SlideShare a Scribd company logo

The Science of Cyber Security Experimentation: The DETER Project

D
DETER-Project

Ms. Terry Benzel's keynote presentation slides at the Annual Security Applications Conference (ACSAC) on December 9, 2011. Ms. Benzel's presentation crystalizes many of the key concepts that she (principal investigator) and her team have been working on in The DETER Project (www.deter-project.org). It provides descriptions of the research focused on new transformational methods of increasing knowledge, incorporating higher level, semantic information about experiments, new approaches to scalable modeling and Emulation, and techniques for increasing the efficiency and efficacy of experimentation. Further described at: http://www.deter-project.org/blog/deter_-_keynote_address_acsac_key_new_web_site

Technology
1 of 52
Download to read offline
Terry  Benzel   USC  Information  Sciences  Institute   December  9,  2011   Annual  Computer  Security  Applications    Conference  
Large,    Complex,  Interconnected   Slow  to  evolve   Legacy  Subsytems   System  of  Systems   Connected  Cyber     Physical  Systems   2  
Weapons  evolve  rapidly  and  proliferate  widely   Asymmetric  warfare:                Attacks  from  anywhere,  with  unknown  weapons              Defenses  must  be  known,  effective,  affordable   3  
4  
¡  Solution  –  build  less  vulnerable  systems  to  begin   with!   ¡  Create  fundamental  understanding  and  reason   about  systems  through  experimental  means     ¡  Key  aspect  –  enable  science  based   experimentation     ¡  Hard  Problem     5  
1.  Have  an  idea  for  a  “new”  tool  that  would  “help”  security   2.  Program/assemble  the  tool  (the  majority  of  the  work)     3.  Put  it  on  your  local  net     4.  Attack  your  system     5.  Show  the  tool  repels  the  attack     6.  Write  up  “the  results”  and  open-­‐source  the  tool     7.  (optional)  Start  up  a  company  which  might  succeed   6  
¡  Perform  experimental  research  of  scale  and   complexity  sufficient  to  the  real  world     ¡  Extract  understanding  through    experimental   research   ¡   Collect,  leverage,  and  share  experimental   artifacts  and  learnings   7  
¡  Class  of  experimental  cyber  science  applied   to  sets  of  problems  -­‐  networked  cyber   systems  and  often  cyber  physical  networked   systems   ¡   Goal    -­‐  enable  experimental  cyber  science   aimed  at  study  of  behavior,  phenomena,   providing  fundamental  understanding   8  
¡  A  research  program:   §  To  advance  capabilities  for  experimental  cybersecurity   research   ¡  A  testbed  facility:   §  To  serve  as  a  publicly  available  national  resource…   §  …supporting  a  broad  base  of  users  and  experiments   §  …  and  act  as  a  technology  transfer  and  evangelization   vehicle  for  our  and  others’  research  in  experimental   methodology   ¡  A  community  building  activity:   §  To  foster  and  support  collaborative  science…   §  …effective  and  efficient  leverage  and  sharing  of   knowledge   9  
10  
¡  Advance  our  understanding  of  of  experimental   cybersecurity  science  and  methodologies   §  Enable  new  levels  of  rigor  and  repeatability     §  Transform  low  level  results  to  high  level  understanding     §  Broaden  the  domains  of  applicability   ¡  Advance  the  technology  of  experimental  infrastructure   §  Develop  technologies  with  new  levels  of  function,   applicability,  and  scale   ¡  Share  knowledge,  results,  and  operational  capability   §  Facility,  data  and  tools     §  Community  and  knowledge     11  
  Knowledge       Scale   Engage     The  User   12  
Knowledge   13  
¡  The  problem:   §  Today’s  testbed  technologies  understand  the  syntax   of  experiments,  but  have  no  awareness  of  higher  level   knowledge  or  semantics.   ¡  The  challenge:   §  Incorporate  higher  level,  semantic  information  about   experiments  and  scenarios  into  our  systems  and  tools,   and   §  Use  this  knowledge  to  improve  research  quality  and   understanding.   14  
¡  Uses  higher  level  knowledge  about  the   scenario   §  Required  invariants  (things  that  must  be  true  for   the  experiment  to  be  valid)   §  Expected  behavior   ¡  Takes  corrective  or  notification  action  if   invariant  is  violated   §  Monitor  invariants   §  Trigger  actions   15  
¡  Captures  invariants  in  explicit  form  for   experiment  reuse,  repeatability  and  validation,   etc.   ¡  Must  be  true  for  experiment  to  be  valid   ¡  High  level  testing  of  invariants  –   §   Understanding  against  data  sets   §   Against    constraints/invariants   ¡  Also  questions  of  modeling  and  scale  –     §  Researcher  intuition  expressed  as  checkable   invariants   ¡  Specification  for  sharing   16  
Test  it  on   Define   data     behavior     E xperiment  data  is   Semantic   input  as  normalized   Models  drive   S emantic events . vis ualization  over   Analysis   Vis ualiz ation data. Framework   Gain   Understanding     17  
18  
Scenarios  are  captured  by   ¡  Environment  –  the  conditions  of  the  scenario   §  Virtual  topology  (varies  with  phenomenon),  could  be   dynamic,  abstract,  expresses  needs  and  constraints   §  Traffic,  cross-­‐traffic,  cross-­‐events,  human  actions,  etc.   ¡  Workflow  –  Occurrences  and  events  of  interest   ¡  Invariants  –  truths  that  must  hold  for  correctness   19  
Scalable   20  
¡  The  problem:   §  Traditional  testbeds  can  model  and  emulate  small   systems  at  a  fixed  level  of  fidelity.   ¡  The  challenge:   §  Many  real  problems  require  modeling  of  large,   complex  systems  at  an  appropriate  (“good  enough”)   level  of  fidelity.   §  That  level  may  be  different  for  different  parts  of  the   modeled  system.   §  Think  of  this  as  “smearing  the  computation  power   around  to  just  where  it’s  needed”.   21  
22  
Command & Victim Control (VMs) Victim (Physical Host) Command & Control Network (VMs) Network 23  
Abstract  Elements     Containers   Interconn-­‐   Map   Assign   ected   Elements   Containers   Abstract   to   to   Elements   Containers   Resources   Federation   Federated   Description   Embedder   System   Systems   ¡  Abstract  the  “node”  concept  to  multiple  classes  of   containers   ¡  Support  wide  range  of  scalability-­‐fidelity  tradeoffs   §  Apply  computational  resources  to  key  dimensions  for   specific  problem  space   24  
Server   Computer   Apache     8  GB  Mem   2.2   4  CPUs   Server   Apache     2.2   Routers Production Threaded Full Software in VMs Emulation Computer 25  
BGP Security Worm Propagation 26  
¡  On-­‐demand  creation   of  experimental  scenarios   spanning   multiple,  independently   controlled  facilities   ¡  Goals  and  Benefits   §  Scale   §  Access  to  unique  resources   §  Accommodation  of  usage  policy   constraints   §  Data  &  knowledge  sharing   §  Information  hiding   27
Picture:  the  DETER  Federation  Architecture  –  mid-­‐2010  version    –  http://fedd.isi.deterlab.net     •  Scenario Description •  Embedding •  Resource Control •  Resource Description •   Planning •  Policy, Authentication" •  Constraint Resolution • Sequencing and Authorization   28  
Engaging  the  User   29  
¡  The  problem:   §  Today’s  testbed  technologies  provide  limited   support  for  complex  user  tasks,  thus,  hampering   system  of  system  level  experimentation  and   reasoning.       ¡  The  challenge:   §  Develop  methodologies  to  leverage  knowledge,   understanding,  and  semantics,  through   development  environments,  composition  and   sharing.       30  
•  Graduated,  visual,  and  powerful  experiments   •  Domain-­‐specific  (DDoS,  worm,  botnet)  capabilities   •  Built-­‐in  sharing  capabilities   31  
§  Most  testbed  tools  focus  on  creating  and  running   an  experiment.  Much  less  attention  is  paid  to   other  important  steps  in  the  process   §  Develop  a  model  for  workflow  over  the  full   lifecycle  of  an  experiment,  and  capture  that   model  in  methodologies  and  tools   32  
¡  Key  Observation:  isomorphism  to   software  engineering  lifecycle   ¡  Implementation  Approach:  Leverage   Eclipse   §  Repurpose  tested  SWE  methodologies   §  Build  on  20M+    lines  of  code   33  
Repository  of  Reusable   Components   34  
Repository  of  Reusable  Components       Vary  parameters   per  component   35  
BGP Security Worm Propagation 36  
37  
