CNS

1
CNS Perspective on TONCKarl Levittklevitt_at_nsf.g
ov

• CNS overview
• More details on Cyber Trust
• GENI/FIND
• Maybe GENI/FIND is not needed -- Steve Kents
  perspective
• Challenges
• How TONC can play

2
Computer and Network Systems Division (CNS)

• Computer Systems Helen Gill, Brett Fleisch
• Distributed systems embedded and hybrid systems
  middleware parallel systems
• Network Systems Darleen Fisher, Guru Parulka,
  David Goodman, David Du
• Network research broadly defined wireless
  systems networks of sensors FIND (Future
  Internet )
• Cyber Trust Karl Levitt Bill Steiger others
• Security for FIND cryptography the world
• Computing Research Infrastrcture
• Education and Workforce
• Create exciting curricula for CS Acting on the
  perceived enrollment and CS image problems

3
Cyber Trust Projects

• Computer and Network Security Research Grants
  primarily supports single investigator and teams
  conducting research in computer security
• Computer and Network Security Research Centers
  primarily large-scale grants conducting research
  towards new technology often with important
  applications of the technology the Centers
  include four being funded under the Cyber Trust
  program
• University of Illinois (TCIP) Security for
  Critical Infrastructures
• UC San Diego Large scale worm defense
• Johns Hopkins E-Voting
• Carnegie Mellon Third generation secure systems
• Stanford, Yale, Stevens PORTIA
• DETER/EMIST security testbed
• Centers give us visibility, but so can important
  theoretical results

4
Technology Generations of Information Assurance
1st Generation (Prevent Intrusions)
5
An additional Center-Level Project

• UC Berkeley (with Stanford, Cornell, Vanderbilt,
  Carnegie Mellon) TRUST, which includes security
  for critical infrastructures

6
Cyber Security at NSF (cont.)

•   Computer and Network Security Capacity
  Building facility improvement, support for
  education
•   Graduate Traineeships in Computer and Network
  Security Research
•   Scientific and Advanced Technology Act of
  1992 trains programmers and technicians who will
  be the workforce that supports U.S. Government
  and industry organizations addressing the current
  security threats

7
Research Areas for Cyber Trust

• assure authenticity of digital media
• develop automated defense against malicious code
  attacks, including viruses, worms, adware and
  spyware
• extract valuable information from networks and
  large databases without compromising individual
  privacy
• protect large enterprises from denial-of-service
  attacks
• safeguard on-line transactions of minors by
  increasing parental consent
• enable hardware support for security enhancements
• create new programming language features that
  support the development of secure systems by
  preventing many kinds of attacks
• develop workbenches to help developers evaluate
  their systems against realistic threats and in
  the presence of realistic background traffic
• make eavesdropping on digital channels more
  difficult
• assess computer systems for the presence of
  vulnerabilities

8
Cyber Trust Research Areas (cont.)

• trace attacks that exploit vulnerabilities in
  Voice-over IP through the Internet
• reason about the effectiveness of security
  components, including intrusion detection systems
  
• develop new defenses against attacks on
  distributed sensor networks
• develop secure RFID systems through lightweight
  cryptograph
• Digital forensics

9
GENI Global Environment for Networking
Investigations

• CISE
• National Science Foundationdlfisher_at_nsf.gov

10
Education
Communication


Internet Transforming Infrastructure
SEResearch
InformationSharing
11
Looking Ahead
Applications
Capabilities
Technologies
12
Emerging Disruptive Technologies
13
Sensor and Sensor Networks
New Machines
14
Software Radios

• Software Radio
• Wide operational frequency supports use of
  multiple bands
• Multiple waveforms in a single hardware unit
  provides interoperability
• Impact
• Dynamic spectrum management helps prevent
  interference
• Adaptable to local current situation flexible
  frequency use provides opportunities for quality
  of service
• Rapid deployment and service creation
• Enables new network architectures through
  flexible dynamic connectivity

• Systems and networking issues remain unexplored
  and unexploited!

