• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
The DETER Project
 

The DETER Project

on

  • 1,600 views

 

Statistics

Views

Total Views
1,600
Views on SlideShare
1,592
Embed Views
8

Actions

Likes
0
Downloads
24
Comments
0

2 Embeds 8

http://www.slideshare.net 7
http://yok.to 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    The DETER Project The DETER Project Presentation Transcript

    • THE DETER PROJECT: SCIENTIFIC, SAFE AND EASY CYBERSECURITY EXPERIMENTATION Jelena Mirkovic USC Information Sciences Institute sunshine@isi.edu Sponsored by Dr. Doug Maughan, DHS S&T http://www.isi.edu/deter
    • Talk Outline • Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity • Platform: Advanced testbed technology – Robust, diverse, and scalable experiments • Growing Community: Collaborative science – Effective and efficient sharing • Next Steps: DETECT – Program to catalyze cybersecurity research 2
    • Talk Outline • Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity • Platform: Advanced testbed technology – Robust, diverse, and scalable experiments • Growing Community: Collaborative science – Effective and efficient sharing • Next Steps: DETECT – Program to catalyze cybersecurity research 3
    • DETER Background I Risk Capability Time • 20+ years investment in network security research • Platforms needed to efficiently explore design space 4
    • DETER Background II • Barriers to network security experimentation Dimension Barrier Language Shared Vocabulary Safety Risk management Correctness Realism of setup Scale Resources Confidence Rigor, Repeatability Efficiency Automation Sharing & Community Flexibility Programmability • Systematically addressed by DETER project 5
    • DETER Goals • Advance science of cybersecurity experimentation – Rigorous experiments – Repeatable experiments • Advance testbed technologies – Federation – Risky experiment management • Share infrastructure / broaden participation – Data, code, results, set up, ideas – Create community knowledge – Simplify, automate use – Testbeds in education 6
    • Talk Outline • Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity • Platform: Advanced testbed technology – Robust, diverse, and scalable experiments • Growing Community: Collaborative science – Effective and efficient sharing • Next Steps: DETECT – Program to catalyze cybersecurity research 7
    • The DETER Facility • Located at USC/ISI and UC Berkeley • Funded by NSF and DHS, started in 2004 • 400+ Nodes ~ 200 each at ISI and UC Berkeley • Built with Emulab technology (http://www.emulab.net) 8
    • Data Center 9
    • Hardware ISI 64 x IBM 11 x Sun 64 x Dell pc733 pc2800 pc3000 80 x Dell Juniper 2x IDP-200 8 x 1Gbps Cisco 6509 Nortel 5510 1 GBps (4 later) 5x Juniper M7i 4 x 1Gbps ~150Mbps with IPSec UCB 1x Cloud Shield 2200 4 x 1Gbps 30 x Sun 32 x Dell bpc2800 bpc3000 40 x HP 64 x Dell McAfee 2x Intrushield 2600 2 x 1Gbps Foundry 1500 Nortel 5510 1 GBps (4 later) 10
    • Architecture User Internet Control Ethernet Bridge DB with Firewall ‘User’ Server External Master Server User VLAN files User Acct & Web/DB/SNMP, Data logging Users Boss Switch Mgmt server VLAN VLAN Router Control Node Serial with Firewall Hardware VLAN Power Serial Line Server Line Server Control Network VLAN Interface Control Switch Power Node Node Node Controller N X 4 @1000bT Data ports Programmable Patch Panel (VLAN switch) 11
    • What is an experiment? Standard definition • Background environment – Topology (physical nodes), OSes, applications – Cross-traffic – Cross-events • Events of interest – Attack, intrusion – Worm spread – Botnet recruitment • Perhaps a defense • Scenario combining the above • Measurement tools, metrics of success • A user specifies EVERY detail 12
    • Using DETER – summary • All you need is a Web browser and an SSH client • Open a user account (open to all users) • Create (faculty members or PIs from labs/companies are eligible) or join a project • Log on to our Web site • Run experiments – Create a topology, or retrieve an existing one – Nodes are assigned to you • Exclusive, sudoer access – Load software you need or use DETER sw to create traffic and events of interest, deploy defenses, monitor (SSH) • Swap out (return nodes) or terminate (if no longer needed) experiments 13
    • Using DETER – open account, manage exps http://www.deterlab.net 14
    • Using DETER – start an experiment topology 15
    • Using DETER – draw a topology 16
    • Using DETER – manage an experiment 17
    • Using DETER – drive an experiment via SEER http://seer.isi.deterlab.net • Java front-end and Python back-end, support for many OSes • Open-source, extensible tool 18
    • DETER Advanced Capabilities • Policy based federation – Integration of diverse testbeds • Risky experiment management – Balance realism and safety 19
    • Federation http://fedd.isi.deterlab.net On-demand creation of experiments spanning multiple, independently controlled facilities Researcher – Controls experiment embedding Federants – Control resource access – Constrain resource use Related to (but not same as) experiment composition 20
