Computers and Networks for Cybersecurity Experiments and Education

Abstract

In support of our ongoing research projects, UC Davis proposes to create a network testbed instrument with components drawn from a variety of commercial off-the-shelf (COTS) systems and a high assurance, high security system. This testbed instrument would be reconfigurable to support many different architectures. The initial configuration would be composed of two subnets connected by a gateway. Both subnets will have PC-based components and a Macintosh-based component. One will have a GEMSOS high assurance, high security system as a component. The other will have a second computer that can serve as a gateway between the testbed and the Internet. The testbed instrument is intended to be isolated from the Internet much of the time, but it will have components that can provide connectivity to download data or executables from the Internet, upload data, software, and experimental results to hosts on the Internet for further analysis, and to provide remote access to our Indiana University collaborators and their students. This will provide a complete instrument to test and evaluate the effects of attacks, and the effectiveness of security mechanisms developed to mitigate or counter these attacks. These include disruptions and attacks intended to compromise the success of a mission, evaluate deceptive techniques and countermeasures, evaluate the effects of poisoned training and testing data on mechanisms based on machine learning and the effectiveness of the countermeasures, and examine resilience on systems with a variety of levels of assurance. This testbed instrument will enable us to test security mechanisms, to extend our understanding of the effects of attacks and how to ameliorate the damage or compensate for the attacks or counter them. Among the open questions are the metrics to be used to evaluate the effectiveness of the attacks and the security mechanisms; how the level of assurance of the attacked system components and networks affects the evaluation, including the effects and metrics to be used; under what conditions compromises can be confined; how to best provide resilience for integrity and availability in a dynamic environment; and how to instrument systems and networks to carry out these evaluations. The testbed instruments will be reconfigurable, so researchers can carry out their analyses with different network configurations and different components on the network. Additional components will enable researchers to develop software needed for experiments, as well as transition experiments to large-scale cyber ranges such as CyberVan. Our testbed instrument will support more interactive experiments than are currently possible with CyberVan which has extensive capability for larger and more turnkey experiments. Additional components will enable researchers active on Department of Defense projects to have upgrade connectivity capability to CyberVan. As all PC-based components have exactly the same hardware configuration, all can be used in the testbed as well as remote components to develop software and experiments when the testbed is disconnected from the Internet.

Document Details

Document Type

DoD Grant Award

Publication Date

Apr 08, 2019

Source ID

W911NF1910177

Entities

Tags