Griffin Final Report DETER Testbed Update - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Griffin Final Report DETER Testbed Update

Description:

Pre-stage dynamic/static code/data (activate on demand) ... Need complete control over experimental conditions. for repeatability. 14 ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 23
Provided by: anthony219
Category:

less

Transcript and Presenter's Notes

Title: Griffin Final Report DETER Testbed Update


1
Griffin Final ReportDETER Testbed Update
  • Anthony D. Joseph
  • UC Berkeley
  • http//deter.cs.berkeley.edu/
  • Sahara Retreat, June 2004

2
Outline
  • Griffin
  • Motivation
  • Goals and Components
  • Retreat talks
  • DETER Update
  • Motivation and goals
  • Testbed status
  • Applications virus filtering, worm propagation

3
Near-Continuous, Highly-Variable Internet
Connectivity
  • Connectivity everywhere campus, in-building,
    satellite
  • Projects Sahara (01-04), Iceberg (98-01), Rover
    (95-97)
  • Most applications support limited variability (1
    to 2x)
  • Design environment for legacy apps is static
    desktop LAN
  • Strong abstraction boundaries (APIs) hide the
    of RPCs
  • But, todays apps see a wider range of
    variability
  • 3?5 orders of magnitude of bandwidth from 10's
    Kb/s ?1 Gb/s
  • 4?6 orders of magnitude of latency from 1 ?sec
    ?1,000's ms
  • 5?9 orders of magnitude of loss rates from 10-3 ?
    10-12 BER
  • Neither best-effort or unbounded retransmission
    may be ideal
  • Also, overloaded servers / limited resources on
    mobile devices
  • Result Poor/variable performance from legacy apps

4
Griffin Goals and an Adpative, Predictive Approach
  • Users always see excellent (? local, lightly
    loaded) application behavior and performance
  • Agility key metric is time to predict, react,
    and adapt
  • Apply continuous, cross-layer, multi-timescale
    introspection
  • SUCCESS Tapas -- Building accurate models of
    correlated events
  • Help legacy and new applications handle changing
    conditions
  • Analyze, classify, and predict behavior
  • Pre-stage dynamic/static code/data (activate on
    demand)
  • SUCCESS REAP/MINO/COMPASS --- Dynamic code/data
    placement with automatic service location
  • Overlay more powerful network model on top of IP
  • Avoid standardization delays/inertia, enables
    dynamic svc placement
  • PARTIAL Tapestry/Brocade --- Interoperation with
    IP routing policies

5
Some Enabling Infrastructure Components Weve
Built
  • Tapas network characteristics toolkit Konrad
    Mills prof.
  • Measuring/modeling/emulating/predicting delay,
    loss,
  • Provides micro-scale network weather information
  • Mechanism for monitoring/predicting available QoS
  • REAP application building toolkit Czerwinski
    Google
  • Introspective mobile code/data support for legacy
    / new apps
  • REAP dynamic service component placement
  • MINO E-mail application, COMPASS service instance
    locator
  • Tapestry, Brocade, and Mobile Tapestry Hildrum
    IBM, Zhao UCSB prof.
  • Overlay routing layer providing efficient
    application-level object location and routing
  • Mobility support, fault-tolerance, varying
    delivery semantics

6
Related Talks at Retreat
  • Kris Hildrum Locality in Tapestry
  • Highlight talk today
  • Sean Rhea OpenHash
  • Tuesday morning in Overlay Networking parallel
    session
  • Ling Huang Probabilistic data aggregation
  • Tuesday evening in Overlay Networking parallel
    session

7
Outline
  • Griffin
  • Motivation
  • Goals and Components
  • Retreat talks
  • DETER Update
  • Motivation and goals
  • Testbed status
  • Applications virus filtering, worm propagation

8
(No Transcript)
9
cyber DEfense Technology Experimental Research
(DETER)
  • NSF and DHS sponsored cyber-defense research
    project
  • Lead PIs UCB, USC-ISI, McAfee
  • DETER Goals
  • Design and construction of a testbed for network
    security experiments,
  • Research on experimental methodology for network
    security, and
  • Research on network security.
  • DETER focus on 1), but it needs to do some of 2)
    and 3)
  • Goal Duplicate observed attack effects in the
    testbed
  • E.g., self-congestion for worms

10
Background
  • People
  • Anthony Joseph, Ruzena Bajcsy, Shankar Sastry,
    David Culler, Doug Tygar, David Wagner, Eric
    Fraser (staff), Yih-Chun Hu (postdoc)
  • 3 experiment areas in related EMIST project
  • Worms, routing attacks, DDoS attacks
  • Just completed major demo last week in DC
  • 50 tech govnt (NSF, NIST, DARPA, NSA, DHS)
  • Experimenters Workshop (11/8 or 11/15 week)

