1. Griffin Final Report DETER Testbed Update Anthony D. Joseph UC Berkeley http://deter.cs.berkeley.edu/ Sahara Retreat, June 2004

2. 2 Outline Griffin – Motivation – Goals and Components – Retreat talks DETER Update – Motivation and goals – Testbed status – Applications: virus filtering, worm propagation

3. 3 Near-Continuous, Highly-Variable Internet Connectivity Connectivity everywhere: campus, in-building, satellite… – Projects: Sahara (01-04), Iceberg (98-01), Rover (95-97) Most applications support limited variability (1% to 2x) – Design environment for legacy apps is static desktop LAN – Strong abstraction boundaries (APIs) hide the # of RPCs But, today’s apps see a wider range of variability – 3  5 orders of magnitude of bandwidth from 10's Kb/s  1 Gb/s – 4  6 orders of magnitude of latency from 1  sec  1,000's ms – 5  9 orders of magnitude of loss rates from 10 -3  10 -12 BER – Neither best-effort or unbounded retransmission may be ideal – Also, overloaded servers / limited resources on mobile devices Result: Poor/variable performance from legacy apps

4. 4 Griffin Goals and an Adpative, Predictive Approach Users always see excellent (  local, lightly loaded) application behavior and performance – Agility: key metric is time to predict, react, and adapt – Apply continuous, cross-layer, multi-timescale introspection – SUCCESS: Tapas -- Building accurate models of correlated events Help legacy and new applications handle changing conditions – Analyze, classify, and predict behavior – Pre-stage dynamic/static code/data (activate on demand) – SUCCESS: REAP/MINO/COMPASS --- Dynamic code/data placement with automatic service location Overlay more powerful network model on top of IP – Avoid standardization delays/inertia, enables dynamic svc placement – PARTIAL: Tapestry/Brocade --- Interoperation with IP routing policies

5. 5 Some Enabling Infrastructure Components We’ve Built Tapas network characteristics toolkit [Konrad: Mills prof.] – Measuring/modeling/emulating/predicting delay, loss, … – Provides micro-scale network weather information – Mechanism for monitoring/predicting available QoS REAP application building toolkit [Czerwinski: Google] – Introspective mobile code/data support for legacy / new apps – REAP dynamic service component placement – MINO E-mail application, COMPASS service instance locator Tapestry, Brocade, and Mobile Tapestry [Hildrum: IBM, Zhao: UCSB prof.] – Overlay routing layer providing efficient application-level object location and routing – Mobility support, fault-tolerance, varying delivery semantics

6. 6 Related Talks at Retreat Kris Hildrum: Locality in Tapestry – Highlight talk today Sean Rhea: OpenHash – Tuesday morning in Overlay Networking parallel session Ling Huang: Probabilistic data aggregation – Tuesday evening in Overlay Networking parallel session

7. 7 Outline Griffin – Motivation – Goals and Components – Retreat talks DETER Update – Motivation and goals – Testbed status – Applications: virus filtering, worm propagation

8. 8

9. 9 cyber DEfense Technology Experimental Research (DETER) NSF and DHS sponsored cyber-defense research project – Lead PIs: UCB, USC-ISI, McAfee DETER Goals: 1.Design and construction of a testbed for network security experiments, 2.Research on experimental methodology for network security, and 3.Research on network security. DETER: focus on 1), but it needs to do some of 2) and 3) Goal: Duplicate observed attack effects in the testbed – E.g., self-congestion for worms

10. 10 Background People: – Anthony Joseph, Ruzena Bajcsy, Shankar Sastry, David Culler, Doug Tygar, David Wagner, Eric Fraser (staff), Yih-Chun Hu (postdoc) 3 experiment areas in related EMIST project – Worms, routing attacks, DDoS attacks Just completed major demo last week in DC – 50 tech govn’t (NSF, NIST, DARPA, NSA, DHS) Experimenters Workshop (11/8 or 11/15 week)

