Transcript Griffin_Retreat_June..

Griffin Final Report
DETER Testbed Update
Anthony D. Joseph
UC Berkeley
http://deter.cs.berkeley.edu/
Sahara Retreat, June 2004
Outline

Griffin
–
–
–

DETER Update
–
–
–
2
Motivation
Goals and Components
Retreat talks
Motivation and goals
Testbed status
Applications: virus filtering, worm propagation
Near-Continuous, Highly-Variable
Internet Connectivity

Connectivity everywhere: campus, in-building, satellite…
–

Most applications support limited variability (1% to 2x)
–
–

–
–
–
–

Design environment for legacy apps is static desktop LAN
Strong abstraction boundaries (APIs) hide the # of RPCs
But, today’s apps see a wider range of variability
–
3
Projects: Sahara (01-04), Iceberg (98-01), Rover (95-97)
35 orders of magnitude of bandwidth from 10's Kb/s 1 Gb/s
46 orders of magnitude of latency from 1 sec 1,000's ms
59 orders of magnitude of loss rates from 10-3  10-12 BER
Neither best-effort or unbounded retransmission may be ideal
Also, overloaded servers / limited resources on mobile devices
Result: Poor/variable performance from legacy apps
Griffin Goals and an Adpative,
Predictive Approach

Users always see excellent ( local, lightly loaded) application
behavior and performance
–
–
–

Help legacy and new applications handle changing conditions
–
–
–

Analyze, classify, and predict behavior
Pre-stage dynamic/static code/data (activate on demand)
SUCCESS: REAP/MINO/COMPASS --- Dynamic code/data
placement with automatic service location
Overlay more powerful network model on top of IP
–
4
Agility: key metric is time to predict, react, and adapt
Apply continuous, cross-layer, multi-timescale introspection
SUCCESS: Tapas -- Building accurate models of correlated events
–
Avoid standardization delays/inertia, enables dynamic svc placement
PARTIAL: Tapestry/Brocade --- Interoperation with IP routing policies
Some Enabling Infrastructure
Components We’ve Built

Tapas network characteristics toolkit [Konrad: Mills prof.]
–
–
–

REAP application building toolkit [Czerwinski: Google]
–
–
–

Introspective mobile code/data support for legacy / new apps
REAP dynamic service component placement
MINO E-mail application, COMPASS service instance locator
Tapestry, Brocade, and Mobile Tapestry
[Hildrum: IBM, Zhao: UCSB prof.]
–
5
Measuring/modeling/emulating/predicting delay, loss, …
Provides micro-scale network weather information
Mechanism for monitoring/predicting available QoS
–
Overlay routing layer providing efficient application-level object
location and routing
Mobility support, fault-tolerance, varying delivery semantics
Related Talks at Retreat

Kris Hildrum: Locality in Tapestry
–

Sean Rhea: OpenHash
–

Tuesday morning in Overlay Networking parallel
session
Ling Huang: Probabilistic data aggregation
–
6
Highlight talk today
Tuesday evening in Overlay Networking parallel
session
Outline

Griffin
–
–
–

DETER Update
–
–
–
7
Motivation
Goals and Components
Retreat talks
Motivation and goals
Testbed status
Applications: virus filtering, worm propagation
8
cyber DEfense Technology
Experimental Research (DETER)

NSF and DHS sponsored cyber-defense research project
–

DETER Goals:
1.
2.
3.


Design and construction of a testbed for network security
experiments,
Research on experimental methodology for network security, and
Research on network security.
DETER: focus on 1), but it needs to do some of 2) and 3)
Goal: Duplicate observed attack effects in the testbed
–
9
Lead PIs: UCB, USC-ISI, McAfee
E.g., self-congestion for worms
Background

People:
–

3 experiment areas in related EMIST project
–

10
Worms, routing attacks, DDoS attacks
Just completed major demo last week in DC
–

Anthony Joseph, Ruzena Bajcsy, Shankar Sastry,
David Culler, Doug Tygar, David Wagner, Eric Fraser
(staff), Yih-Chun Hu (postdoc)
50 tech govn’t (NSF, NIST, DARPA, NSA, DHS)
Experimenters Workshop (11/8 or 11/15 week)
DETER+EMIST Motivation


New, increasingly virulent Worms and Viruses
MyDoom/Novarg e-mail virus/worm
–
–
–