    • Win for Everyone Unique facilities access to specialized resources at different sites Many communities of interest geographical areas, federation controlled by policy Data and knowledge sharing facilitates collaboration Information hiding enables multi-party scenarios with controlled views Extreme scale larger number of nodes than at any single site Multiple operating testbed environments 21
    • Federation System Architecture CEDL “Assembly Code” Standard Experiment Representation Testbeds Experiment Experiment Creation Requirements Tool Testbed Experiment Properties Creation Federator Tool Experiment Topology Experiment Creation Tool Testbed Experiment Properties Decomposition Tools 22
    • Risky Experiment Management • Risks for: testbed, experiments, Internet • Prohibit risky experiments – But these are necessary for security research • Strict isolation – Really interesting experiments need to talk to the outside: visit Web sites, download files, Interact with a bot master • Fixed containment – Difficult to come up with a set of fixed rules that would work for every experiment • Experiment-driven containment – Hardest to achieve but results in best utility for experimenters — our approach 23
    • Two-constraint Approach to Experiment Risk Management User goals for research utility Testbed safety goals Unconstrained Constrained Safe and useful behavior behavior behavior Experiment Testbed behavior constraint behavior constraint transform: T1 transform: T2 Behavioral composition model: External behavior = T2(T1(experiment)) 24
    • Talk Outline • Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity • Platform: Advanced testbed technology – Robust, diverse, and scalable experiments • Growing Community: Collaborative science – Effective and efficient sharing • Next Steps: DETECT – Multi-year program to catalyze cybersecurity science 25
    • DETER Users Class Value Security Researchers Exploring/validating new ideas Publishing results Sharing data/tools Small Companies Testing product prototypes Sharing tools DHS Constituencies Scenario exploration Training Emerging Technologies Data sharing (e.g., PREDICT) Scenario exploration Training Education Repeatability Abstraction Hands-on experience 26
    • DETER Users 27
    • DETER User Organizations Government Academia UC Davis Air Force Research Laboratory Carnegie Mellon University UC Irvine Lawrence Berkeley National Lab Columbia University UC Santa Cruz Lawrence Livermore National Lab Cornell University UCLA Naval Postgraduate School Dalhousie University UCSD Sandia National Laboratories DePaul University UIUC USAR Information Operations Command George Mason University UNC Chapel Hill Georgia State University UNC Charlotte Industry Hokuriku Research Center Universidad Michoacana de San Nicolas Agnik, LLC ICSI Universita di Pisa Aerospace Corporation IIT Delhi University of Advancing Technology Backbone Security IRTT University of Illinois, Urbana-Champaign BAE Systems, Inc. ISI University of Maryland BBN Johns Hopkins University University of Massachusetts Bell Labs Jordan University of Science & Technology University of Oregon Cs3 Inc. Lehigh University University of Southern Callfornia Distributed Infinity Inc. MIT University of Washington EADS Innovation Works New Jersey Institute of Technology University of Wisconsin - Madison FreeBSD Foundation Norfolk State University University of Wisconsin-Madison iCAST Pennsylvania State University USC Institute for Information Industry Purdue University UT Arlington Intel Research Berkeley Rutgers University UT Austin IntruGuard Devices, Inc. Sao Paulo State University UT Dallas Purple Streak Southern Illinois University Washington State University Secure64 Software Corp TU Berlin Washington University in St. Louis Skaion Corporation TU Darmstadt Western Michigan University SPARTA Texas A&M University Xiangnan University SRI International UC Berkeley Youngstown State University Telcordia Technologies 28
    • UCBttc: Example Project DETER Project Profile 29
    • Research done on DETER 2 2 2 3 3 23 3 Malware 4 Testing 5 Comprehensive DDoS 7 Testbeds Classes Infrastructure 23 11 Botnets Overlays Wireless Traceback Privacy 16 Spoofing 18 Spam 12 Multicast 30
    • Education on DETER http://www.isi.edu/deter/education • Special support for education projects – Recyclable student accounts, automated setup – Class hand-off – Special resource access control – Resource reservation • Shared exercise materials • Education usage so far Air Force Research Lab Sao Paolo State University Colorado State University UC Berkeley IIT Delhi UCLA Jordan University of S&T US ARMY School of IT Lehigh University University of Nebraska - Lincoln Santa Monica College University of Southern California Youngstown State University 31
    • Talk Outline • Long-term Vision: Advanced scientific instrument – Elevate the science of cybersecurity • Platform: Advanced testbed technology – Robust, diverse, and scalable experiments • Growing Community: Collaborative science – Effective and efficient sharing • Next Steps: DETECT – Program to catalyze cybersecurity research 32
