DETER: NSFDHS Internet Security Testbed Project

1
DETER NSF/DHS Internet Security Testbed Project

• 30 Sep 03 29 Sep 05
• http//deter.cs.berkeley.edu/

2
Overview

• NSF and DHS sponsored research project
• Approx 10M total (2.4 for UCB)
• DETER/EMIST Goals
• Design and construction of a testbed for network
  security experiments,
• Research on experimental methodology for network
  security, and
• Research on network security.
• DETER focus on 1), but it needs to do some of 2)
  and 3)
• EMIST focus on 2), but it needs to do some of 3)
  and feed requirements into 1)
• Related goals
• Create repository of network topologies, attack
  traces, background traffic traces, trace
  generators, and experiments

3
Testbed Requirements I

• Versatility The facility should be adaptable to
  meet the requirements of a large variety of
  network and security testing scenarios.
• Controllability Experiments within the facility
  must be controllable. An out-of-band management
  network will be a requirement so that experiments
  may be controlled even if the test network is
  highly congested or broken.
• Accessibility The facilitys management or
  control network must be available to researchers
  remotely via the Internet.
• Usability The facility must provide an
  easy-to-use control plane.
• Functionality There must be a rich set of
  traffic generators, topology generators, and
  experimental profiles.

4
Testbed Requirements II

• Transparency The facility must be highly
  instrumented to observe and record the intended
  and unintended effects of a test scenario.
• Fairness The facility must have clear policies
  regarding use of the network, the prioritization
  of experiments, the test-worthiness of the
  experiment, etc.
• Containment Any testing done within the facility
  must remain within the confines of the
  (quarantined) test network.
• Security The facility needs to be secure. The
  facility will almost certainly become a target of
  the black hat community.
• Fidelity The facility must be able to represent
  the topology, services, and traffic mix of the
  overall Internet or a subset of the Internet with
  sufficient and verifiable realism.
• Integrity Test cases should be repeatable and
  accurate.

5
Experiments

• Three experiment areas
• Worm experiment leader V. Paxson (ICSI)
• Routing experiment leader F. Wu (UCD)
• DDoS experiment leader D. Sterne (NAI)
• Goal Duplicate observed attack effects in the
  testbed
• E.g., self-congestion for worms
• The BGP routing attack experiment will
  demonstrate the need for a vendor-heterogeneous
  hardware testbed because emulated open-source BGP
  is very different from commercially deployed BGP
• Major demo of experimental results in DC in June
  04

6
Researchers

• UC Berkeley
• Anthony Joseph, Ruzena Bajcsy, Shankar Sastry,
  David Culler, Doug Tygar, David Wagner, Eric
  Fraser (staff), Yih-Chun Hu (postdoc)
• Initial user community will be DETER/EMIST PIs
  and PIs institutions
• Challenge of usability versus containment
• Others on a limited basis after June 04
• Future DHS, HSARPA, and White House exercises
• E.g., LiveWire, DarkScreen, JWIG2004

7
Basic Testbed Architecture

• First cluster at USC/ISI West (Jan/Feb 04)
• Homogeneous emulation cluster based upon Utahs
  Emulab/Netbed software
• Start with 64 PCs
• DETER adds containment, security features
• Real network services e.g., DNS, BGP
• Add (controlled) hardware heterogeneity later
• Second cluster at UCB (Mar/Apr 04)
• Similar to ISI cluster, but with up to 10 donated
  routers
• Later add more routers, high-speed synthetic
  traffic generators (Spirent, HP), and HW traffic
  sniffers

8
Preliminary UCB Architecture Proposal
9
DETER NSF/DHS Internet Security Testbed Project

• 30 Sep 03 29 Sep 05
• http//deter.cs.berkeley.edu/