Presentation is loading. Please wait.

Presentation is loading. Please wait.

Griffin Final Report DETER Testbed Update Anthony D. Joseph UC Berkeley Sahara Retreat, June 2004.

Similar presentations

Presentation on theme: "Griffin Final Report DETER Testbed Update Anthony D. Joseph UC Berkeley Sahara Retreat, June 2004."— Presentation transcript:

1 Griffin Final Report DETER Testbed Update Anthony D. Joseph UC Berkeley Sahara Retreat, June 2004

2 2 Outline Griffin – Motivation – Goals and Components – Retreat talks DETER Update – Motivation and goals – Testbed status – Applications: virus filtering, worm propagation

3 3 Near-Continuous, Highly-Variable Internet Connectivity Connectivity everywhere: campus, in-building, satellite… – Projects: Sahara (01-04), Iceberg (98-01), Rover (95-97) Most applications support limited variability (1% to 2x) – Design environment for legacy apps is static desktop LAN – Strong abstraction boundaries (APIs) hide the # of RPCs But, today’s apps see a wider range of variability – 3  5 orders of magnitude of bandwidth from 10's Kb/s  1 Gb/s – 4  6 orders of magnitude of latency from 1  sec  1,000's ms – 5  9 orders of magnitude of loss rates from 10 -3  10 -12 BER – Neither best-effort or unbounded retransmission may be ideal – Also, overloaded servers / limited resources on mobile devices Result: Poor/variable performance from legacy apps

4 4 Griffin Goals and an Adpative, Predictive Approach Users always see excellent (  local, lightly loaded) application behavior and performance – Agility: key metric is time to predict, react, and adapt – Apply continuous, cross-layer, multi-timescale introspection – SUCCESS: Tapas -- Building accurate models of correlated events Help legacy and new applications handle changing conditions – Analyze, classify, and predict behavior – Pre-stage dynamic/static code/data (activate on demand) – SUCCESS: REAP/MINO/COMPASS --- Dynamic code/data placement with automatic service location Overlay more powerful network model on top of IP – Avoid standardization delays/inertia, enables dynamic svc placement – PARTIAL: Tapestry/Brocade --- Interoperation with IP routing policies

5 5 Some Enabling Infrastructure Components We’ve Built Tapas network characteristics toolkit [Konrad: Mills prof.] – Measuring/modeling/emulating/predicting delay, loss, … – Provides micro-scale network weather information – Mechanism for monitoring/predicting available QoS REAP application building toolkit [Czerwinski: Google] – Introspective mobile code/data support for legacy / new apps – REAP dynamic service component placement – MINO E-mail application, COMPASS service instance locator Tapestry, Brocade, and Mobile Tapestry [Hildrum: IBM, Zhao: UCSB prof.] – Overlay routing layer providing efficient application-level object location and routing – Mobility support, fault-tolerance, varying delivery semantics

6 6 Related Talks at Retreat Kris Hildrum: Locality in Tapestry – Highlight talk today Sean Rhea: OpenHash – Tuesday morning in Overlay Networking parallel session Ling Huang: Probabilistic data aggregation – Tuesday evening in Overlay Networking parallel session

7 7 Outline Griffin – Motivation – Goals and Components – Retreat talks DETER Update – Motivation and goals – Testbed status – Applications: virus filtering, worm propagation

8 8

9 9 cyber DEfense Technology Experimental Research (DETER) NSF and DHS sponsored cyber-defense research project – Lead PIs: UCB, USC-ISI, McAfee DETER Goals: 1.Design and construction of a testbed for network security experiments, 2.Research on experimental methodology for network security, and 3.Research on network security. DETER: focus on 1), but it needs to do some of 2) and 3) Goal: Duplicate observed attack effects in the testbed – E.g., self-congestion for worms

10 10 Background People: – Anthony Joseph, Ruzena Bajcsy, Shankar Sastry, David Culler, Doug Tygar, David Wagner, Eric Fraser (staff), Yih-Chun Hu (postdoc) 3 experiment areas in related EMIST project – Worms, routing attacks, DDoS attacks Just completed major demo last week in DC – 50 tech govn’t (NSF, NIST, DARPA, NSA, DHS) Experimenters Workshop (11/8 or 11/15 week)

