Sponsored by the National Science Foundation

ExptsSecurityAnalysisSpiral 2 Year-end Project Review

University of Alabama

PI: Xiaoyan Hong, Fei Hu, Yang XiaoStudents: Jingcheng Gao, Dawei Li, Sneha Rao, Fnu Shalini, Dong

Zhang

August 27, 2010

Project Graphic and/or Photo

Cluster C

Emulab at Utah

ProtoGENI

GENI

Cluster

BCluster

ACluster

D

Other Emulabs Security

ClusterC

ClusterE

ClusterD

ClusterB

Sponsored by the National Science Foundation 2August 27, 2010

Project Summary

• 1783: GENI Experiments for Traffic Capture Capabilities and Security Requirement Analysis

• Goal:– help define GENI security requirements based on investigations through

ProtoGENI experiments• Approach:

– Select functions of ProtoGENI control framework – Experiments on aggregates (EMULAB first)

• Experiment design, run, identify/exploit/validate potential vulnerabilities • Deliver experiment design documents, experiment reports

• Experiments are in three directions– Authentication, experiment run-time interaction, aggregate components

and management

Sponsored by the National Science Foundation 3August 27, 2010

Milestone & QSR StatusID Milestone Status On

Time?On

Wiki?GPO

signoff?

ExptsSec: S2.a

Design experiment to evaluate the security of select functions in the ProtoGENI control framework. Experiment will use the Emulab aggregate. The experiment design will be documented and sent to the ProtoGENI PI for review.

Milestone achieved. The document of experiment design is delivered: “Description of planned security experiments”.

Early Yes Yes

ExptsSec: S2.b

Run experiment designed in Milestone 1 on ProtoGENI/Emulab. Identify potential security vulnerabilities. Develop revised experimentation plans to validate/exploit potential vulnerabilities. Interact with the ProtoGENI PI to get feedback on the potential vulnerabilities and the experiment plans. Deliver software/scripts/documentation needed to repeat experiment

Milestone achieved. Delivered: “Revised description of planned security experiments”, and “Report of the initial experiments and findings”. The report was presented at GEC7.

On time Yes Yes

ExptsSec: S2.c

Run experiments designed in Milestone 2 to validate/exploit vulnerabilities in ProtoGENI/ Emulab. Suggest improvements to ProtoGENI/ EMULab security and experimenter support tools. Deliver software/ scripts/ documentation needed to repeat experiment.

Milestone achieved. Delivered: “Report on experimentation exploiting vulnerabilities and validating vulnerability hypotheses”. Part of the results were presented at GEC8.

On time Yes Yes

ExptsSec: S2.d

Design experiment to extend the scope of the security assessment of ProtoGENI. Add at least one more aggregate to scope of experiment (preferably a wireless aggregate such as the CMU wireless emulator). The experiment design will be documented and sent to the ProtoGENI and CMU Wireless projects for review.

Due 09/28/10

QSR: 4Q2009 Posted to wiki On time Yes Yes

QSR: 1Q2010 Posted to wiki On time Yes Yes

QSR: 2Q2010 Posted to wiki On time yes Yes

Sponsored by the National Science Foundation 4August 27, 2010

Accomplishments 1: Advancing GENI Spiral 2 Goals

• We identified three major directions in ProtoGENI functions for experiments. They are authentication, experiment run-time interaction, aggregate components and management.

• Findings and suggestions are summarized in the table.

Findings Suggestions

Account certificate and credentials at local machines are subject to be stolen if compromised. With those, register slices and create slivers are possible.

strictly check user's access behaviors.

Security parameters used in the run-time are subject to be stolen if local machine is compromised. With those, experiment nodes can be accessed.

Audit experiment traffic pattern.

Ports scan be scanned from inside and outside of slices. Most ports are closed.

Add anti-scan function.

Identity and credential for flash interface are subject to the compromise of the local machine.

Additional user identity check before one can create a slice using the interface.

ProtoGENI (residual) resources are subject to DoS attack. Tools can help attacker be more efficient and harder to detect.

Audit each slice’s creation and destroy operations. Good traffic analysis tools.

(continue on next page. Notes: the findings are based on the recent release of CM and test scripts. July 10, 2010)

Sponsored by the National Science Foundation 5August 27, 2010

Accomplishments 2:Other Project Accomplishments

• Findings and suggestions continue:

• In all, the real attacking experiments may help GENI developers to design and develop more secure systems;

Findings Suggestions

Slice isolation of bandwidth. Performance is satisfactory under stress test

Delays between vnodes show large variance in RTTs. Further ProtoGENI debug needed

Slices using shared vnodes could cross communicate under a particular condition.

Further ProtoGENI debug needed

Sponsored by the National Science Foundation 6August 27, 2010

Issues

• We have tried to install ProtoGENI reference CM. Due to the need for static IP and host name DNS entry in the installation procedure, the system administrator expressed great concern (reluctant) on whether the CM code is safe or not.

• Concerns on what some attack experiments may interference other experiments.

• Since ProtoGENI is still an ongoing project, system bugs happen from time to time which has a severe impact on our progress as most of our efforts are based on the experiments. Because of this, some findings at last turn out to be system flaws. Other times the changes of the system will affect our project plans, we will have to change our plan and experiments design according to the new functions or changes.

• There are OS images and pc type which reported to be pretty old and perform inconsistent. An update on these obsolete or inconsistent resources may help in saving time and confusion, especially for novice learners.

• More details about PC type and all resources at Emulab and their specific utilization, if any, can help novice experimenters to select and to utilize resources accordingly.

Sponsored by the National Science Foundation 7August 27, 2010

Plans

• Plans for the remainder of Spiral 2?– Perform the work described in Milestone #4 – Deliver the design document

• The GPO is starting to formulate goals for Spiral 3. What are your thoughts regarding potential Spiral 3 work?– Perform the experiments according to the design document of S2.d -- investigate

the vulnerability of wireless aggregate. – Investigate issues across multiple aggregates – Following the Spiral II ProtoGENI development results in experiments, possible

repeating and extending.