¡  Testbeds  must  model  impact  of  human  activity  in  repeatable   experiments   §  Provide  more  realistic  behavior  for  testing  security  tools   §  But  real  humans  are  expensive  and  non-­‐repeatable   ¡  Model  goal-­‐directed  team  activity   §  Measure  impact  of  an  attack  on  team  goals   §  Model  impact  of  organization  structure   ¡  Model  certain  human  characteristics   §  Propensity  to  make  mistakes   §  Aspects  of  physiology,  (soon:  emotion,  bounded  rationality)   §  Flexibility  to  changing  conditions   ¡  Configurable  tool  for  experimenters   38  
The  Facility   39  
A  general  purpose,  flexible  platform  for  modeling,   emulation,  and  controlled  study  of  large,  complex   networked  systems     §  Elements  located  at  USC/ISI  (Los  Angeles),  UC  Berkeley,   and  USC/ISI  (Arlington,  VA)   §  Funded  by  NSF  and  DHS,  started  in  2003   §  Based  on  Emulab  software,  with  focus  on  security   experimentation   §  Shared  resource  –  multiple  simultaneous  experiments   subject  to  resource  constraints   §  Open  to  academic,  industrial,  govt  researchers  essentially   worldwide  –  very  lightweight  approval  process   40  
  ¡   ~440  PC-­‐based  nodes   •  Berkeley,  CA  -­‐  ~200  Nodes   •  Los  Angeles,  CA  -­‐  220   Nodes   •  Arlington,  VA  –  20  Nodes     ¡  Interconnect  (2010)   •  1  Gb/s  –  LA-­‐UCB   •  1-­‐10  Gb/s  LA-­‐Arlington   ¡  Local  and  Remote  access   41  
High-­‐performance  co-­‐processing       •  NetFPGA-­‐based  node   deployment   •  Dedicated  hardware  modules,   e.g.,  packet  monitors   Efficiency  and  scalability     •  Increased  VLAN  bandwidth   (10Gbps  +)     •  Configuration  management   and  infrastructure  protection   42  
¡  Technical  elements     §  DETER  Core   §  Scalable  Modeling  and  Emulation   §  Federation   §  Leveraging  Understanding  and  Semantics   §  Risky  Experiment  Management   §  Multiparty  Experiments   §  Experiment  Lifecycle  Management   43  
DETER  Core   44  
45  
•  Content  sharing  support   –  Experiments,  data,  models,  recipes   –  Class  materials,  recent  research  results,  ideas   •  Shared  spaces     –  Outreach:  Conferences,  tutorials,  presentations     –  Share  and  connect:  Website,  exchange  server   –  Common  experiment  description:  Templates   –  Build  community  knowledge:  domain-­‐specific  communities   •  Education  support   –  NSF  CCLI  grant:  develop  hands-­‐on  exercises  for  classes   –  Moodle  server  for  classes  on  DETER   46  
Academia   UC  Irvine     Government   Carnegie  Mellon  University                                                       UC  Santa  Cruz                                                                                 Air  Force  Research  Laboratory   Columbia  University                                                                     UCLA                                                                                                   DARPA   Cornell  University                                                                       UCSD                                                                                                   Lawrence  Berkeley  National  Lab       Dalhousie  University                                                                   UIUC                                                                                                   Naval  Postgraduate  School         DePaul  University                                                                         UNC  Chapel  Hill                                                                             Sandia  National  Laboratories                                                   George  Mason  University                                                             UNC  Charlotte                                                                                 Industry   Georgia  State  University                                                           Universidad  Michoacana  de  San  Nicolas   Agnik,  LLC                                                                                       Hokuriku  Research  Center                                                           Universita  di  Pisa                                                                       Aerospace  Corporation   ICSI                                                                                                   University  of  Advancing  Technology                                       Backbone  Security                                                                         IIT  Delhi   University  of  Illinois,  Urbana-­‐Champaign                           BAE  Systems,  Inc.                                                                         IRTT                                                                                                   University  of  Maryland                                                               BBN                                                                                                     ISI   University  of  Massachusetts                                                     Bell  Labs   Johns  Hopkins  University                                                           University  of  Oregon                                                                   Cs3  Inc.                                                                                           Lehigh  University                                                                         University  of  Southern  Callfornia                                           Distributed  Infinity  Inc.                                                         MIT                                                                                                     University  of  Washington                                                           EADS  Innovation  Works                                                         New  Jersey  Institute  of  Technology                                       University  of  Wisconsin  -­‐  Madison                                         FreeBSD  Foundation   Norfolk  State  University                                                           USC   iCAST   Pennsylvania  State  University                                                 UT  Arlington                                                                                   Institute  for  Information  Industry                                       Purdue  University                                                                         UT  Austin                                                                                         Intel  Research  Berkeley       Rutgers  University                                                                       UT  Dallas                                                                                         IntruGuard  Devices,  Inc.                                                           Sao  Paulo  State  University   Washington  State  University                                                     Purple  Streak                                                                                 Southern  Illinois  University   Washington  University  in  St.  Louis                                       Secure64  Software  Corp                                                               TU  Berlin                                                     Western  Michigan  University                                                     Skaion  Corporation                                                                       TU  Darmstadt                                             Xiangnan  University   SPARTA   Texas  A&M  University                                                                   Youngstown  State  University   SRI  International                                                                         UC  Berkeley   Telcordia  Technologies   UC  Davis     47  
!"#$$% !&'()*+*,$-.*% //&0% 1*$23*4$% 5,2)6$-&,$% 7.#"6#8&,% 9):+-2*:26)*% 5,;)#$2)6:26)*% <#"=#)*% >&2,*2$% ?&)'$% @&68,A% 5,2*),#"% B.*)"#C$% D)-.#:C% 0(&&E,A% 48  
¡  Hands  on  exercises   ¡  Students  gain  from  direct  observation  of   attacks  and  interaction     ¡  Pre  packaged  for  both  student  and  teacher   §  Buffer  overflows,  command-­‐injection,  middle-­‐in-­‐ the-­‐middle,  worm  modeling,  botnets,  and  DoS   ¡  Facility  support  for  class  administration     49  
50  
¡  Transformative  research  and  facility  for  cyber   security  R&D   ¡  Experimental  science:   §  Fostering  fundamental    understanding  world   complexity     ¡  Contribution  transformation  of  field     ¡  Proactive  robustness  and  away  from  reactive   security   51  
¡  Growing  DETER  Community  increasingly   engaged  in  experimental  science  of  cyber   security   ¡  Collaboration  key  part  of  DETER  mission   §  DETERLab  and    new  scientific   experimentation     Join  us   http://deter-­‐project.org/     52  