Thanks to Joe Evans
15
Mobile Wireless Devices

• PDAs Cell Phones Laptops iPODs
• Each one is an end-node on the network
• 2B cell phones sold every year
• Range of mobility
• Data, VOIP, IPTV,

16
Photonics Integration
17
System on a Chip IXP 2850
3 RDRAM channels
2 encryption engines
10 Gb/s IO
4 QDR SRAM channels
16 32 bit processors 8K ctl. memory

• gt20 GIPs (peak)
• 16 i/B for 10 Gb/s traffic

Thanks to Jon Turner
18
Emerging Applications
19
Digital Living 2010
Tomorrows users will be surrounded by pervasive
devices, embedded sensors and systems all
connected to the Internet.
Thanks to David Kotz at Dartmouth
20
Networked Embedded Systems
Thanks to Paulo Verssimo
21
NEONNational Ecological Observatory Network
22
Network Centric Critical Infrastructures
Essential Utilities
Transportation
Telecommunications Banking Finance
23
And many more

• Mapping the physical world into virtual world
• Networked embedded systems
• Large scale data grid and vast personal data
• Pervasive computing with mobile wireless
• Disaster recovery
• SE Applications
• And others that we cannot guess today

24
Looking Ahead
Applications
Capabilities
Technologies
25
Current Internet Evolution?
26
Internet Security Limitations

• Because much of this (IT) infrastructure
  connects one way or another to the Internet, it
  embodies the Internets original structural
  attributes of openness, inventiveness, and the
  assumption of goodwill.
• These signature attributes have made the US IT
  infrastructure an irresistible target
• A broad consensus among computer scientists is
  emerging that the approach of patching and
  retrofitting networks, computing systems, and
  software to add security and reliability may be
  necessary in the short run but is inadequate for
  addressing the Nations cyber security needs.
• 
  PITAC Report on CyberSecurity

27

• in the thirty-odd years since its invention,
  new uses and abuses, along with the realities
  that come with being a fully commercial
  enterprise, are pushing the Internet into realms
  that its original design neither anticipated nor
  easily accommodates.
• Freezing forevermore the current architecture
  would be bad enough, but in fact the situation
  is deteriorating. These architectural
  barnaclesunsightly outcroppings that have
  affixed themselves to an unmoving architecture
  may serve a valuable short-term purpose, but
  significantly impair the long-term flexibility,
  reliability, security, and manageability of the
  Internet.
• Overcoming Barriers to Disruptive Innovation in
  Networking, NSF Workshp Report, 05.

28
Future Internet?
Distributed Systems and Services?
Network and Protocol Architectures?
New Paradigms?
NetworkCapabilities
EnablingTechnologies
Applications UserRequirements

• Need a clean-slate approach

29
GENI Initiative

• Research -- Refocus existing programs
• NeTS gt FIND
• Cyber Trust
• CSR
• CRI
• Experimental Facility
• Exploring different possibilities including MREFC
• Up to 300M

30
Future Internet

• Must
• Be worthy of our societys trust
• Even for managing and operating critical
  infrastructures
• Provide a bridge between physical and virtual
  worlds
• Via instrumented and managed sensorized physical
  environment
• Support pervasive computing
• From wireless devices to supercomputers
• From wireless channels to all optical light-paths
• Enable further innovations in SE research
• Seamless access to networked instruments,
  supercomputers, storage,

31
Future InternetMust Be A Platform for Innovations
32
NSF Community Collaboration
Disruptive Innovations
GENI Initiative
Optical Technologies
Planning Grants and Workshops FY04-05
www.nsf.gov/cise/geni/
33
NSF Community Collaboration
Research Experimental Facility
Disruptive Innovations
GENI Initiative
Optical Technologies
Planning Grants and Workshops FY04-05
www.nsf.gov/cise/geni/
34
Research Community stepping up to create Future
Internet -- Internet for the 21st Century

• NSF wants to enable this

35
Scope of Research

• Core functionalities
• Security and robustness
• Privacy and accountability
• Manageability and usability
• Economics viability
• Theoretical foundations

• Communications during crisis
• High level conceptualization
• Support for applications design
• Large scale storage management
• Social needs

Networking and distributed systems broadly defined
36
What is Different This Time?

