griffin final report deter testbed update anthony d. joseph uc berkeley sahara retreat, june 2004
TRANSCRIPT
Griffin Final ReportDETER Testbed Update
Anthony D. JosephUC Berkeleyhttp://deter.cs.berkeley.edu/Sahara Retreat, June 2004
2
Outline
Griffin– Motivation– Goals and Components– Retreat talks
DETER Update– Motivation and goals– Testbed status– Applications: virus filtering, worm propagation
3
Near-Continuous, Highly-Variable Internet Connectivity
Connectivity everywhere: campus, in-building, satellite…– Projects: Sahara (01-04), Iceberg (98-01), Rover (95-97)
Most applications support limited variability (1% to 2x)– Design environment for legacy apps is static desktop LAN– Strong abstraction boundaries (APIs) hide the # of RPCs
But, today’s apps see a wider range of variability– 35 orders of magnitude of bandwidth from 10's Kb/s 1 Gb/s– 46 orders of magnitude of latency from 1 sec 1,000's ms– 59 orders of magnitude of loss rates from 10-3 10-12 BER– Neither best-effort or unbounded retransmission may be ideal– Also, overloaded servers / limited resources on mobile devices
Result: Poor/variable performance from legacy apps
4
Griffin Goals and an Adpative, Predictive Approach
Users always see excellent ( local, lightly loaded) application behavior and performance
– Agility: key metric is time to predict, react, and adapt– Apply continuous, cross-layer, multi-timescale introspection– SUCCESS: Tapas -- Building accurate models of correlated events
Help legacy and new applications handle changing conditions– Analyze, classify, and predict behavior– Pre-stage dynamic/static code/data (activate on demand)– SUCCESS: REAP/MINO/COMPASS --- Dynamic code/data placement with
automatic service location Overlay more powerful network model on top of IP
– Avoid standardization delays/inertia, enables dynamic svc placement– PARTIAL: Tapestry/Brocade --- Interoperation with IP routing policies
5
Some Enabling Infrastructure Components We’ve Built
Tapas network characteristics toolkit [Konrad: Mills prof.]– Measuring/modeling/emulating/predicting delay, loss, …– Provides micro-scale network weather information– Mechanism for monitoring/predicting available QoS
REAP application building toolkit [Czerwinski: Google]– Introspective mobile code/data support for legacy / new apps– REAP dynamic service component placement – MINO E-mail application, COMPASS service instance locator
Tapestry, Brocade, and Mobile Tapestry [Hildrum: IBM, Zhao: UCSB prof.]
– Overlay routing layer providing efficient application-level object location and routing
– Mobility support, fault-tolerance, varying delivery semantics
6
Related Talks at Retreat
Kris Hildrum: Locality in Tapestry– Highlight talk today
Sean Rhea: OpenHash– Tuesday morning in Overlay Networking parallel session
Ling Huang: Probabilistic data aggregation– Tuesday evening in Overlay Networking parallel session
7
Outline
Griffin– Motivation– Goals and Components– Retreat talks
DETER Update– Motivation and goals– Testbed status– Applications: virus filtering, worm propagation
8
9
cyber DEfense Technology Experimental Research (DETER)
NSF and DHS sponsored cyber-defense research project– Lead PIs: UCB, USC-ISI, McAfee
DETER Goals:1. Design and construction of a testbed for network security
experiments,2. Research on experimental methodology for network security, and3. Research on network security.
