Report on the Workshop on GENI and Security or, What Happens When the GENI Leaves the Bottle? Matt Bishop Department of Computer Science University of.

Slides:



Advertisements
Similar presentations
Software Requirements
Advertisements

©2011 1www.id-book.com Evaluation studies: From controlled to natural settings Chapter 14.
Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.
Institute for Cyber Security
The 4 T’s of Test Automation:
Requirements Engineering Process
System Development MIS Chapter 6 Jack G. Zheng May 28 th 2008.
Service Oriented Architecture Reference Model
Towards Automating the Configuration of a Distributed Storage System Lauro B. Costa Matei Ripeanu {lauroc, NetSysLab University of British.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
SOA for EGovernment 1 Emergency Services Enterprise Framework: A Service-Oriented Approach Sukumar Dwarkanath COMCARE Michael Daconta Oberon Associates.
Policy development workshop Creating the policy. Objectives - Identify, document and discuss the key steps that typically need to be taken to develop.
The Managing Authority –Keystone of the Control System
Scoping the Framework Guidelines on Interoperability Rules for European Gas Transmission Geert Van Hauwermeiren Workshop, Ljubljana, 13 Sept 2011.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Making the System Operational
|epcc| NeSC Workshop Open Issues in Grid Scheduling Ali Anjomshoaa EPCC, University of Edinburgh Tuesday, 21 October 2003 Overview of a Grid Scheduling.
Project Appraisal Module 5 Session 6.
Gaining Senior Leadership Support for Continuity of Operations
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Configuration management
EMS Checklist (ISO model)
Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.
1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.
IdM Governance in Higher Education
Fact-finding Techniques Transparencies
The Roles of a Sports Coach
Information Technology Project Management – Third Edition
The importance of the service catalogue to the service desk
ABC Technology Project
Checking & Corrective Action
Determining the Significant Aspects
Leadership ®. T EAM STEPPS 05.2 Mod Page 2 Leadership ® 2 Objectives Describe different types of team leaders Describe roles and responsibilities.
Software Requirements
IS-700.A: National Incident Management System, An Introduction
How to commence the IT Modernization Process?
Core Curriculum for Clinical Coaching Intro - VNIP Model
Lecture 5: Requirements Engineering
Global Analysis and Distributed Systems Software Architecture Lecture # 5-6.
Addition 1’s to 20.
25 seconds left…...
Copyright 2001 Advanced Strategies, Inc. 1 Data Bridging An Overview Prepared for DIGIT By Advanced Strategies, Inc.
Visual 3.1 Delegation of Authority & Management by Objectives Unit 3: Delegation of Authority & Management by Objectives.
Week 1.
Care and support planning Care Act Outline of content  Introduction Introduction  Production of the plan Production of the plan  Planning for.
We will resume in: 25 Minutes.
Module 12 WSP quality assurance tool 1. Module 12 WSP quality assurance tool Session structure Introduction About the tool Using the tool Supporting materials.
Database Administration
Introduction to Ad-hoc & Sensor Networks Security In The Name of God ISC Student Branch in KNTU 4 th Workshop Ad-hoc & Sensor Networks.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.
16/02/06Internet based monitoring and control of embedded systems 1 EES.5413 February 16, 2005 Remi Bosman System Architecture & Networking Department.
NIMS Resource Management IS-700.A – January 2009 Visual 5.1 NIMS Command and Management Unit 5.
Registry system data exchange General design requirements Pre-sessional Consultations on Registries 19 October 2002 New Delhi, India UNFCCC secretariat.
1 Accountability and Management of Military Equipment January 26, 2007 Webcast Interview With Mr. Richard K. Sylvester Deputy Director, Acquisition Resources.
Chapter 14 Fraud Risk Assessment.
MIS (Management Information System)
Sponsored by the National Science Foundation The Hive Mind: Applying a Security Sensor Network to GENI Spiral 2 Year-end Project Review University of California,
IS-0700.A: National Incident Management System, An Introduction
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Chapter 2 The process Process, Methods, and Tools
What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Attribution for GENI Jeffrey Hunker, JHA LLC Matt Bishop, UC Davis Carrie Gates, CA Labs.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
Software Project Configuration Management
Presentation transcript:

Report on the Workshop on GENI and Security or, What Happens When the GENI Leaves the Bottle? Matt Bishop Department of Computer Science University of California at Davis Davis, CA Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Problem Statement Matt Bishop April 1, 2009 GEC 4 Engineering Conference Report on the Workshop on GENI and Security 2

