cyber defense technology experimental and evaluation methods
TRANSCRIPT
![Page 1: Cyber Defense Technology Experimental and Evaluation Methods](https://reader031.vdocuments.net/reader031/viewer/2022020705/61fb88ea2e268c58cd5f515a/html5/thumbnails/1.jpg)
8/9/05 1
Cyber Defense Technology ExperimentalCyber Defense Technology ExperimentalResearch (DETER)Research (DETER)
andandEvaluation Methods for Internet SecurityEvaluation Methods for Internet Security
Technology (EMIST)Technology (EMIST)
Terry V. BenzelTerry V. BenzelInformation Sciences InstituteInformation Sciences Institute
University of Southern CaliforniaUniversity of Southern California
![Page 2: Cyber Defense Technology Experimental and Evaluation Methods](https://reader031.vdocuments.net/reader031/viewer/2022020705/61fb88ea2e268c58cd5f515a/html5/thumbnails/2.jpg)
8/9/05 2
DETER + EMIST:DETER + EMIST:BackgroundBackground
• Inadequate wide scale deployment of securitytechnologies– Despite 10+ years investment in network security
research
• Lack of experimental infrastructure– Testing and validation in small to medium-scale
private research labs– Missing objective test data, traffic and metrics
![Page 3: Cyber Defense Technology Experimental and Evaluation Methods](https://reader031.vdocuments.net/reader031/viewer/2022020705/61fb88ea2e268c58cd5f515a/html5/thumbnails/3.jpg)
8/9/05 3
DETER+EMIST VisionDETER+EMIST Vision
... to provide the scientific knowledge requiredto enable the development of solutions tocyber security problems of nationalimportance
Through the creation of an experimentalinfrastructure network -- networks, tools,methodologies, and supporting processes --to support national-scale experimentation onresearch and advanced development ofsecurity technologies.
![Page 4: Cyber Defense Technology Experimental and Evaluation Methods](https://reader031.vdocuments.net/reader031/viewer/2022020705/61fb88ea2e268c58cd5f515a/html5/thumbnails/4.jpg)
8/9/05 4
Long Term ObjectivesLong Term Objectives
Create reusable library of test technology for conducting realistic,rigorous, reproducible, impartial tests
–For assessing attack impact and defense effectiveness–Test data, test configurations, analysis software, and experiment
automation toolsProvide usage examples and methodological guidance
–Recommendations for selecting (or developing) tests andinterpreting results
–Test cases and results, possibly including benchmarksFacilitate testing of prototypes during development and commercial
products during evaluation
![Page 5: Cyber Defense Technology Experimental and Evaluation Methods](https://reader031.vdocuments.net/reader031/viewer/2022020705/61fb88ea2e268c58cd5f515a/html5/thumbnails/5.jpg)
8/9/05 5
DETER Architectural PlanDETER Architectural Plan
• Construct homogeneous emulation clustersbased upon University of Utah’s Emulab
• Implement network services – DNS, BGP• Add containment, security, and usability
features to the software• Add (controlled) hardware heterogeneity• Evaluate usefulness of other testbed
approaches – esp. overlays like Planetlab
![Page 6: Cyber Defense Technology Experimental and Evaluation Methods](https://reader031.vdocuments.net/reader031/viewer/2022020705/61fb88ea2e268c58cd5f515a/html5/thumbnails/6.jpg)
8/9/05 6
PC
‘User’Server
PC
Control Network
ISI Cluster
Userfiles
Cisco switch Foundry switch
Node Serial Line Server
'Boss'Server
PC PC
UCB Cluster
Node Serial Line Server
DownloadServer
PowerCont’ler
PowerCont’ler
PC … …
trunk trunk
Control Network
Internet
IPsec
IPsec
User
FW FW
CE
NIC
![Page 7: Cyber Defense Technology Experimental and Evaluation Methods](https://reader031.vdocuments.net/reader031/viewer/2022020705/61fb88ea2e268c58cd5f515a/html5/thumbnails/7.jpg)
8/9/05 7
DETER Testbed InfrastructureDETER Testbed Infrastructure
• 201 (139 + 62) PC nodes in 4 types• 9 control plane PC’s• 9 switches for control, experimental, and
administrative purposes• Serial expanders for 201 nodes• Remote power controllers• IPSec tunnel between ISI and U.C. Berkeley
![Page 8: Cyber Defense Technology Experimental and Evaluation Methods](https://reader031.vdocuments.net/reader031/viewer/2022020705/61fb88ea2e268c58cd5f515a/html5/thumbnails/8.jpg)
8/9/05 8
Example DETER TopologiesExample DETER Topologies
![Page 9: Cyber Defense Technology Experimental and Evaluation Methods](https://reader031.vdocuments.net/reader031/viewer/2022020705/61fb88ea2e268c58cd5f515a/html5/thumbnails/9.jpg)
8/9/05 9
Experimenters WorkshopExperimenters WorkshopSeptember 28, 2005September 28, 2005
• Second workshop– Demonstrations of 6 – 8 current experiments– Working groups on experiments
• DDOS• Worms• Routers
• For information on workshops or testbed use• Email: [email protected]
![Page 10: Cyber Defense Technology Experimental and Evaluation Methods](https://reader031.vdocuments.net/reader031/viewer/2022020705/61fb88ea2e268c58cd5f515a/html5/thumbnails/10.jpg)
8/9/05 10
Access to TestbedAccess to Testbed
• Open to community – request via email:[email protected]
• Important addresses:– www.isi.edu/deter– www.isi.deterlab.net– http://emist.ist.psu.edu– www.emulab.net
• Hiring – email [email protected]