting 11/21/2014 Next Generation Networking for Science Program Update.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Internet GIS. A vast network connecting computers throughout the world Computers on the Internet are physically connected Computers on the Internet use.

Internet GIS. A vast network connecting computers throughout the world Computers on the Internet are physically connected Computers on the Internet use.
LÊ QU Ố C HUY ID: QLU13069 1. OUTLINE  What is data mining ?  Major issues in data mining 2.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
M ATERIALS R ESEARCH F ACILITIES N ETWORK Ram Seshadri Co-Director, UCSB Materials Research Laboratory: An NSF MRSEC Professor, Materials, and Chemistry.

M ATERIALS R ESEARCH F ACILITIES N ETWORK Ram Seshadri Co-Director, UCSB Materials Research Laboratory: An NSF MRSEC Professor, Materials, and Chemistry.
TRUST, Autumn 2010 Conference, November 10-11, 2010 Simulation of Network Attacks on SCADA Systems Rohan Chabukswar, Bruno Sinopoli, Gabor Karsai, Annarita.

TRUST, Autumn 2010 Conference, November 10-11, 2010 Simulation of Network Attacks on SCADA Systems Rohan Chabukswar, Bruno Sinopoli, Gabor Karsai, Annarita.

Similar presentations

Ads by Google