REDSTAR - RE-engineering Deterlab for Scalability robusTness And Reliability

Abstract

This proposal seeks to modernize the infrastructure of the public DeterLab testbed for cybersecurity experimentation. This modernization will be achieved by replacing our current, 15- year old switches with modern whitebox switches, and through the addition of 48 high-end computing nodes. These changes will making the testbed more robust and reliable, and will increase the sophistication of experiments users can perform. About DeterLab: DeterLab [1, 4, 5] is a 690-node, state-of-the-art scientific computing facility for researchers engaged in research, development, discovery, experimentation, and testing of innovative cybersecurity technology. DeterLab is a remotely accessible networking testbed, where users gain exclusive, root access to physical PCs, customize operating systems and applications on these PCs, and arrange them into custom topologies. It is hosted at the USC Information Sciences Institute and UC Berkeley. DeterLab was established in 2004 and has operated continuously since then, under the active sponsorship by the Department of Homeland Security, the National Science Foundation and DARPA. In its 15 years of existence, DeterLab has been used by 364 research projects, from 266 institutions and involving 958 researchers, from 202 locations and 51 countries. DeterLab has also been extensively used in education by 197 classes, from 129 institutions and involving 14,270 students. DeterLab and DoD: DeterLab already serves multiple users from DoD and related institutions, including ARL, Navy, US army and DARPA. Further, defense contractors such as BAE Systems, BBN Raytheon, and Boeing have made extensive use of DeterLab. In addition to these individual efforts, USC/ISI serves as lead or evaluation partner in the several DARPA-sponsored research programs: SAFER, EdgeCT, and XD3. All our work on these contracts is performed on the DeterLab testbed. The robustness and reliability of this testbed, as well as its ability to support large-scale, sophisticated experiments are essential for the success of the aforementioned DoDsponsored programs. The SAFER program was designed to enable anonymous communication in potentially hostile environments. DeterLab was used to evaluate these anonymity systems in representative networks using both adversarial and non-adversarial environment models. The goal of EdgeCT was to optimize network communications between enclaves in a red-black network where the black network may be unreliable. ISI was tasked with providing models of DoD networks and current or potential impairments of these networks. Further, scenarios were designed and evaluated upon to stress the EdgeCT systems within these operational environment analogs. The Extreme Distributed Denial of Service Defense (XD3) develops defenses against distributed denial-of-service attacks. Our team is currently evaluating XD3 defenses against known attacks as well as constructing novel, hypothetical attacks to determine the scope and capability of each teamÕs system. DeterLab will also being used for active development of our technologies if awarded under DARPAÕs SearchLight program. The goal of the SearchLight program is to identify applications based on their encrypted traffic. Requested equipment: Our proposed improvements to DeterLabÕs infrastructure consist of replacement of most of its archaic switches, which are 10-15 years old, with new, programmable, SDN-enabled switches. We also seek to add 48 compute nodes to our DeterLab cluster. These improvements will enable us to make our infrastructure more robust, reliable and scalable, and they will enable a new type of experiments, which involve software-defined networking (SDN) and reconfigurable topologies. Robustness and reliability will come from the modern hardware, as well as leveraging new software on the switches to perform switch configuration tasks instead of custom-written code. Scalability will come from larger switches and from more powerful c

Document Details

Document Type

DoD Grant Award

Publication Date

Jul 09, 2020

Source ID

W911NF2010056

Entities

Tags