Recommended

Intrusion Alert Correlation
Intrusion Alert CorrelationIntrusion Alert Correlation
Intrusion Alert Correlation
amiable_indian
 
U.S. Nuclear Facilities - Annie Kammerer
U.S. Nuclear Facilities - Annie KammererU.S. Nuclear Facilities - Annie Kammerer
U.S. Nuclear Facilities - Annie Kammerer
EERI
 
Finding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection ExploitsFinding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection Exploits
amiable_indian
 
P24120125
P24120125P24120125
P24120125
IJERA Editor
 
Current Developments in DETER Cybersecurity Testbed Technology
Current Developments in DETER Cybersecurity Testbed TechnologyCurrent Developments in DETER Cybersecurity Testbed Technology
Current Developments in DETER Cybersecurity Testbed Technology
DETER-Project
 
Dissertacao_ARCA_Alerts_Root_Cause_Analysis-versao-impressao-20150408
Dissertacao_ARCA_Alerts_Root_Cause_Analysis-versao-impressao-20150408Dissertacao_ARCA_Alerts_Root_Cause_Analysis-versao-impressao-20150408
Dissertacao_ARCA_Alerts_Root_Cause_Analysis-versao-impressao-20150408
Daniel Araújo Melo
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
amiable_indian
 
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
imec.archive
 

Recommended

Intrusion Alert Correlation
Intrusion Alert CorrelationIntrusion Alert Correlation
Intrusion Alert Correlation
amiable_indian
 
U.S. Nuclear Facilities - Annie Kammerer
U.S. Nuclear Facilities - Annie KammererU.S. Nuclear Facilities - Annie Kammerer
U.S. Nuclear Facilities - Annie Kammerer
EERI
 
Finding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection ExploitsFinding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection Exploits
amiable_indian
 
P24120125
P24120125P24120125
P24120125
IJERA Editor
 
Current Developments in DETER Cybersecurity Testbed Technology
Current Developments in DETER Cybersecurity Testbed TechnologyCurrent Developments in DETER Cybersecurity Testbed Technology
Current Developments in DETER Cybersecurity Testbed Technology
DETER-Project
 
Dissertacao_ARCA_Alerts_Root_Cause_Analysis-versao-impressao-20150408
Dissertacao_ARCA_Alerts_Root_Cause_Analysis-versao-impressao-20150408Dissertacao_ARCA_Alerts_Root_Cause_Analysis-versao-impressao-20150408
Dissertacao_ARCA_Alerts_Root_Cause_Analysis-versao-impressao-20150408
Daniel Araújo Melo
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
amiable_indian
 
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
imec.archive
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network Testbeds
DETER-Project
 
