cyber defense technology experimental and evaluation methods
TRANSCRIPT
8/9/05 1
Cyber Defense Technology ExperimentalCyber Defense Technology ExperimentalResearch (DETER)Research (DETER)
andandEvaluation Methods for Internet SecurityEvaluation Methods for Internet Security
Technology (EMIST)Technology (EMIST)
Terry V. BenzelTerry V. BenzelInformation Sciences InstituteInformation Sciences Institute
University of Southern CaliforniaUniversity of Southern California
8/9/05 2
DETER + EMIST:DETER + EMIST:BackgroundBackground
• Inadequate wide scale deployment of securitytechnologies– Despite 10+ years investment in network security
research
• Lack of experimental infrastructure– Testing and validation in small to medium-scale
private research labs– Missing objective test data, traffic and metrics
8/9/05 3
DETER+EMIST VisionDETER+EMIST Vision
... to provide the scientific knowledge requiredto enable the development of solutions tocyber security problems of nationalimportance
Through the creation of an experimentalinfrastructure network -- networks, tools,methodologies, and supporting processes --to support national-scale experimentation onresearch and advanced development ofsecurity technologies.
8/9/05 4
Long Term ObjectivesLong Term Objectives
Create reusable library of test technology for conducting realistic,rigorous, reproducible, impartial tests
–For assessing attack impact and defense effectiveness–Test data, test configurations, analysis software, and experiment
automation toolsProvide usage examples and methodological guidance
–Recommendations for selecting (or developing) tests andinterpreting results
–Test cases and results, possibly including benchmarksFacilitate testing of prototypes during development and commercial
products during evaluation
8/9/05 5
DETER Architectural PlanDETER Architectural Plan
• Construct homogeneous emulation clustersbased upon University of Utah’s Emulab
• Implement network services – DNS, BGP• Add containment, security, and usability
features to the software• Add (controlled) hardware heterogeneity• Evaluate usefulness of other testbed
approaches – esp. overlays like Planetlab
8/9/05 6
PC
‘User’Server
PC
Control Network
ISI Cluster
Userfiles
Cisco switch Foundry switch
Node Serial Line Server
'Boss'Server
PC PC
UCB Cluster
Node Serial Line Server
DownloadServer
PowerCont’ler
PowerCont’ler
PC … …
trunk trunk
Control Network
Internet
IPsec
IPsec
User
FW FW
CE
NIC
8/9/05 7
DETER Testbed InfrastructureDETER Testbed Infrastructure
• 201 (139 + 62) PC nodes in 4 types• 9 control plane PC’s• 9 switches for control, experimental, and
administrative purposes• Serial expanders for 201 nodes• Remote power controllers• IPSec tunnel between ISI and U.C. Berkeley
8/9/05 8
Example DETER TopologiesExample DETER Topologies
8/9/05 9
Experimenters WorkshopExperimenters WorkshopSeptember 28, 2005September 28, 2005
• Second workshop– Demonstrations of 6 – 8 current experiments– Working groups on experiments
• DDOS• Worms• Routers
• For information on workshops or testbed use• Email: [email protected]
8/9/05 10
Access to TestbedAccess to Testbed
• Open to community – request via email:[email protected]
• Important addresses:– www.isi.edu/deter– www.isi.deterlab.net– http://emist.ist.psu.edu– www.emulab.net
• Hiring – email [email protected]