Griffin Final ReportDETER Testbed Update

Anthony D. JosephUC Berkeleyhttp://deter.cs.berkeley.edu/Sahara Retreat, June 2004

2

Outline

Griffin– Motivation– Goals and Components– Retreat talks

DETER Update– Motivation and goals– Testbed status– Applications: virus filtering, worm propagation

3

Near-Continuous, Highly-Variable Internet Connectivity

Connectivity everywhere: campus, in-building, satellite…– Projects: Sahara (01-04), Iceberg (98-01), Rover (95-97)

Most applications support limited variability (1% to 2x)– Design environment for legacy apps is static desktop LAN– Strong abstraction boundaries (APIs) hide the # of RPCs

But, today’s apps see a wider range of variability– 35 orders of magnitude of bandwidth from 10's Kb/s 1 Gb/s– 46 orders of magnitude of latency from 1 sec 1,000's ms– 59 orders of magnitude of loss rates from 10-3 10-12 BER– Neither best-effort or unbounded retransmission may be ideal– Also, overloaded servers / limited resources on mobile devices

Result: Poor/variable performance from legacy apps

4

Griffin Goals and an Adpative, Predictive Approach

Users always see excellent ( local, lightly loaded) application behavior and performance

– Agility: key metric is time to predict, react, and adapt– Apply continuous, cross-layer, multi-timescale introspection– SUCCESS: Tapas -- Building accurate models of correlated events

Help legacy and new applications handle changing conditions– Analyze, classify, and predict behavior– Pre-stage dynamic/static code/data (activate on demand)– SUCCESS: REAP/MINO/COMPASS --- Dynamic code/data placement with

automatic service location Overlay more powerful network model on top of IP

– Avoid standardization delays/inertia, enables dynamic svc placement– PARTIAL: Tapestry/Brocade --- Interoperation with IP routing policies

5

Some Enabling Infrastructure Components We’ve Built

Tapas network characteristics toolkit [Konrad: Mills prof.]– Measuring/modeling/emulating/predicting delay, loss, …– Provides micro-scale network weather information– Mechanism for monitoring/predicting available QoS

REAP application building toolkit [Czerwinski: Google]– Introspective mobile code/data support for legacy / new apps– REAP dynamic service component placement – MINO E-mail application, COMPASS service instance locator

Tapestry, Brocade, and Mobile Tapestry [Hildrum: IBM, Zhao: UCSB prof.]

– Overlay routing layer providing efficient application-level object location and routing

– Mobility support, fault-tolerance, varying delivery semantics

6

Related Talks at Retreat

Kris Hildrum: Locality in Tapestry– Highlight talk today

Sean Rhea: OpenHash– Tuesday morning in Overlay Networking parallel session

Ling Huang: Probabilistic data aggregation– Tuesday evening in Overlay Networking parallel session

7

Outline

Griffin– Motivation– Goals and Components– Retreat talks

DETER Update– Motivation and goals– Testbed status– Applications: virus filtering, worm propagation

8

9

cyber DEfense Technology Experimental Research (DETER)

NSF and DHS sponsored cyber-defense research project– Lead PIs: UCB, USC-ISI, McAfee

DETER Goals:1. Design and construction of a testbed for network security

experiments,2. Research on experimental methodology for network security, and3. Research on network security.

DETER: focus on 1), but it needs to do some of 2) and 3) Goal: Duplicate observed attack effects in the testbed

– E.g., self-congestion for worms

10

Background

People: – Anthony Joseph, Ruzena Bajcsy, Shankar Sastry,

David Culler, Doug Tygar, David Wagner, Eric Fraser (staff), Yih-Chun Hu (postdoc)

3 experiment areas in related EMIST project– Worms, routing attacks, DDoS attacks

Just completed major demo last week in DC– 50 tech govn’t (NSF, NIST, DARPA, NSA, DHS)

Experimenters Workshop (11/8 or 11/15 week)