The Science of Cyber Security Experimentation: The DETER Project
The Science of Cyber Security Experimentation: The DETER ProjectThe Science of Cyber Security Experimentation: The DETER Project
The Science of Cyber Security Experimentation: The DETER Project
DETER-Project
 
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
DETER-Project
 
Clase 1era introducción 1
Clase 1era introducción 1Clase 1era introducción 1
Clase 1era introducción 1
JOSE PILLACA CUYA
 
The DETER Project: Advancing the Science of Cyber Security Experimentation an...
The DETER Project: Advancing the Science of Cyber Security Experimentation an...The DETER Project: Advancing the Science of Cyber Security Experimentation an...
The DETER Project: Advancing the Science of Cyber Security Experimentation an...
DETER-Project
 
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsIn Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
DETER-Project
 
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
DETER-Project
 
Puentes 2016 ing. arturo rodríguez serquén
Puentes 2016 ing. arturo rodríguez serquénPuentes 2016 ing. arturo rodríguez serquén
Puentes 2016 ing. arturo rodríguez serquén
JOSE PILLACA CUYA
 
Millionaire ph
Millionaire phMillionaire ph
Millionaire ph
Henry Garcia
 
Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...
DETER-Project
 
Taking Care of Yourself -- Even When It's Tough
Taking Care of Yourself -- Even When It's ToughTaking Care of Yourself -- Even When It's Tough
Taking Care of Yourself -- Even When It's Tough
LinkedIn
 
Women Changing the Course of History
Women Changing the Course of HistoryWomen Changing the Course of History
Women Changing the Course of History
LinkedIn
 
Explanation in the Semantic Web
Explanation in the Semantic WebExplanation in the Semantic Web
Explanation in the Semantic Web
Rakebul Hasan
 
Week 11 12 chap11 c-2
Week 11 12 chap11 c-2Week 11 12 chap11 c-2
Week 11 12 chap11 c-2
Zahir Reza
 
11 expert systems___applied
11 expert systems___applied11 expert systems___applied
11 expert systems___applied
Sachin Sharma
 
Splunk September 2023 User Group PDX.pdf
Splunk September 2023 User Group PDX.pdfSplunk September 2023 User Group PDX.pdf
Splunk September 2023 User Group PDX.pdf
Amanda Richardson
 
Thesis Proposal
Thesis ProposalThesis Proposal
Thesis Proposal
Michele Guglielmi
 
Situation based analysis and control for supporting Event-web applications
Situation based analysis and control for supporting Event-web applicationsSituation based analysis and control for supporting Event-web applications
Situation based analysis and control for supporting Event-web applications
Vivek Singh
 
Hsis2005 Geospatial Nomadeyes Full
Hsis2005 Geospatial Nomadeyes FullHsis2005 Geospatial Nomadeyes Full
Hsis2005 Geospatial Nomadeyes Full
martindudziak
 
Sep2009 Introduction to Medical Expert Decision Support Systems for Mayo Clinic
Sep2009 Introduction to Medical Expert Decision Support Systems for Mayo ClinicSep2009 Introduction to Medical Expert Decision Support Systems for Mayo Clinic
Sep2009 Introduction to Medical Expert Decision Support Systems for Mayo Clinic
doc_vogt
 
Supporting Emergence: Interaction Design for Visual Analytics Approach to ESDA
Supporting Emergence: Interaction Design for Visual Analytics Approach to ESDASupporting Emergence: Interaction Design for Visual Analytics Approach to ESDA
Supporting Emergence: Interaction Design for Visual Analytics Approach to ESDA
Jesse Lingeman
 
Where Does It Break?
Where Does It Break?Where Does It Break?
Where Does It Break?
Frank van Harmelen
 

More Related Content

Viewers also liked

Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network Testbeds
DETER-Project
 
The Science of Cyber Security Experimentation: The DETER Project
The Science of Cyber Security Experimentation: The DETER ProjectThe Science of Cyber Security Experimentation: The DETER Project
The Science of Cyber Security Experimentation: The DETER Project
DETER-Project
 
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
DETER-Project
 
Clase 1era introducción 1
Clase 1era introducción 1Clase 1era introducción 1
Clase 1era introducción 1
JOSE PILLACA CUYA
 
The DETER Project: Advancing the Science of Cyber Security Experimentation an...
The DETER Project: Advancing the Science of Cyber Security Experimentation an...The DETER Project: Advancing the Science of Cyber Security Experimentation an...
The DETER Project: Advancing the Science of Cyber Security Experimentation an...
DETER-Project
 
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsIn Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
DETER-Project
 
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
DETER-Project
 
Puentes 2016 ing. arturo rodríguez serquén
Puentes 2016 ing. arturo rodríguez serquénPuentes 2016 ing. arturo rodríguez serquén
Puentes 2016 ing. arturo rodríguez serquén
JOSE PILLACA CUYA
 
Millionaire ph
Millionaire phMillionaire ph
Millionaire ph
Henry Garcia
 
Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...
DETER-Project
 
Taking Care of Yourself -- Even When It's Tough
Taking Care of Yourself -- Even When It's ToughTaking Care of Yourself -- Even When It's Tough
Taking Care of Yourself -- Even When It's Tough
LinkedIn
 
Women Changing the Course of History
Women Changing the Course of HistoryWomen Changing the Course of History
Women Changing the Course of History
LinkedIn
 

Viewers also liked (12)

Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network Testbeds
 
The Science of Cyber Security Experimentation: The DETER Project
The Science of Cyber Security Experimentation: The DETER ProjectThe Science of Cyber Security Experimentation: The DETER Project
The Science of Cyber Security Experimentation: The DETER Project
 
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
 
Clase 1era introducción 1
Clase 1era introducción 1Clase 1era introducción 1
Clase 1era introducción 1
 
The DETER Project: Advancing the Science of Cyber Security Experimentation an...
The DETER Project: Advancing the Science of Cyber Security Experimentation an...The DETER Project: Advancing the Science of Cyber Security Experimentation an...
The DETER Project: Advancing the Science of Cyber Security Experimentation an...
 
