Sponsored by the National Science Foundation ExptsSecurityAnalysis Spiral 2 Year-end Project Review University of Alabama PI: Xiaoyan Hong, Fei Hu, Yang Xiao Students: Jingcheng Gao, Dawei Li, Sneha Rao, Fnu Shalini, Dong Zhang August 27, 2010 Project Graphic and/or Photo Clust er C Emulab at Utah ProtoGENI GENI Clus ter B Clus ter A Clus ter D Other Emulabs Security Cluster C Cluster E Cluster D Cluster B

Sponsored by the National Science Foundation 2 Project Summary 1783: GENI Experiments for Traffic Capture Capabilities and Security Requirement Analysis Goal: –help define GENI security requirements based on investigations through ProtoGENI experiments Approach: –Select functions of ProtoGENI control framework –Experiments on aggregates (EMULAB first) Experiment design, run, identify/exploit/validate potential vulnerabilities Deliver experiment design documents, experiment reports Experiments are in three directions –Authentication, experiment run-time interaction, aggregate components and management August 27, 2010

Sponsored by the National Science Foundation 3 Milestone & QSR Status IDMilestoneStatus On Time? On Wiki? GPO signoff? ExptsS ec: S2.a Design experiment to evaluate the security of select functions in the ProtoGENI control framework. Experiment will use the Emulab aggregate. The experiment design will be documented and sent to the ProtoGENI PI for review. Milestone achieved. The document of experiment design is delivered: “Description of planned security experiments”. EarlyYes ExptsS ec: S2.b Run experiment designed in Milestone 1 on ProtoGENI/Emulab. Identify potential security vulnerabilities. Develop revised experimentation plans to validate/exploit potential vulnerabilities. Interact with the ProtoGENI PI to get feedback on the potential vulnerabilities and the experiment plans. Deliver software/scripts/documentation needed to repeat experiment Milestone achieved. Delivered: “Revised description of planned security experiments”, and “Report of the initial experiments and findings”. The report was presented at GEC7. On time Yes ExptsS ec: S2.c Run experiments designed in Milestone 2 to validate/exploit vulnerabilities in ProtoGENI/ Emulab. Suggest improvements to ProtoGENI/ EMULab security and experimenter support tools. Deliver software/ scripts/ documentation needed to repeat experiment. Milestone achieved. Delivered: “Report on experimentation exploiting vulnerabilities and validating vulnerability hypotheses”. Part of the results were presented at GEC8. On time Yes ExptsS ec: S2.d Design experiment to extend the scope of the security assessment of ProtoGENI. Add at least one more aggregate to scope of experiment (preferably a wireless aggregate such as the CMU wireless emulator). The experiment design will be documented and sent to the ProtoGENI and CMU Wireless projects for review. Due 09/28/10 QSR: 4Q2009Posted to wiki On time Yes QSR: 1Q2010Posted to wiki On time Yes QSR: 2Q2010Posted to wiki On time yes Yes August 27, 2010

Sponsored by the National Science Foundation 4 Accomplishments 1: Advancing GENI Spiral 2 Goals We identified three major directions in ProtoGENI functions for experiments. They are authentication, experiment run-time interaction, aggregate components and management. Findings and suggestions are summarized in the table. August 27, 2010 FindingsSuggestions Account certificate and credentials at local machines are subject to be stolen if compromised. With those, register slices and create slivers are possible. strictly check user's access behaviors. Security parameters used in the run-time are subject to be stolen if local machine is compromised. With those, experiment nodes can be accessed. Audit experiment traffic pattern. Ports scan be scanned from inside and outside of slices. Most ports are closed. Add anti-scan function. Identity and credential for flash interface are subject to the compromise of the local machine. Additional user identity check before one can create a slice using the interface. ProtoGENI (residual) resources are subject to DoS attack. Tools can help attacker be more efficient and harder to detect. Audit each slice’s creation and destroy operations. Good traffic analysis tools. (continue on next page. Notes: the findings are based on the recent release of CM and test scripts. July 10, 2010)

Sponsored by the National Science Foundation 5 Accomplishments 2: Other Project Accomplishments Findings and suggestions continue: In all, the real attacking experiments may help GENI developers to design and develop more secure systems; August 27, 2010 FindingsSuggestions Slice isolation of bandwidth.Performance is satisfactory under stress test Delays between vnodes show large variance in RTTs. Further ProtoGENI debug needed Slices using shared vnodes could cross communicate under a particular condition. Further ProtoGENI debug needed

Sponsored by the National Science Foundation 6 Issues We have tried to install ProtoGENI reference CM. Due to the need for static IP and host name DNS entry in the installation procedure, the system administrator expressed great concern (reluctant) on whether the CM code is safe or not. Concerns on what some attack experiments may interference other experiments. Since ProtoGENI is still an ongoing project, system bugs happen from time to time which has a severe impact on our progress as most of our efforts are based on the experiments. Because of this, some findings at last turn out to be system flaws. Other times the changes of the system will affect our project plans, we will have to change our plan and experiments design according to the new functions or changes. There are OS images and pc type which reported to be pretty old and perform inconsistent. An update on these obsolete or inconsistent resources may help in saving time and confusion, especially for novice learners. More details about PC type and all resources at Emulab and their specific utilization, if any, can help novice experimenters to select and to utilize resources accordingly. August 27, 2010

Sponsored by the National Science Foundation 7 Plans Plans for the remainder of Spiral 2? –Perform the work described in Milestone #4 –Deliver the design document The GPO is starting to formulate goals for Spiral 3. What are your thoughts regarding potential Spiral 3 work? –Perform the experiments according to the design document of S2.d -- investigate the vulnerability of wireless aggregate. –Investigate issues across multiple aggregates –Following the Spiral II ProtoGENI development results in experiments, possible repeating and extending. August 27, 2010