DETER: focus on 1), but it needs to do some of 2) and 3) Goal: Duplicate observed attack effects in the testbed
– E.g., self-congestion for worms
10
Background
People: – Anthony Joseph, Ruzena Bajcsy, Shankar Sastry,
David Culler, Doug Tygar, David Wagner, Eric Fraser (staff), Yih-Chun Hu (postdoc)
3 experiment areas in related EMIST project– Worms, routing attacks, DDoS attacks
Just completed major demo last week in DC– 50 tech govn’t (NSF, NIST, DARPA, NSA, DHS)
Experimenters Workshop (11/8 or 11/15 week)
11
DETER+EMIST Motivation
New, increasingly virulent Worms and Viruses MyDoom/Novarg e-mail virus/worm
– 40 reports/hr in first hour, quarantined 8 million in first 24 hours– Spreads via E-mail, jumps firewalls thru Peer-to-Peer networks– Blocks access to anti-virus and MS update sites
Distributed Denial of Service (DDoS) attacks– “Large scale, international attack on [Akamai] infrastructure"
Potential: routing hardware & software attacks Issues:
– Inadequate wide scale deployment of security technologies– Lack of experimental infrastructure: limited-scale private labs– Missing objective test data, traffic and metrics
12
DETER+EMIST Vision
... to provide the scientific knowledge required to enable the development of solutions to cyber security problems of national importance
Through the creation of an experimental infrastructure network -- networks, tools, methodologies, and supporting processes -- to support national-scale experimentation on research and advanced development of security technologies.
“Real systems, Real attacks, Real world!”
13
Architecture and Design: Cluster Testbed
Basic choice: cluster vs. distributed testbed– Example: Emulab vs. Planetlab design.
Two major reasons to choose clusters for DETER:
1. Security & containment …would be impossible in a distributed testbed.
2. Need complete control over experimental conditions for repeatability
14
DETER Experimental Network
PC 160
N x 4 @1000bTData ports
PC PC
Programmable Patch Panel (VLAN switch)
Switch Control Interface
Clusters of N identical experimental nodes,
interconnected dynamically into
arbitrary topologies using VLAN switch
Pool of N identical processors
15
Example Topology Created using DETER (as11537-5s-2t)
16
The Fidelity Issue
Would ideally like:– Large and realistic topologies– Diverse, realistic nodes and links
But: – Fidelity is expensive– Large-scale fidelity may be unnecessary for (maybe
even contrary to) good science.– Plan to add limited heterogeneity and realism – e.g., a
few vendor routers, network processors
17
Early-stage Local Research Efforts
APE: SLT-based virus detection and containment– Uses unsupervised learning to classify outgoing e-mail
based on features (# of recipients, attachments, etc.)– Built prototype, now exploring different models
Worm propagation effects on realistic topologies– Using Parallel and Distributed NS to emulate up to
15,000 nodes with realistic latencies and bandwidths– Significantly different propagation patterns from
analytical models due to congestion effects
18
UC Berkeley
USC-ISI
ISI-East
InternetInternet
Cyber Defense Experiments run on Virtual Internet Network Traces
Wide-Area Testbed Architecture
72 PCs April 04Based on Utah’s Emulab SW
32 PCs, but more powerful HW & firewalls
July 04
19
Foundry FastIron 1500 16 x 10 1000bT ports
SUN
Internet
160APC PowerControllers
32 x 4 @1000bTData ports
32 @ 1000bTControl ports
Firewall
SUN SUN
…Serial Line &Power Server
Cache Boss Server
Control VPNServer
Switch ControlInterface
Data VPNServer
Cutoff Point
UCB DETER Testbed
20
Collaboration Opportunities
http://www.isi.deterlab.net/index.php3 Research opportunities
– Measuring application behavior under attack Web servers, file servers, etc.
– Strategies for mitigating attacks Worm defenses, DDoS traceback and block, hardening
routing protocols
– Operations and management Substantial knowledgebase from commercial operations
Hardware donations– Network nodes, Firewall machines, L2/L3 routers, etc
21
Overlay Networking Parallel Sessions Schedule
0830-1000 Peer-to-Peer and Routing (Ion) – Sean Rhea: OpenHash – Jayanth Kanan: Supporting Legacy applications in i3 – Brighten Godfrey: A Heterogeneity-Aware Distributed Hash Table – Rodrigo Fonseca: Beacon Vector Routing
1930-2100 Applications in Wide Area Networks (Anthony) – Ling Huang: Probabilistic Aggregation in Distributed Networks – David Oppenheimer: Resource Discovery in Distributed Systems – Dennis Geels: Deterministic Replay for Debugging Overlay
Networks
Griffin Final ReportDETER Testbed Update
Anthony D. JosephUC Berkeleyhttp://deter.cs.berkeley.edu/Sahara Retreat, June 2004