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsIn Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
 
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
 
Puentes 2016 ing. arturo rodríguez serquén
Puentes 2016 ing. arturo rodríguez serquénPuentes 2016 ing. arturo rodríguez serquén
Puentes 2016 ing. arturo rodríguez serquén
 
Millionaire ph
Millionaire phMillionaire ph
Millionaire ph
 
Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...
 
Taking Care of Yourself -- Even When It's Tough
Taking Care of Yourself -- Even When It's ToughTaking Care of Yourself -- Even When It's Tough
Taking Care of Yourself -- Even When It's Tough
 
Women Changing the Course of History
Women Changing the Course of HistoryWomen Changing the Course of History
Women Changing the Course of History
 

Similar to The Science of Cyber Security Experimentation: The DETER Project

Explanation in the Semantic Web
Explanation in the Semantic WebExplanation in the Semantic Web
Explanation in the Semantic Web
Rakebul Hasan
 
Week 11 12 chap11 c-2
Week 11 12 chap11 c-2Week 11 12 chap11 c-2
Week 11 12 chap11 c-2
Zahir Reza
 
11 expert systems___applied
11 expert systems___applied11 expert systems___applied
11 expert systems___applied
Sachin Sharma
 
Splunk September 2023 User Group PDX.pdf
Splunk September 2023 User Group PDX.pdfSplunk September 2023 User Group PDX.pdf
Splunk September 2023 User Group PDX.pdf
Amanda Richardson
 
Thesis Proposal
Thesis ProposalThesis Proposal
Thesis Proposal
Michele Guglielmi
 
Situation based analysis and control for supporting Event-web applications
Situation based analysis and control for supporting Event-web applicationsSituation based analysis and control for supporting Event-web applications
Situation based analysis and control for supporting Event-web applications
Vivek Singh
 
Hsis2005 Geospatial Nomadeyes Full
Hsis2005 Geospatial Nomadeyes FullHsis2005 Geospatial Nomadeyes Full
Hsis2005 Geospatial Nomadeyes Full
martindudziak
 
Sep2009 Introduction to Medical Expert Decision Support Systems for Mayo Clinic
Sep2009 Introduction to Medical Expert Decision Support Systems for Mayo ClinicSep2009 Introduction to Medical Expert Decision Support Systems for Mayo Clinic
Sep2009 Introduction to Medical Expert Decision Support Systems for Mayo Clinic
doc_vogt
 
Supporting Emergence: Interaction Design for Visual Analytics Approach to ESDA
Supporting Emergence: Interaction Design for Visual Analytics Approach to ESDASupporting Emergence: Interaction Design for Visual Analytics Approach to ESDA
Supporting Emergence: Interaction Design for Visual Analytics Approach to ESDA
Jesse Lingeman
 
Where Does It Break?
Where Does It Break?Where Does It Break?
Where Does It Break?
Frank van Harmelen
 
Supporting Inter-Organizational Situation Assessment in Crisis Management
Supporting Inter-Organizational Situation Assessment in Crisis ManagementSupporting Inter-Organizational Situation Assessment in Crisis Management
Supporting Inter-Organizational Situation Assessment in Crisis Management
Torben Wiedenhoefer
 
Cloud Economics in Training and Simulation
Cloud Economics in Training and SimulationCloud Economics in Training and Simulation
Cloud Economics in Training and Simulation
Nane Kratzke
 
Knowledge management for integrative omics data analysis
Knowledge management for integrative omics data analysisKnowledge management for integrative omics data analysis
Knowledge management for integrative omics data analysis
COST action BM1006
 
Cloud Economics in Training and Simulation
Cloud Economics in Training and SimulationCloud Economics in Training and Simulation
Cloud Economics in Training and Simulation
Nane Kratzke
 
Wf4Ever: Work!ows for Methodology and Science Preservation
Wf4Ever: Work!ows for Methodology and Science PreservationWf4Ever: Work!ows for Methodology and Science Preservation
Wf4Ever: Work!ows for Methodology and Science Preservation
Joint ALMA Observatory
 
g-Social - Enhancing e-Science Tools with Social Networking Functionality
g-Social - Enhancing e-Science Tools with Social Networking Functionalityg-Social - Enhancing e-Science Tools with Social Networking Functionality
g-Social - Enhancing e-Science Tools with Social Networking Functionality
Nicholas Loulloudes
 
Gerald.mulenburg
Gerald.mulenburgGerald.mulenburg
Gerald.mulenburg
NASAPMC
 
Velocity 2010: Scalable Internet Architectures
Velocity 2010: Scalable Internet ArchitecturesVelocity 2010: Scalable Internet Architectures
Velocity 2010: Scalable Internet Architectures
Theo Schlossnagle
 
Edge-based Discovery of Training Data for Machine Learning
Edge-based Discovery of Training Data for Machine LearningEdge-based Discovery of Training Data for Machine Learning
Edge-based Discovery of Training Data for Machine Learning
Ziqiang Feng
 
Unit I & II in Principles of Soft computing
Unit I & II in Principles of Soft computing Unit I & II in Principles of Soft computing
Unit I & II in Principles of Soft computing
Sivagowry Shathesh
 

Similar to The Science of Cyber Security Experimentation: The DETER Project (20)

Explanation in the Semantic Web
Explanation in the Semantic WebExplanation in the Semantic Web
Explanation in the Semantic Web
 
Week 11 12 chap11 c-2
Week 11 12 chap11 c-2Week 11 12 chap11 c-2
Week 11 12 chap11 c-2
 
11 expert systems___applied
11 expert systems___applied11 expert systems___applied
11 expert systems___applied
 
Splunk September 2023 User Group PDX.pdf
Splunk September 2023 User Group PDX.pdfSplunk September 2023 User Group PDX.pdf
Splunk September 2023 User Group PDX.pdf
 
Thesis Proposal
Thesis ProposalThesis Proposal
Thesis Proposal
 
Situation based analysis and control for supporting Event-web applications
Situation based analysis and control for supporting Event-web applicationsSituation based analysis and control for supporting Event-web applications
Situation based analysis and control for supporting Event-web applications
 