• Clean-slate approach
• To overcome Internet ossification
• A comprehensive coordinated effort
• Ability to try different approaches
• Ability to experiment at scale
• With real users and applications

37
Case for GENI Facility
Shared DeployedInfrastructure
Need for Large experimental testbed/infrastructur
e
This chasm represents a majorbarrier to
realization of GENI
Small Scale Testbeds
Maturity
ResearchPrototypes
Foundations Research
Funded by CISE Programs
Time
38
High Level Goals

• Enable exploration of new network architectures
  and distributed system capabilities
• A shared facility that allows
• Embedding within itself a broad range of
  experimental networks and distributed services
• Interconnection among these experimental networks
  and with the Internet
• Users and applications to opt-in
• Observation, measurement, and recording of the
  resulting experimental outcomes

39
Facility Goals and Key Concepts
Goal shared platform that promotes innovations
Key Concepts Slicing, Virtualization,
Programmability
40
Details of the Facility
41
Global and Local Software
42
Recognize Four Groups

• Baseline GENI facility providers
• Provide baseline GENI with appropriate
  capabilities and hooks
• Network architects and distributed systems
  builders research teams
• Deploy new networks and services on the baseline
  facility
• Application providers research teams
• Build and deploy example applications
• End users
• Use applications for their benefit and in the
  process test

43
Expected GENI Deliverables

• Deep insight about
• Various proposed architectures
• Various engineering trade-offs
• A new class of
• Network platforms switches/routers/APs/Optical
  Systems/?
• Control and management planes
• Distributed system infrastructures
• Embedded measurement and instrumentation
  infrastructure
• Optical transport systems and networks
• An operational infrastructure
• new architecture(s) secured, robust, scalable,
  manageable, and evolvable
• New and old applications with real users
• Accelerate innovations and continued growth

44
Many teams across the nation to
participateCurrent snapshot of our collective
thinking -- will most likely evolve
45
Success Scenarios

• Internet evolution influenced by clean-slate
  approach
• Alternate infrastructure emerges
• Single architecture emerges and dominates
• Virtualization becomes the norm with plurality of
  architectures
• Alternate infrastructure becomes the mainstream
  over time
• Many other payoffs
• Some unexpected

46
GENI

• MREFC (Major Research Equipment and Facilities
  Construction) Funding
• NOT research funding
• Idea is Think Big? more research funding to
  promising area

47
Community Input

• GENI Town Hall Meetings
• March 10 Crystal City VA (near Reagan Airport)
• West Coast and Central US TBD
• See www.geni.net for current plan
• Join GENI discussion list
• Email/call Guru or me
• NeTS FIND proposals submit 2 page facility needs

48
Does Everyone in the Research Community Agree
with GENIs Goals?

• NO!!!!

49
Challenges to Re-inventing the Internet

• Dr. Stephen Kent
• Chief Scientist - Information Security

50
How the Internet Came About (v1)

• Vint Cerf ande Bob Kahn (and, of course, Al Gore)
  invented the Internet
• No attention was paid to security concerns
• Tim Berners-Lee invented the Web, moving the
  Internet beyond e-mail, FTP, and Telnet
• Marc Andreesen invented the browser, making the
  web accessible to everyone, and making him rich
• Google indexed the web, making it all accessible
• We all live happily ever after

51
How the Internet Came About (v2)

• Vint Bob invented IP TCP
• Vint and Bob went to ARPA and spent lots of RD
  money to evolve Internet technology
• Security was a concern KDC system built and
  tested 5 years before Kerberos, MLS e-mail
  prototypes, IPSO,
• Vint Bob provided active technical leadership
  for these Internet RD projects
• Vint Bob made the DoD a major client, which
  helped stimulate vendors to support IP
• Vint created the IAB to oversee the Internet
  architecture
• The IETF was formed to create Internet standards
• This enabled the web, browsers, Google, etc. to
  come about

52
The Original Internet Competition

• Data communication options circa 1978-85
• Leased lines
• SNA
• X.25
• DecNet
• OSI
• Proprietary LANs
• Significant investment by some businesses, all
  major computer vendors, a few service providers,
  very, very few individual users

53
The Competition Today

• The Internet as we know it!
• It evolves to support new apps, higher
  performance, new media, bigger scale,
• Enormous investment in the current technology by
• Businesses in all areas
• Local, state, and federal governments
• All computer vendors (fewer than there used to
  be!)
• Thousands of service providers
• Hundreds of millions of individual users
• The scope of affected organizations and people,
  and the magnitude of the investment in the
  current Internet is enormous

54
What Motivated the Internet Transition?

• Significantly reduced cost to communicate
• Network scope
• Significantly improved functionality
• Competitive advantage
• But, these factors have to be balanced against
• Capital costs for hardware software
• Training costs for users, system administrators,
  