11

DETER+EMIST Motivation

New, increasingly virulent Worms and Viruses MyDoom/Novarg e-mail virus/worm

– 40 reports/hr in first hour, quarantined 8 million in first 24 hours– Spreads via E-mail, jumps firewalls thru Peer-to-Peer networks– Blocks access to anti-virus and MS update sites

Distributed Denial of Service (DDoS) attacks– “Large scale, international attack on [Akamai] infrastructure"

Potential: routing hardware & software attacks Issues:

– Inadequate wide scale deployment of security technologies– Lack of experimental infrastructure: limited-scale private labs– Missing objective test data, traffic and metrics

12

DETER+EMIST Vision

... to provide the scientific knowledge required to enable the development of solutions to cyber security problems of national importance

Through the creation of an experimental infrastructure network -- networks, tools, methodologies, and supporting processes -- to support national-scale experimentation on research and advanced development of security technologies.

“Real systems, Real attacks, Real world!”

13

Architecture and Design: Cluster Testbed

Basic choice: cluster vs. distributed testbed– Example: Emulab vs. Planetlab design.

Two major reasons to choose clusters for DETER:

1. Security & containment …would be impossible in a distributed testbed.

2. Need complete control over experimental conditions for repeatability

14

DETER Experimental Network

PC 160

N x 4 @1000bTData ports

PC PC

Programmable Patch Panel (VLAN switch)

Switch Control Interface

Clusters of N identical experimental nodes,

interconnected dynamically into

arbitrary topologies using VLAN switch

Pool of N identical processors

15

Example Topology Created using DETER (as11537-5s-2t)

16

The Fidelity Issue

Would ideally like:– Large and realistic topologies– Diverse, realistic nodes and links

But: – Fidelity is expensive– Large-scale fidelity may be unnecessary for (maybe

even contrary to) good science.– Plan to add limited heterogeneity and realism – e.g., a

few vendor routers, network processors

17

Early-stage Local Research Efforts

APE: SLT-based virus detection and containment– Uses unsupervised learning to classify outgoing e-mail

based on features (# of recipients, attachments, etc.)– Built prototype, now exploring different models

Worm propagation effects on realistic topologies– Using Parallel and Distributed NS to emulate up to

15,000 nodes with realistic latencies and bandwidths– Significantly different propagation patterns from

analytical models due to congestion effects

18

UC Berkeley

USC-ISI

ISI-East

InternetInternet

Cyber Defense Experiments run on Virtual Internet Network Traces

Wide-Area Testbed Architecture

72 PCs April 04Based on Utah’s Emulab SW

32 PCs, but more powerful HW & firewalls

July 04

19

Foundry FastIron 1500 16 x 10 1000bT ports

SUN

Internet

160APC PowerControllers

32 x 4 @1000bTData ports

32 @ 1000bTControl ports

Firewall

SUN SUN

…Serial Line &Power Server

Cache Boss Server

Control VPNServer

Switch ControlInterface

Data VPNServer

Cutoff Point

UCB DETER Testbed

20

Collaboration Opportunities

http://www.isi.deterlab.net/index.php3 Research opportunities

– Measuring application behavior under attack Web servers, file servers, etc.

– Strategies for mitigating attacks Worm defenses, DDoS traceback and block, hardening

routing protocols

– Operations and management Substantial knowledgebase from commercial operations

Hardware donations– Network nodes, Firewall machines, L2/L3 routers, etc

21

Overlay Networking Parallel Sessions Schedule

0830-1000 Peer-to-Peer and Routing (Ion) – Sean Rhea: OpenHash – Jayanth Kanan: Supporting Legacy applications in i3 – Brighten Godfrey: A Heterogeneity-Aware Distributed Hash Table – Rodrigo Fonseca: Beacon Vector Routing

1930-2100 Applications in Wide Area Networks (Anthony) – Ling Huang: Probabilistic Aggregation in Distributed Networks – David Oppenheimer: Resource Discovery in Distributed Systems – Dennis Geels: Deterministic Replay for Debugging Overlay

Networks

Griffin Final ReportDETER Testbed Update

Anthony D. JosephUC Berkeleyhttp://deter.cs.berkeley.edu/Sahara Retreat, June 2004