Workshop Particulars Held on January 22–23, 2009 at UC Davis – 56 attendees Sponsors – National Science Foundation – GENI Project Office Co-chairs – Matt Bishop, UC Davis – Chip Elliott, GENI Project Office Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Goals To engage the security community in GENIs design and prototyping, to ensure that security issues are properly considered Specific questions: – What classes of experiments should GENI support? What capabilities will GENI require to do this? – How can GENI itself be secured and protected from attack? How can networks and CPS mechanisms connected to GENI be protected from attacks originating on GENI, or from malfunctioning GENI experiments? Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

The Shortest Version GENI must foster a culture of scientific experimentation from the very beginning Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

The Shorter Version 1.GENI must provide capabilities to enable a science of security that involves the experimental validation of security-related hypotheses that could not be validated in current testbed settings. 2.The construction of formal security experiments with hypotheses, controls, and well-articulated measurements will require substantial care and review to assure reproducibility and scientific and statistical validity. Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

The Shorter Version 3.GENI must provide the capabilities to enable experimenters to capture all the data needed to enable others to reproduce the experiment. 4.The deployment of GENI will require the development of mechanisms to reconcile conflicting requirements, constraints, and customs in different parts of the network. Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

The Shorter Version 5.The operation of GENI will require careful planning to enable communication among the federated organizations to handle (security and other) problems. The GENI infrastructure should support security testing, to ensure that security breaches can be handled quickly and effectively. Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

The Short Version See the Executive Summary Highlights follow Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Resource Management Who has the right to use resources? – Identification, credentialing, delegation Implies cross-federation agreements, mechanisms – This includes accountability How are slices managed? – In particular, how do you prevent an experiment in one slice from interfering with experiments in other slices? Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Recording Events Speaks to reproducibility for validation Record events at various layers of abstraction – tcpdump, etc. not enough as new protocols may not use IP – Privacy issues abound Requires replication of environment – Also need to be able to restore this to replicate experiment Anyone must be able to do this, not just experimenter Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Privacy Definition of this varies among jurisdictions (countries, states) and organizations – Impacts what can be recorded Gathering data for experiments – Record data elsewhere, anonymize it, develop framework for seeding it with attacks – Encourage ordinary users to use GENI Key question: – Under what conditions can we decide whether an experiment is doing something that violates the rules of usage without compromising the privacy of the experiment? Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Architecture and Infrastructure Human and policy aspects critical here! What is security? – Automated mechanisms problematic What security support services must federated networks provide? – Not understood because of boundaries How will disputes be arbitrated? Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Architecture and Infrastructure Infrastructure should supply timely answers, take action promptly – Requires someone be available at all time How exactly does the federation work? – Who decides who is allowed to use the federations resources, and establishes priority? – Centralized vs. distributed mechanisms Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Stakeholders These set requirements for security services – Those who provide the resources – Those who provide the data – Those who will use the resources – Others? Use a clearinghouse to track who has what resources, and under what conditions other may use them Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

User Requirements Who owns the experiments? – Think Intellectual Property here... Ease of use – Volunteers cannot have to spend lots of time, effort, resources to do their tasks – If management difficult, configuration and other errors may disrupt experiments or compromise results Principle of psychological acceptability Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Experiments Must provide capabilities to enable science of security – Experimental validation of security-related hypotheses that cannot be validated in current testbed settings – Can also be used as a teaching tool for how to carry out scientific experimentation in computer science, especially computer security Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Experiments GENI should provide set of detailed examples of experiments – Culture of sharing is critical Methodology must address features in GENI – Validation of experiments – Validation of data used in experiments – How GENI itself affects experimental results due to its unique features Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Experiments Example experiments on GENI – Validation of models of DDoS attacks and defenses on large scale – Development of new models, architectures to inhibit botnets Other types – Evaluate security of solutions deployed on large-scale distributed network – Test high cost but low probability events – Run exercises like CyberStorm to prepare plans, procedures for large scale attacks Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

GENI Itself Cannot prevent attacks on GENI – So, how do we minimize their effects? Legal liability – This is trans-border, remember Possible approach: use penetration teams to compromise GENI – This tests ability of GENI administrators, federated network administrators, to respond and recover Have social scientists study GENI, work on it? Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Conclusion Security is a key part of GENI – As a topic for experiments – As a topic for protecting other experiments GENI has unique features making security considerations unique (for now) – Scale – Interconnection with outside world – Policy and procedural issues Matt Bishop April 1, GEC 4 Engineering Conference Report on the Workshop on GENI and Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.