Distributed Denial of Service (DDoS) attacks
–


“Large scale, international attack on [Akamai] infrastructure"
Potential: routing hardware & software attacks
Issues:
–
–
–
11
40 reports/hr in first hour, quarantined 8 million in first 24 hours
Spreads via E-mail, jumps firewalls thru Peer-to-Peer networks
Blocks access to anti-virus and MS update sites
Inadequate wide scale deployment of security technologies
Lack of experimental infrastructure: limited-scale private labs
Missing objective test data, traffic and metrics
DETER+EMIST Vision
12

... to provide the scientific knowledge required
to enable the development of solutions to cyber
security problems of national importance

Through the creation of an experimental
infrastructure network -- networks, tools,
methodologies, and supporting processes -- to support
national-scale experimentation on research and
advanced development of security technologies.

“Real systems, Real attacks, Real world!”
Architecture and Design:
Cluster Testbed

Basic choice: cluster vs. distributed testbed
–

Example: Emulab vs. Planetlab design.
Two major reasons to choose clusters for
DETER:
1.
Security & containment …
would be impossible in a distributed testbed.
2.
Need complete control over experimental
conditions
for repeatability
13
DETER Experimental Network
Clusters of N identical experimental nodes,
interconnected dynamically into
arbitrary topologies using VLAN switch
Pool of N identical processors
PC
PC
PC
160
N x 4 @1000bT
Data ports
Programmable Patch Panel (VLAN switch)
14
Switch Control
Interface
Example Topology Created using
DETER (as11537-5s-2t)
15
The Fidelity Issue

Would ideally like:
–
–

But:
–
–
–
16
Large and realistic topologies
Diverse, realistic nodes and links
Fidelity is expensive
Large-scale fidelity may be unnecessary for (maybe
even contrary to) good science.
Plan to add limited heterogeneity and realism – e.g.,
a few vendor routers, network processors
Early-stage Local Research Efforts

APE: SLT-based virus detection and containment
–
–

Worm propagation effects on realistic topologies
–
–
17
Uses unsupervised learning to classify outgoing e-mail
based on features (# of recipients, attachments, etc.)
Built prototype, now exploring different models
Using Parallel and Distributed NS to emulate up to
15,000 nodes with realistic latencies and bandwidths
Significantly different propagation patterns from
analytical models due to congestion effects
Wide-Area Testbed Architecture
Cyber Defense Experiments run on Virtual Internet
Network Traces
32 PCs, but
more powerful
HW & firewalls
UC Berkeley
July 04
72 PCs April 04
Based on Utah’s
Emulab SW
Internet
ISI-East
18
USC-ISI
UCB DETER Testbed
Internet
Data VPN
Server
Cutoff Point
Control VPN
Server
Firewall
Cache Boss Server
Switch
Control
Interface
Foundry FastIron 1500
16 x 10 1000bT ports
Serial Line &
Power Server
…
32 @ 1000bT
Control ports
32 x 4 @1000bT
Data ports
SUN
19
SUN
SUN
APC Power
160
Controllers
Collaboration Opportunities


http://www.isi.deterlab.net/index.php3
Research opportunities
–
Measuring application behavior under attack

–
Strategies for mitigating attacks

–
20
Worm defenses, DDoS traceback and block, hardening
routing protocols
Operations and management


Web servers, file servers, etc.
Substantial knowledgebase from commercial operations
Hardware donations
–
Network nodes, Firewall machines, L2/L3 routers, etc
Overlay Networking Parallel
Sessions Schedule

0830-1000 Peer-to-Peer and Routing (Ion)
–
–
–
–

1930-2100 Applications in Wide Area Networks (Anthony)
–
–
–
21
Sean Rhea: OpenHash
Jayanth Kanan: Supporting Legacy applications in i3
Brighten Godfrey: A Heterogeneity-Aware Distributed Hash Table
Rodrigo Fonseca: Beacon Vector Routing
Ling Huang: Probabilistic Aggregation in Distributed Networks
David Oppenheimer: Resource Discovery in Distributed Systems
Dennis Geels: Deterministic Replay for Debugging Overlay
Networks
Griffin Final Report
DETER Testbed Update
Anthony D. Joseph
UC Berkeley
http://deter.cs.berkeley.edu/
Sahara Retreat, June 2004