11. 11 DETER+EMIST Motivation New, increasingly virulent Worms and Viruses MyDoom/Novarg e-mail virus/worm – 40 reports/hr in first hour, quarantined 8 million in first 24 hours – Spreads via E-mail, jumps firewalls thru Peer-to-Peer networks – Blocks access to anti-virus and MS update sites Distributed Denial of Service (DDoS) attacks – “Large scale, international attack on [Akamai] infrastructure" Potential: routing hardware & software attacks Issues: – Inadequate wide scale deployment of security technologies – Lack of experimental infrastructure: limited-scale private labs – Missing objective test data, traffic and metrics

12. 12 DETER+EMIST Vision... to provide the scientific knowledge required to enable the development of solutions to cyber security problems of national importance Through the creation of an experimental infrastructure network -- networks, tools, methodologies, and supporting processes -- to support national-scale experimentation on research and advanced development of security technologies. “Real systems, Real attacks, Real world!”

13. 13 Architecture and Design: Cluster Testbed Basic choice: cluster vs. distributed testbed – Example: Emulab vs. Planetlab design. Two major reasons to choose clusters for DETER: 1. Security & containment … would be impossible in a distributed testbed. 2. Need complete control over experimental conditions for repeatability

14. 14 DETER Experimental Network PC 160 N x 4 @1000bT Data ports PC Programmable Patch Panel (VLAN switch) Switch Control Interface Clusters of N identical experimental nodes, interconnected dynamically into arbitrary topologies using VLAN switch Pool of N identical processors

15. 15 Example Topology Created using DETER (as11537-5s-2t)

16. 16 The Fidelity Issue Would ideally like: – Large and realistic topologies – Diverse, realistic nodes and links But: – Fidelity is expensive – Large-scale fidelity may be unnecessary for (maybe even contrary to) good science. – Plan to add limited heterogeneity and realism – e.g., a few vendor routers, network processors

17. 17 Early-stage Local Research Efforts APE: SLT-based virus detection and containment – Uses unsupervised learning to classify outgoing e-mail based on features (# of recipients, attachments, etc.) – Built prototype, now exploring different models Worm propagation effects on realistic topologies – Using Parallel and Distributed NS to emulate up to 15,000 nodes with realistic latencies and bandwidths – Significantly different propagation patterns from analytical models due to congestion effects

18. 18 UC Berkeley USC-ISI ISI-East Internet Cyber Defense Experiments run on Virtual InternetNetwork Traces Wide-Area Testbed Architecture 72 PCs April 04 Based on Utah’s Emulab SW 32 PCs, but more powerful HW & firewalls July 04

19. 19 Foundry FastIron 1500 16 x 10 1000bT ports SUN Internet 160 APC Power Controllers 32 x 4 @1000bT Data ports 32 @ 1000bT Control ports Firewall SUN … Serial Line & Power Server Cache Boss Server Control VPN Server Switch Control Interface Data VPN Server Cutoff Point UCB DETER Testbed

20. 20 Collaboration Opportunities http://www.isi.deterlab.net/index.php3 Research opportunities – Measuring application behavior under attack Web servers, file servers, etc. – Strategies for mitigating attacks Worm defenses, DDoS traceback and block, hardening routing protocols – Operations and management Substantial knowledgebase from commercial operations Hardware donations – Network nodes, Firewall machines, L2/L3 routers, etc

21. 21 Overlay Networking Parallel Sessions Schedule 0830-1000 Peer-to-Peer and Routing (Ion) – Sean Rhea: OpenHash – Jayanth Kanan: Supporting Legacy applications in i3 – Brighten Godfrey: A Heterogeneity-Aware Distributed Hash Table – Rodrigo Fonseca: Beacon Vector Routing 1930-2100 Applications in Wide Area Networks (Anthony) – Ling Huang: Probabilistic Aggregation in Distributed Networks – David Oppenheimer: Resource Discovery in Distributed Systems – Dennis Geels: Deterministic Replay for Debugging Overlay Networks

22. Griffin Final Report DETER Testbed Update Anthony D. Joseph UC Berkeley http://deter.cs.berkeley.edu/ Sahara Retreat, June 2004