11 11 DETER+EMIST Motivation New, increasingly virulent Worms and Viruses MyDoom/Novarg e-mail virus/worm – 40 reports/hr in first hour, quarantined 8 million in first 24 hours – Spreads via E-mail, jumps firewalls thru Peer-to-Peer networks – Blocks access to anti-virus and MS update sites Distributed Denial of Service (DDoS) attacks – “Large scale, international attack on [Akamai] infrastructure" Potential: routing hardware & software attacks Issues: – Inadequate wide scale deployment of security technologies – Lack of experimental infrastructure: limited-scale private labs – Missing objective test data, traffic and metrics

12 12 DETER+EMIST Vision... to provide the scientific knowledge required to enable the development of solutions to cyber security problems of national importance Through the creation of an experimental infrastructure network -- networks, tools, methodologies, and supporting processes -- to support national-scale experimentation on research and advanced development of security technologies. “Real systems, Real attacks, Real world!”

13 13 Architecture and Design: Cluster Testbed Basic choice: cluster vs. distributed testbed – Example: Emulab vs. Planetlab design. Two major reasons to choose clusters for DETER: 1. Security & containment … would be impossible in a distributed testbed. 2. Need complete control over experimental conditions for repeatability

14 14 DETER Experimental Network PC 160 N x 4 @1000bT Data ports PC Programmable Patch Panel (VLAN switch) Switch Control Interface Clusters of N identical experimental nodes, interconnected dynamically into arbitrary topologies using VLAN switch Pool of N identical processors

15 15 Example Topology Created using DETER (as11537-5s-2t)

16 16 The Fidelity Issue Would ideally like: – Large and realistic topologies – Diverse, realistic nodes and links But: – Fidelity is expensive – Large-scale fidelity may be unnecessary for (maybe even contrary to) good science. – Plan to add limited heterogeneity and realism – e.g., a few vendor routers, network processors

17 17 Early-stage Local Research Efforts APE: SLT-based virus detection and containment – Uses unsupervised learning to classify outgoing e-mail based on features (# of recipients, attachments, etc.) – Built prototype, now exploring different models Worm propagation effects on realistic topologies – Using Parallel and Distributed NS to emulate up to 15,000 nodes with realistic latencies and bandwidths – Significantly different propagation patterns from analytical models due to congestion effects

18 18 UC Berkeley USC-ISI ISI-East Internet Cyber Defense Experiments run on Virtual InternetNetwork Traces Wide-Area Testbed Architecture 72 PCs April 04 Based on Utah’s Emulab SW 32 PCs, but more powerful HW & firewalls July 04

19 19 Foundry FastIron 1500 16 x 10 1000bT ports SUN Internet 160 APC Power Controllers 32 x 4 @1000bT Data ports 32 @ 1000bT Control ports Firewall SUN … Serial Line & Power Server Cache Boss Server Control VPN Server Switch Control Interface Data VPN Server Cutoff Point UCB DETER Testbed

20 20 Collaboration Opportunities Research opportunities – Measuring application behavior under attack Web servers, file servers, etc. – Strategies for mitigating attacks Worm defenses, DDoS traceback and block, hardening routing protocols – Operations and management Substantial knowledgebase from commercial operations Hardware donations – Network nodes, Firewall machines, L2/L3 routers, etc

21 21 Overlay Networking Parallel Sessions Schedule 0830-1000 Peer-to-Peer and Routing (Ion) – Sean Rhea: OpenHash – Jayanth Kanan: Supporting Legacy applications in i3 – Brighten Godfrey: A Heterogeneity-Aware Distributed Hash Table – Rodrigo Fonseca: Beacon Vector Routing 1930-2100 Applications in Wide Area Networks (Anthony) – Ling Huang: Probabilistic Aggregation in Distributed Networks – David Oppenheimer: Resource Discovery in Distributed Systems – Dennis Geels: Deterministic Replay for Debugging Overlay Networks

22 Griffin Final Report DETER Testbed Update Anthony D. Joseph UC Berkeley Sahara Retreat, June 2004

Download ppt "Griffin Final Report DETER Testbed Update Anthony D. Joseph UC Berkeley Sahara Retreat, June 2004."

Similar presentations

Ads by Google