| |
ContentsIntegrative Testbeds (Coordinator: Janos Sztipanovits)We will use four testbeds across the teams to allow for the integration of the methods developed across the research challenge areas and to allow for the systematic understanding of the usability, scalability, and interoperability of the solutions developed. To do so, TRUST will leverage existing infrastructure resources from investments by NSF, DARPA and industry and make them available to the partners. The testbeds include:Cyber Defense Technology Experimental Research (DETER) Testbed for network defense: Anthony Joseph (team leader), Shankar SastryThe Cyber Defense Technology Experimental Research (DETER) network testbed is a multi-institution project jointly funded by DHS, DARPA and NSF (http://deter.cs.berkeley.edu/). The objective is to study security issues pertaining to Internet infrastructure and develop feasible and provably effective defense mechanisms in a realistic and safe (quarantined) testbed environment. DETER will provide the necessary infrastructure - clients, servers, network emulators, tools, experimental methodologies and supporting process - to support national-scale experimentation on emerging security research and advanced development technologies. The testbed will facilitate scientific experimentation and validation against established baselines of attack behavior and allow experimental approaches that involve breaking the network infrastructure, while safely containing the results of hazardous experiments. The DETER network will promote and catalyze expanded research and commercialization efforts in this vital area. The DETER network testbed will be used for research into three types of cyber attacks: self-propagating malicious code (Worms), Distributed Denial of Service (DDoS), and attacks against routing hardware and inter-/intra-autonomous system routing protocols (e.g., attacks against BGP, IS-IS, and OSPF). When fully deployed, the DETER testbed will consist of approximately 300 machines divided into three locations in the United States (UC Berkeley, USC/ISI West, and ISI East), and interconnected via high-speed optical network links. The test bed will support TRUST's research in network security, secure distributed systems, secure architectures, defense against distributed denial of service, and infrastructure security.Secure Network Embedded Systems Testbed for secure sensor networks: David Culler (team leader), Stephen WickerUC Berkeley is currently designing and incrementally building a national test bed for secure networked embedded systems. The test bed will provide a real-life experimental platform for investigating security characteristics and security performance tradeoffs of existing and future wireless embedded systems and conventional SCADA systems, bringing important scientific questions to light, and allowing the center to serve as a focal point in evaluating experimental efforts. The testbed being deployed has hundreds of TinyOS wireless motes with an extensive back-channel instrumentation infrastructure. This will be augmented with smaller testbeds that include conventional SCADA systems controlling simulated or quarantined physical equipment. The relatively low cost of motes permits construction of additional testbeds of similar sort will be deployed at partner sites and connected through internet gateways. They will be designed so that subsets of the nodes can be utilized as launch points for attacks on the remainder of the physical infrastructure, in addition to attacks through gateway point. These testbeds will be progressively augmented with security enhancements to the operating system, network stack, network-wide system services, and the hardware itself. To make the testbed credible, we will work together with major infrastructure operators to define and build the test bed and operational scenarios. The test bed will enable experimentation with coordinated physical and cyber attack scenarios using simulators. The test bed will also be used as a technology transfer vehicle toward the power and telecommunication industry.PlanetLab Testbed for networking, Peer-to-Peer networking and distributed systems: David Culler (team leader), Ion StoicaPlanetLab provides a global network services testbed, currently consisting of 569 nodes at 270 sites, including the host sites, in 30 countries. Services are able to acquire a slice of virtual machines spanning any portion of this testbed and typically build an overlay network within such a slice. This provides a deep instrumentation vehicle for analyzing the internet itself, as well as the behavior of worms and viruses that operate within in. One such service is NetBait, which observes and tracks the occurrences of worm probes from hundreds of PlanetLab sites at numerous universities. This provides a means of acquiring traces of attacks and other traffic patterns for use in testing security and trust enhancements. It also provides a form of emulation, where simulated trust-enhancement measures can be fused with actual internet traffic on a global scale. Many of the enhanced security techniques will be tested on overlay networks within PlanetLab. In particular, an overlay will be built linking together the collection of embedded network testbeds. Several communications, internet service, and networking companies are already involved in PlanetLab, providing an additional avenue for technology transfer.Electric Power Grid Testbed for power infrastructure protection: Janos Sztipanovits (team leader), Stephen WickerOak Ridge National Laboratory will provide access for TRUST researchers to a large scale simulation test bed of the next generation Power Grid. The test bed is the result of an ongoing major effort at ORNL, funded by DOE and internal resources. The test bed is installed on ORNL supercomputer facility, which is one the largest supercomputer centers in the Nation. The emerging new U.S. Electric Power Grid requires an extensive, multi-layer communications infrastructure supporting tens of thousands of sensor nodes and fully distributed control architecture. The test bed will include a model verified against the TVA network or the Eastern Power Grid. The ongoing research effort at ORNL is producing high fidelity simulation for analyzing the effects of: (1) communications network disruptions during bad weather conditions; (2) peak load conditions on the grid control; and (3) new components and control approaches on the grid performance. In cooperation with ORNL personnel, TRUST researchers will extend the simulation platform with security related components and will evaluate the effects of different security strategies on grid operation. Previous: Systems Science
|