CNS’ Perspective on TONC Karl Levitt
Download
Report
Transcript CNS’ Perspective on TONC Karl Levitt
CNS’ Perspective on TONC
Karl Levitt
[email protected]
•
•
•
•
CNS overview
More details on Cyber Trust
GENI/FIND
Maybe GENI/FIND is not needed -- Steve
Kent’s perspective
• Challenges
• How TONC can play
22 May 2016
DO NOT DISTRIBUTE
1
Computer and Network Systems
Division (CNS)
• Computer Systems: Helen Gill, Brett Fleisch
– Distributed systems; embedded and hybrid systems;
middleware; parallel systems
• Network Systems: Darleen Fisher, Guru Parulka, David
Goodman, David Du:
– Network research broadly defined; wireless systems; networks of
sensors; FIND (Future Internet … )
• Cyber Trust: Karl Levitt; Bill Steiger; others
–
Security for FIND; cryptography; the world
• Computing Research Infrastrcture
• Education and Workforce
–
22 May 2016
Create exciting curricula for CS; Acting on the
perceived enrollment and CS image problems
DO NOT DISTRIBUTE
2
Cyber Trust Projects
• Computer and Network Security Research Grants; primarily
supports single investigator and teams conducting research in
computer security:
• Computer and Network Security Research Centers; primarily
large-scale grants conducting research towards new technology
often with important applications of the technology; the Centers
include four being funded under the Cyber Trust program:
– University of Illinois (TCIP): Security for Critical Infrastructures
– UC San Diego: Large scale worm defense
– Johns Hopkins: E-Voting
– Carnegie Mellon: Third generation secure systems
– Stanford, Yale, Stevens: PORTIA
– DETER/EMIST security testbed
Centers give us visibility, but so can important theoretical results
22 May 2016
DO NOT DISTRIBUTE
3
Technology Generations of Information
Assurance
1st Generation
(Prevent Intrusions)
Access Control &
Physical Security
Trusted Computing Base
Multiple Levels
of Security
Cryptography
Intrusions will Occur
2nd Generation
(Detect Intrusions, Limit Damage)
Firewalls
Some Attacks will Succeed
3rd Generation
(Operate Through Attacks)
22 May 2016
Intrusion Detection
Systems
Boundary Controllers
Intrusion
Tolerance
Graceful
Degradation
DO NOT DISTRIBUTE
Big Board View of Attacks
Real-Time Situation Awareness
& Response
PKI
VPNs
Hardened
Performance Core
Functionality
4
An additional Center-Level Project
• UC Berkeley (with Stanford, Cornell, Vanderbilt,
Carnegie Mellon): TRUST, which includes security for critical
infrastructures
22 May 2016
DO NOT DISTRIBUTE
5
Cyber Security at NSF (cont.)
Computer and Network Security Capacity Building facility
improvement, support for education
Graduate Traineeships in Computer and Network Security
Research
Scientific and Advanced Technology Act of 1992; trains
programmers and technicians who will be the workforce that
supports U.S. Government and industry organizations addressing
the current security threats
22 May 2016
DO NOT DISTRIBUTE
6
Research Areas for Cyber Trust
•
•
•
•
•
•
•
•
•
•
assure authenticity of digital media
develop automated defense against malicious code attacks, including
viruses, worms, adware and spyware
extract valuable information from networks and large databases without
compromising individual privacy
protect large enterprises from denial-of-service attacks
safeguard on-line transactions of minors by increasing parental consent
enable hardware support for security enhancements
create new programming language features that support the development of
secure systems by preventing many kinds of attacks
develop workbenches to help developers evaluate their systems against
realistic threats and in the presence of realistic background traffic
make eavesdropping on digital channels more difficult
assess computer systems for the presence of vulnerabilities
22 May 2016
DO NOT DISTRIBUTE
7
Cyber Trust Research Areas (cont.)
•
•
•
•
•
22 May 2016
trace attacks that exploit vulnerabilities in Voice-over IP through the
Internet
reason about the effectiveness of security components, including
intrusion detection systems
develop new defenses against attacks on distributed sensor networks
develop secure RFID systems through lightweight cryptograph
Digital forensics
DO NOT DISTRIBUTE
8
GENI: Global Environment for
Networking Investigations
CISE
National Science Foundation
[email protected]
Education
…
Communication
S&E
Research
22 May 2016
…
Internet:
Transforming Infrastructure
Information
Sharing
DO NOT DISTRIBUTE
10
Looking Ahead
Applications
Critical
Infrastructures
Networked
Sensors
Data Grid
Networked
Embedded
E-science
Digital
Living
Capabilities
Optical
Actuators
Technologies
22 May 2016
Wireless
SoC
Sensors
DO NOT DISTRIBUTE
11
Emerging Disruptive Technologies
Sensor and Sensor Networks
New Machines
New Environments
New Applications
New Scale
22 May 2016
Billion to trillion devices!