11
DETEREMIST Motivation
  • New, increasingly virulent Worms and Viruses
  • MyDoom/Novarg e-mail virus/worm
  • 40 reports/hr in first hour, quarantined 8
    million in first 24 hours
  • Spreads via E-mail, jumps firewalls thru
    Peer-to-Peer networks
  • Blocks access to anti-virus and MS update sites
  • Distributed Denial of Service (DDoS) attacks
  • Large scale, international attack on Akamai
    infrastructure"
  • Potential routing hardware software attacks
  • Issues
  • Inadequate wide scale deployment of security
    technologies
  • Lack of experimental infrastructure
    limited-scale private labs
  • Missing objective test data, traffic and metrics

12
DETEREMIST Vision
  • ... to provide the scientific knowledge required
    to enable the development of solutions to cyber
    security problems of national importance
  • Through the creation of an experimental
    infrastructure network -- networks, tools,
    methodologies, and supporting processes -- to
    support national-scale experimentation on
    research and advanced development of security
    technologies.
  • Real systems, Real attacks, Real world!

13
Architecture and Design Cluster Testbed
  • Basic choice cluster vs. distributed testbed
  • Example Emulab vs. Planetlab design.
  • Two major reasons to choose clusters for DETER
  • Security containment
  • would be impossible in a distributed testbed.
  • Need complete control over experimental
    conditions for repeatability

14
DETER Experimental Network
Clusters of N identical experimental
nodes, interconnected dynamically
into arbitrary topologies using VLAN switch
Pool of N identical processors
160
PC
PC
PC
Switch Control Interface
N x 4 _at_1000bT Data ports
Programmable Patch Panel (VLAN switch)
15
Example Topology Created using DETER
(as11537-5s-2t)
16
The Fidelity Issue
  • Would ideally like
  • Large and realistic topologies
  • Diverse, realistic nodes and links
  • But
  • Fidelity is expensive
  • Large-scale fidelity may be unnecessary for
    (maybe even contrary to) good science.
  • Plan to add limited heterogeneity and realism
    e.g., a few vendor routers, network processors

17
Early-stage Local Research Efforts
  • APE SLT-based virus detection and containment
  • Uses unsupervised learning to classify outgoing
    e-mail based on features ( of recipients,
    attachments, etc.)
  • Built prototype, now exploring different models
  • Worm propagation effects on realistic topologies
  • Using Parallel and Distributed NS to emulate up
    to 15,000 nodes with realistic latencies and
    bandwidths
  • Significantly different propagation patterns from
    analytical models due to congestion effects

18
Wide-Area Testbed Architecture
Cyber Defense Experiments run on Virtual Internet
Network Traces
32 PCs, but more powerful HW firewalls July 04
UC Berkeley
Internet
ISI-East
USC-ISI
19
UCB DETER Testbed
Internet
Control VPN Server
Data VPN Server
Cutoff Point
Firewall
Cache Boss Server
Foundry FastIron 1500 16 x 10 1000bT ports
Switch Control Interface
Serial Line Power Server

32 _at_ 1000bT Control ports
32 x 4 _at_1000bT Data ports
160
APC Power Controllers
SUN
SUN
SUN
20
Collaboration Opportunities
  • http//www.isi.deterlab.net/index.php3
  • Research opportunities
  • Measuring application behavior under attack
  • Web servers, file servers, etc.
  • Strategies for mitigating attacks
  • Worm defenses, DDoS traceback and block,
    hardening routing protocols
  • Operations and management
  • Substantial knowledgebase from commercial
    operations
  • Hardware donations
  • Network nodes, Firewall machines, L2/L3 routers,
    etc

21
Overlay Networking Parallel Sessions Schedule
  • 0830-1000 Peer-to-Peer and Routing (Ion)
  • Sean Rhea OpenHash
  • Jayanth Kanan Supporting Legacy applications in
    i3
  • Brighten Godfrey A Heterogeneity-Aware
    Distributed Hash Table
  • Rodrigo Fonseca Beacon Vector Routing
  • 1930-2100 Applications in Wide Area Networks
    (Anthony)
  • Ling Huang Probabilistic Aggregation in
    Distributed Networks
  • David Oppenheimer Resource Discovery in
    Distributed Systems
  • Dennis Geels Deterministic Replay for Debugging
    Overlay Networks

22
Griffin Final ReportDETER Testbed Update
  • Anthony D. Joseph
  • UC Berkeley
  • http//deter.cs.berkeley.edu/
  • Sahara Retreat, June 2004
Write a Comment
User Comments (0)
About PowerShow.com