• Service disruption for customers, internal users,
  

55
Do We Need to Replace the Internet?

• Spam is very annoying, but so are all the phone
  calls I receive on behalf of charities
• Most phishing looks like spam to me, and largely
  is a social engineering concern
• Network availability is good enough to do
  billions of dollars of transactions daily
• Network performance is good enough for VoIP, web
  surfing, etc. IF you have good local access
  (i.e., the core is OK)
• Security for end systems is NOT intrinsically a
  network problem, although the net can help
• Real time and control applications are not
  reliably handled by the Internet

56
Can NSF Develop a New Internet?

• NSFs model for program funding and management is
  very different from DARPA
• Grants to faculty, leadership by faculty,
  graduate student labor, minimal industry
  involvement, most grants are modest by DARPA
  standards
• NSFNET was a big exception to this model but
  still modest in scale vs. DARPAs investment
• The scope of the public Internet is
  international, the investment is enormous, the
  number of affected users staggering,
• Convincing users, vendors, and service providers
  that the new Internet is worth the transition
  costs will be very, very hard

57
The Report of the Internets Death was an
Exaggeration
58
Challenges

• How do incorporate security into GENI?
• To protect it against external attacks
• To protect it against experimental malware
• To protect applications from a potentially
  malicious GENI
• Does GENI provide the mechanisms to support
  interesting new ideas from TONC?
• Network Coding
• The clean slate for FIND is mostly about a new
  network. What should be in the new network to
  support
• Wireless computing location services,
• Security traceability, forensics,
• It has been conjectured that Denial of Service
  attacks can be neither prevented or mitigated.
  Prove this wrong.
• For what disruptions will the Internet recover?
  How long will it take?

59
More Challenges

• View GENI as a step towards Big Computer-Science
• What theories can be validated with GENI?
• Time for a worm to propagate through the Internet
  -- under varying assumed conditions
• Can a worm defense keep up with a fast moving
  worm?

60
More Challenges

• Can the next Internet be designed for real-time
  computations (Wei Zhao)
• What are the limitations of formal methods?
• Model checking to prove properties of
  configurations
• Identify vulnerabilities in source and object
  code
• Prove security properties of protocols
• Can data be sanitized for use by experimenters?
• This might be a special case of the
  transfomation of research data to achieve
  confindentiality and usability (Dwork, and many
  others)

61
Toolkit architecture
Security Properties
Integrated error report
Program
Toolkit
Raw error report
Intermediate representation
Analysis engines
Report engines
Parsers
Model checking (MOPS)
HTML report generator
C parser
Type inference (Cqual)
C parser
Java parser
Range analysis (BOON)
62
Analysis engines

• MOPS pushdown model checking
• Privilege elevation bugs
• Race condition bugs
• Cqual type inference
• Format string bugs
• User/kernel pointer bugs
• BOON integer range analysis
• Buffer overrun bugs

63
Experience checking critical servers
Program Lines of code Running time Bugs found Bugs found
Program Lines of code Running time Total Real
Apache HTTPD 2.0.40-21 229K 233 6 2
At 3.1.8-33 6K 025 7 1
BIND 9.2.1-16 279K 315 4 0
OpenSSH 3.5p1-6 59K 329 24 5
Postfix 1.1.11-11 94K 653 6 0
Samba 2.2.7a-7.9.0 254K 4533 8 2
Sendmail 8.12.8-4 222K 1834 11 0
VixieCron 3.0.1-74 4K 027 4 3
Total 1147K 8109 70 13
64
Experience checking the entire RedHat Linux 9

• RedHat Linux 9
• 839 packages
• More than 60 million lines of code
• Experiments
• Checked 6 properties
• Found 79 new bugs so far

65
Can Security be Achieved using Simple Paradigms?

• Accountability
• Partitioning of data into trusted and untrusted
  sets
• Virtualization throughout
• Diversity to thwart attacker
• Control theory for security
• Currency needed for each packed issued
• Can security be predicted or measured, perhaps if
  simple paradigms are used?

66
Diversity System Functional Architecture
Address randomization does not remove
vulnerability but makes effect of attack
unpredictable
Normal user inputs work
Attacker
Modifications transform original stored program
User Inputs
Other System Resources
Original Program
Modified PE File, Loader System Calls
Optional Annotation File
Transformed In-memory program
Some attacks fail because vulnerability is not at
assumed address
Other attacks fail because injected commands are
wrong
PRNG
Pseudo-Random Number Generator
67
More Challenges

• Can anonymity and authorized monitoring co-exist?