    • What is an experiment? New definition • Events of interest • Background environment, domain-specific – Virtual topology (varies with phenomenon), could be dynamic, abstract, expresses needs and constraints – Cross-traffic, cross-events • Perhaps a defense • Scenario combining the above, domain-specific • Measurement tools, metrics of success, domain- specific • Research goals, domain-specific • Invariants (truths that must hold), domain-specific • A user specifies ONLY details of interest • Experiment description separate from deployment 33
    • DETECT: DETER Next Generation Abstract Elements Containers Federated Systems Description Embedder Assign Map Elements Interconnected Containers to Elements into Goals Abstract Distributed Containers Invariants Elements Resources Experiment Federation Creation System System • Increased testbed-wide expressiveness and control • Significantly expands the set of feasible & interesting experiments 34
    • New Capabilities New Abstractions New Security & (Advanced Control Algorithms Testbed Technology) (Advanced New Sharing Mechanisms Testbed Technology) Federated Systems Description Embedder Assign Map Elements Interconnected Containers to Elements into Goals Abstract Distributed Containers Invariants Elements Resources Experiment Federation Creation System System New Style of New Mapping New Resources Experiments Algorithms (New Domains) (Advanced (Advanced Scientific Instrument) Testbed Technology) New Domains 35
    • Advanced Scientific Instrument • Experiment abstraction: Decrease barrier, increase efficiency – Models – Recipes – Workbenches Elements Goals • Invariants: Language for behavior Invariants – Refinement – Validity management – Risky experiment management • Science of Repeatability 36
    • Experiment Health System Helps users understand their experiment’s behavior Generates, records and uses higher level knowledge about the experiment Services – Desired invariants Diagnostics & Analytics – Expected behavior Event Architecture Takes corrective or notification action ThirdEye if invariant is violated Diagnostics and Analysis Framework – Monitor invariants for Testbed Experiments – Trigger actions Captures invariants in exportable form for experiment reuse, repeatability and validation, etc. 37
    • Advanced Testbed Technologies • Focus: Virtualization and abstraction • Components: – Element = abstract representation of capability e.g., VM, SCADA Inter- simulation connected Abstract – Container = physical resources for Elements element realization e.g., emulation hardware, PC Map Assign • Flexible, multi-level abstractions Elements into Containers Containers to Distributed beyond VMs Resources – Fine-grained control for advanced users – Interfaces and extension mechanisms – Mapping/embedding challenges 38
    • New Specialization Domains • Botnets – Modeling multiple infection vectors – Characterizing propagation models – Incorporating recent discoveries © impactlab.com • Critical Infrastructure – Simulation packages as modules – Visualization – Integration with vulnerability data © reset.jp (S2TAR) • Wireless – Integration with emulators – Wireless/wired risky experiments ©geeksquad.com – Extend testbed with notions of mobility 39
    • Community Development • Content sharing support – Experiments, data, models, recipes – Class materials, recent research results, ideas • Shared spaces – Outreach: Conferences, tutorials, presentations – Share and connect: Website, exchange server, social networking tools – Common experiment description: Templates – Build community knowledge: domain-specific communities • Education support – NSF CCLI grant: develop hands-on exercises for classes – Capture-the-Flag exercises – Moodle server for classes on DETER 40
    • Experiment Templates Elements Goals Invariants • Graduated, visual, and powerful experiments • Domain-specific (DDoS, worm, botnet) capabilities • Built-in sharing capabilities 41
    • Enhanced Infrastructure • Efficiency and scalability – Configuration management and infrastructure protection – VLAN bandwidth (10Gbps) – VM models/archival capabilities • High-performance co-processing – NetFPGA node deployment – Hardware modules • Advanced O&M – Fault location and management – Integrate IPMI (Intelligent Platform Monitor Interface) for early detection of problems – Idleness detection and management 42
    • DETER Summary DETER project develops scientific methods and infrastructure for advancing security in identified hard problems • Six years of experience from multiple fronts – Operations – Research – Teaching • Significantly improved safety, utility and usability of testbeds so far • Exciting new developments planned, so stay tuned! 43
    • Thank you We’d love to hear your questions and comments! Jelena Mirkovic sunshine@isi.edu DETER Operations testbed-ops@isi.deterlab.net DETER project Web page http://www.isi.edu/deter DETER testbed Web page http://www.deterlab.net 44