Hsis2005 Geospatial Nomadeyes Full
Hsis2005 Geospatial Nomadeyes FullHsis2005 Geospatial Nomadeyes Full
Hsis2005 Geospatial Nomadeyes Full
 
Sep2009 Introduction to Medical Expert Decision Support Systems for Mayo Clinic
Sep2009 Introduction to Medical Expert Decision Support Systems for Mayo ClinicSep2009 Introduction to Medical Expert Decision Support Systems for Mayo Clinic
Sep2009 Introduction to Medical Expert Decision Support Systems for Mayo Clinic
 
Supporting Emergence: Interaction Design for Visual Analytics Approach to ESDA
Supporting Emergence: Interaction Design for Visual Analytics Approach to ESDASupporting Emergence: Interaction Design for Visual Analytics Approach to ESDA
Supporting Emergence: Interaction Design for Visual Analytics Approach to ESDA
 
Where Does It Break?
Where Does It Break?Where Does It Break?
Where Does It Break?
 
Supporting Inter-Organizational Situation Assessment in Crisis Management
Supporting Inter-Organizational Situation Assessment in Crisis ManagementSupporting Inter-Organizational Situation Assessment in Crisis Management
Supporting Inter-Organizational Situation Assessment in Crisis Management
 
Cloud Economics in Training and Simulation
Cloud Economics in Training and SimulationCloud Economics in Training and Simulation
Cloud Economics in Training and Simulation
 
Knowledge management for integrative omics data analysis
Knowledge management for integrative omics data analysisKnowledge management for integrative omics data analysis
Knowledge management for integrative omics data analysis
 
Cloud Economics in Training and Simulation
Cloud Economics in Training and SimulationCloud Economics in Training and Simulation
Cloud Economics in Training and Simulation
 
Wf4Ever: Work!ows for Methodology and Science Preservation
Wf4Ever: Work!ows for Methodology and Science PreservationWf4Ever: Work!ows for Methodology and Science Preservation
Wf4Ever: Work!ows for Methodology and Science Preservation
 
g-Social - Enhancing e-Science Tools with Social Networking Functionality
g-Social - Enhancing e-Science Tools with Social Networking Functionalityg-Social - Enhancing e-Science Tools with Social Networking Functionality
g-Social - Enhancing e-Science Tools with Social Networking Functionality
 
Gerald.mulenburg
Gerald.mulenburgGerald.mulenburg
Gerald.mulenburg
 
Velocity 2010: Scalable Internet Architectures
Velocity 2010: Scalable Internet ArchitecturesVelocity 2010: Scalable Internet Architectures
Velocity 2010: Scalable Internet Architectures
 
Edge-based Discovery of Training Data for Machine Learning
Edge-based Discovery of Training Data for Machine LearningEdge-based Discovery of Training Data for Machine Learning
Edge-based Discovery of Training Data for Machine Learning
 
Unit I & II in Principles of Soft computing
Unit I & II in Principles of Soft computing Unit I & II in Principles of Soft computing
Unit I & II in Principles of Soft computing
 

Recently uploaded

Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 

Recently uploaded (20)

Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 

The Science of Cyber Security Experimentation: The DETER Project

  • 1. Terry  Benzel   USC  Information  Sciences  Institute   December  9,  2011   Annual  Computer  Security  Applications    Conference  
  • 2. Large,    Complex,  Interconnected   Slow  to  evolve   Legacy  Subsytems   System  of  Systems   Connected  Cyber     Physical  Systems   2  
  • 3. Weapons  evolve  rapidly  and  proliferate  widely   Asymmetric  warfare:                Attacks  from  anywhere,  with  unknown  weapons              Defenses  must  be  known,  effective,  affordable   3  
  • 5. ¡  Solution  –  build  less  vulnerable  systems  to  begin   with!   ¡  Create  fundamental  understanding  and  reason   about  systems  through  experimental  means     ¡  Key  aspect  –  enable  science  based   experimentation     ¡  Hard  Problem     5  
  • 6. 1.  Have  an  idea  for  a  “new”  tool  that  would  “help”  security   2.  Program/assemble  the  tool  (the  majority  of  the  work)     3.  Put  it  on  your  local  net     4.  Attack  your  system     5.  Show  the  tool  repels  the  attack     6.  Write  up  “the  results”  and  open-­‐source  the  tool     7.  (optional)  Start  up  a  company  which  might  succeed   6  
  • 7. ¡  Perform  experimental  research  of  scale  and   complexity  sufficient  to  the  real  world     ¡  Extract  understanding  through    experimental   research   ¡   Collect,  leverage,  and  share  experimental   artifacts  and  learnings   7  
  • 8. ¡  Class  of  experimental  cyber  science  applied   to  sets  of  problems  -­‐  networked  cyber   systems  and  often  cyber  physical  networked   systems   ¡   Goal    -­‐  enable  experimental  cyber  science   aimed  at  study  of  behavior,  phenomena,   providing  fundamental  understanding   8  
  • 9. ¡  A  research  program:   §  To  advance  capabilities  for  experimental  cybersecurity   research   ¡  A  testbed  facility:   §  To  serve  as  a  publicly  available  national  resource…   §  …supporting  a  broad  base  of  users  and  experiments   §  …  and  act  as  a  technology  transfer  and  evangelization   vehicle  for  our  and  others’  research  in  experimental   methodology   ¡  A  community  building  activity:   §  To  foster  and  support  collaborative  science…   §  …effective  and  efficient  leverage  and  sharing  of   knowledge   9  
  • 10. 10  
  • 11. ¡  Advance  our  understanding  of  of  experimental   cybersecurity  science  and  methodologies   §  Enable  new  levels  of  rigor  and  repeatability     §  Transform  low  level  results  to  high  level  understanding     §  Broaden  the  domains  of  applicability   ¡  Advance  the  technology  of  experimental  infrastructure   §  Develop  technologies  with  new  levels  of  function,   applicability,  and  scale   ¡  Share  knowledge,  results,  and  operational  capability   §  Facility,  data  and  tools     §  Community  and  knowledge     11  
  • 12.   Knowledge       Scale   Engage     The  User   12  
  • 13. Knowledge   13  
  • 14. ¡  The  problem:   §  Today’s  testbed  technologies  understand  the  syntax   of  experiments,  but  have  no  awareness  of  higher  level   knowledge  or  semantics.   ¡  The  challenge:   §  Incorporate  higher  level,  semantic  information  about   experiments  and  scenarios  into  our  systems  and  tools,   and   §  Use  this  knowledge  to  improve  research  quality  and   understanding.   14  
  • 15. ¡  Uses  higher  level  knowledge  about  the   scenario   §  Required  invariants  (things  that  must  be  true  for   the  experiment  to  be  valid)   §  Expected  behavior   ¡  Takes  corrective  or  notification  action  if   invariant  is  violated   §  Monitor  invariants   §  Trigger  actions   15  
  • 16. ¡  Captures  invariants  in  explicit  form  for   experiment  reuse,  repeatability  and  validation,   etc.   ¡  Must  be  true  for  experiment  to  be  valid   ¡  High  level  testing  of  invariants  –   §   Understanding  against  data  sets   §   Against    constraints/invariants   ¡  Also  questions  of  modeling  and  scale  –     §  Researcher  intuition  expressed  as  checkable   invariants   ¡  Specification  for  sharing   16  
  • 17. Test  it  on   Define   data     behavior     E xperiment  data  is   Semantic   input  as  normalized   Models  drive   S emantic events . vis ualization  over   Analysis   Vis ualiz ation data. Framework   Gain   Understanding     17  
  • 18. 18  
  • 19. Scenarios  are  captured  by   ¡  Environment  –  the  conditions  of  the  scenario   §  Virtual  topology  (varies  with  phenomenon),  could  be   dynamic,  abstract,  expresses  needs  and  constraints   §  Traffic,  cross-­‐traffic,  cross-­‐events,  human  actions,  etc.   ¡  Workflow  –  Occurrences  and  events  of  interest   ¡  Invariants  –  truths  that  must  hold  for  correctness   19  
  • 20. Scalable   20  
  • 21. ¡  The  problem:   §  Traditional  testbeds  can  model  and  emulate  small   systems  at  a  fixed  level  of  fidelity.   ¡  The  challenge:   §  Many  real  problems  require  modeling  of  large,   complex  systems  at  an  appropriate  (“good  enough”)   level  of  fidelity.   §  That  level  may  be  different  for  different  parts  of  the   modeled  system.   §  Think  of  this  as  “smearing  the  computation  power   around  to  just  where  it’s  needed”.   21  
  • 22. 22  
  • 23. Command & Victim Control (VMs) Victim (Physical Host) Command & Control Network (VMs) Network 23  
  • 24. Abstract  Elements     Containers   Interconn-­‐   Map   Assign   ected   Elements   Containers   Abstract   to   to   Elements   Containers   Resources   Federation   Federated   Description   Embedder   System   Systems   ¡  Abstract  the  “node”  concept  to  multiple  classes  of   containers   ¡  Support  wide  range  of  scalability-­‐fidelity  tradeoffs   §  Apply  computational  resources  to  key  dimensions  for   specific  problem  space   24  
  • 25. Server   Computer   Apache     8  GB  Mem   2.2   4  CPUs   Server   Apache     2.2   Routers Production Threaded Full Software in VMs Emulation Computer 25  
  • 26. BGP Security Worm Propagation 26  
  • 27. ¡  On-­‐demand  creation   of  experimental  scenarios   spanning   multiple,  independently   controlled  facilities   ¡  Goals  and  Benefits   §  Scale   §  Access  to  unique  resources   §  Accommodation  of  usage  policy   constraints   §  Data  &  knowledge  sharing   §  Information  hiding   27
  • 28. Picture:  the  DETER  Federation  Architecture  –  mid-­‐2010  version    –  http://fedd.isi.deterlab.net     •  Scenario Description •  Embedding •  Resource Control •  Resource Description •   Planning •  Policy, Authentication" •  Constraint Resolution • Sequencing and Authorization   28  
  • 30. ¡  The  problem:   §  Today’s  testbed  technologies  provide  limited   support  for  complex  user  tasks,  thus,  hampering   system  of  system  level  experimentation  and   reasoning.       ¡  The  challenge:   §  Develop  methodologies  to  leverage  knowledge,   understanding,  and  semantics,  through   development  environments,  composition  and   sharing.       30  
  • 31. •  Graduated,  visual,  and  powerful  experiments   •  Domain-­‐specific  (DDoS,  worm,  botnet)  capabilities   •  Built-­‐in  sharing  capabilities   31  
  • 32. §  Most  testbed  tools  focus  on  creating  and  running   an  experiment.  Much  less  attention  is  paid  to   other  important  steps  in  the  process   §  Develop  a  model  for  workflow  over  the  full   lifecycle  of  an  experiment,  and  capture  that   model  in  methodologies  and  tools   32  
  • 33. ¡  Key  Observation:  isomorphism  to   software  engineering  lifecycle   ¡  Implementation  Approach:  Leverage   Eclipse   §  Repurpose  tested  SWE  methodologies   §  Build  on  20M+    lines  of  code   33  
  • 34. Repository  of  Reusable   Components   34  
  • 35. Repository  of  Reusable  Components       Vary  parameters   per  component   35  
  • 36. BGP Security Worm Propagation 36  
  • 37. 37  
  • 38. ¡  Testbeds  must  model  impact  of  human  activity  in  repeatable   experiments   §  Provide  more  realistic  behavior  for  testing  security  tools   §  But  real  humans  are  expensive  and  non-­‐repeatable   ¡  Model  goal-­‐directed  team  activity   §  Measure  impact  of  an  attack  on  team  goals   §  Model  impact  of  organization  structure   ¡  Model  certain  human  characteristics   §  Propensity  to  make  mistakes   §  Aspects  of  physiology,  (soon:  emotion,  bounded  rationality)   §  Flexibility  to  changing  conditions   ¡  Configurable  tool  for  experimenters   38  
  • 40. A  general  purpose,  flexible  platform  for  modeling,   emulation,  and  controlled  study  of  large,  complex   networked  systems     §  Elements  located  at  USC/ISI  (Los  Angeles),  UC  Berkeley,   and  USC/ISI  (Arlington,  VA)   §  Funded  by  NSF  and  DHS,  started  in  2003   §  Based  on  Emulab  software,  with  focus  on  security   experimentation   §  Shared  resource  –  multiple  simultaneous  experiments   subject  to  resource  constraints   §  Open  to  academic,  industrial,  govt  researchers  essentially   worldwide  –  very  lightweight  approval  process   40  
  • 41.   ¡   ~440  PC-­‐based  nodes   •  Berkeley,  CA  -­‐  ~200  Nodes   •  Los  Angeles,  CA  -­‐  220   Nodes   •  Arlington,  VA  –  20  Nodes     ¡  Interconnect  (2010)   •  1  Gb/s  –  LA-­‐UCB   •  1-­‐10  Gb/s  LA-­‐Arlington   ¡  Local  and  Remote  access   41  
  • 42. High-­‐performance  co-­‐processing       •  NetFPGA-­‐based  node   deployment   •  Dedicated  hardware  modules,   e.g.,  packet  monitors   Efficiency  and  scalability     •  Increased  VLAN  bandwidth   (10Gbps  +)     •  Configuration  management   and  infrastructure  protection   42  
  • 43. ¡  Technical  elements     §  DETER  Core   §  Scalable  Modeling  and  Emulation   §  Federation   §  Leveraging  Understanding  and  Semantics   §  Risky  Experiment  Management   §  Multiparty  Experiments   §  Experiment  Lifecycle  Management   43  
  • 45. 45  
  • 46. •  Content  sharing  support   –  Experiments,  data,  models,  recipes   –  Class  materials,  recent  research  results,  ideas   •  Shared  spaces     –  Outreach:  Conferences,  tutorials,  presentations     –  Share  and  connect:  Website,  exchange  server   –  Common  experiment  description:  Templates   –  Build  community  knowledge:  domain-­‐specific  communities   •  Education  support   –  NSF  CCLI  grant:  develop  hands-­‐on  exercises  for  classes   –  Moodle  server  for  classes  on  DETER   46  
  • 47. Academia   UC  Irvine     Government   Carnegie  Mellon  University                                                       UC  Santa  Cruz                                                                                 Air  Force  Research  Laboratory   Columbia  University                                                                     UCLA                                                                                                   DARPA   Cornell  University                                                                       UCSD                                                                                                   Lawrence  Berkeley  National  Lab       Dalhousie  University                                                                   UIUC                                                                                                   Naval  Postgraduate  School         DePaul  University                                                                         UNC  Chapel  Hill                                                                             Sandia  National  Laboratories                                                   George  Mason  University                                                             UNC  Charlotte                                                                                 Industry   Georgia  State  University                                                           Universidad  Michoacana  de  San  Nicolas   Agnik,  LLC                                                                                       Hokuriku  Research  Center                                                           Universita  di  Pisa                                                                       Aerospace  Corporation   ICSI                                                                                                   University  of  Advancing  Technology                                       Backbone  Security                                                                         IIT  Delhi   University  of  Illinois,  Urbana-­‐Champaign                           BAE  Systems,  Inc.                                                                         IRTT                                                                                                   University  of  Maryland                                                               BBN                                                                                                     ISI   University  of  Massachusetts                                                     Bell  Labs   Johns  Hopkins  University                                                           University  of  Oregon                                                                   Cs3  Inc.                                                                                           Lehigh  University                                                                         University  of  Southern  Callfornia                                           Distributed  Infinity  Inc.                                                         MIT                                                                                                     University  of  Washington                                                           EADS  Innovation  Works                                                         New  Jersey  Institute  of  Technology                                       University  of  Wisconsin  -­‐  Madison                                         FreeBSD  Foundation   Norfolk  State  University                                                           USC   iCAST   Pennsylvania  State  University                                                 UT  Arlington                                                                                   Institute  for  Information  Industry                                       Purdue  University                                                                         UT  Austin                                                                                         Intel  Research  Berkeley       Rutgers  University                                                                       UT  Dallas                                                                                         IntruGuard  Devices,  Inc.                                                           Sao  Paulo  State  University   Washington  State  University                                                     Purple  Streak                                                                                 Southern  Illinois  University   Washington  University  in  St.  Louis                                       Secure64  Software  Corp                                                               TU  Berlin                                                     Western  Michigan  University                                                     Skaion  Corporation                                                                       TU  Darmstadt                                             Xiangnan  University   SPARTA   Texas  A&M  University                                                                   Youngstown  State  University   SRI  International                                                                         UC  Berkeley   Telcordia  Technologies   UC  Davis     47  
  • 49. ¡  Hands  on  exercises   ¡  Students  gain  from  direct  observation  of   attacks  and  interaction     ¡  Pre  packaged  for  both  student  and  teacher   §  Buffer  overflows,  command-­‐injection,  middle-­‐in-­‐ the-­‐middle,  worm  modeling,  botnets,  and  DoS   ¡  Facility  support  for  class  administration     49  
  • 50. 50  
  • 51. ¡  Transformative  research  and  facility  for  cyber   security  R&D   ¡  Experimental  science:   §  Fostering  fundamental    understanding  world   complexity     ¡  Contribution  transformation  of  field     ¡  Proactive  robustness  and  away  from  reactive   security   51  
  • 52. ¡  Growing  DETER  Community  increasingly   engaged  in  experimental  science  of  cyber   security   ¡  Collaboration  key  part  of  DETER  mission   §  DETERLab  and    new  scientific   experimentation     Join  us   http://deter-­‐project.org/     52