DO NOT DISTRIBUTE
13
Software Radios
•
Software Radio
– Wide operational frequency supports use of multiple bands
– Multiple waveforms in a single hardware unit provides interoperability
•
Impact
– Dynamic spectrum management helps prevent interference
– Adaptable to local & current situation; flexible frequency use provides opportunities
for quality of service
– Rapid deployment and service creation
– Enables new network architectures through flexible & dynamic connectivity
Microphone
Video
Fax
Data
Narrowband
A/D-D/A
(Optional Integral
Source Coding)
N-/RT Software
Programmable
Processor(s)?
Wideband
A/D-D/A?
Antenna
Tightly Integrated Host Hardware
• Systems and networking issues remain unexplored and unexploited!
22 May 2016
DO NOT DISTRIBUTE
Thanks to Joe Evans 14
Mobile Wireless Devices
• PDAs
Cell Phones Laptops
•
Each one is an end-node on the network
•
2B+ cell phones sold every year
•
Range of mobility
•
Data, VOIP, IPTV,
22 May 2016
DO NOT DISTRIBUTE
iPODs
15
Photonics Integration
10ps Delay using deep-etched waveguide
Dual SGDBR Signal
Booster SOAs
Label Rewrite EAM
SGDBR
Flared Input Pre- 1mm MZI SOAs
Input Signal Blanking EAM Tunable Laser
amp SOAs
Dan Blumenthal
UCSB
Fiber to Waveguide
Fan-In
Fiber to Waveguide
Fan-Out
PIC
Vinod Khosla talk
http://www.kpcb.com/
Analog Electronics
Flip
Digital Electronics (PLD, FPGA)
chip
bondin Electrical Fanout to BGA
g
BGA Connector to Circuit Board
22 May 2016
DO NOT DISTRIBUTE
16
System on a Chip: IXP 2850
3 RDRAM
channels
2 encryption
engines
10 Gb/s IO
4 QDR SRAM
channels
22 May 2016
16 32 bit
processors 8K
ctl. memory
DO NOT DISTRIBUTE
>20 GIPs (peak)
• 16 i/B for 10
Gb/s traffic
Thanks to Jon Turner 17
Emerging Applications
Digital Living 2010
Tomorrow’s users will be surrounded by pervasive devices,
embedded sensors and systems… all connected to the Internet.
User
User
Communications
Games
Photography
Inventory/Sales
tracking
Entertainment Systems
Health/Medical
User
Home Computer
Home Appliances
Banking
and
Commerce
Surveillance and Security
(at home, work, or in public)
PDA
Telephone
Car
Building Automation
User
22 May 2016
DO NOT DISTRIBUTE
Thanks to David Kotz at Dartmouth 19
Networked Embedded Systems
22 May 2016
DO NOT DISTRIBUTE
Thanks to Paulo Verssimo
20
NEON:
National Ecological Observatory Network
22 May 2016
DO NOT DISTRIBUTE
21
Network Centric Critical Infrastructures
Essential Utilities
Transportation
Telecommunications
Banking & Finance
22 May 2016
DO NOT DISTRIBUTE
22
And many more
• Mapping the physical world into virtual world
– Networked embedded systems
• Large scale data grid and vast personal data
• Pervasive computing with mobile wireless
• Disaster recovery
• S&E Applications
And others that we cannot guess today
22 May 2016
DO NOT DISTRIBUTE
23
Looking Ahead
Applications
Critical
Infrastructures
Networked
Sensors
Data Grid
Networked
Embedded
E-science
Digital
Living
Service
Oriented
Optical
Actuators
Technologies
22 May 2016
Evolvability
Security
Robustness
Mobility
Ubiquity
Wireless
SoC
Autonomicity
Capabilities
Sensors
DO NOT DISTRIBUTE
24
Current Internet Evolution?
Internet Security Limitations
“Because much of this (IT) infrastructure connects one way or another to the
Internet, it embodies the Internet’s original structural attributes of openness,
inventiveness, and the assumption of goodwill.
These signature attributes have made the US IT infrastructure an irresistible
target…”
“A broad consensus among computer scientists is emerging that the approach
of patching and retrofitting networks, computing systems, and software to
“add” security and reliability may be necessary in the short run but is
inadequate for addressing the Nation’s cyber security needs.”
PITAC Report on CyberSecurity
22 May 2016
DO NOT DISTRIBUTE
26
“… in the thirty-odd years since its invention, new uses and
abuses, along with the realities that come with being a fully
commercial enterprise, are pushing the Internet into realms that
its original design neither anticipated nor easily accommodates.”
“Freezing forevermore the current architecture would be bad
enough, but in fact the situation is deteriorating. … These
architectural barnacles—unsightly outcroppings that have
affixed themselves to an unmoving architecture— may serve a
valuable short-term purpose, but significantly impair the longterm flexibility, reliability, security, and manageability of the
Internet.”
Overcoming Barriers to Disruptive Innovation in Networking, NSF Workshp Report, 05.
Future Internet?
Distributed Systems and Services?
Network and Protocol Architectures?
New Paradigms?
Network
Capabilities
Enabling
Technologies
Applications &
User
Requirements
Need a clean-slate approach
22 May 2016
DO NOT DISTRIBUTE
28
GENI Initiative
• Research -- Refocus existing programs
– NeTS => FIND
– Cyber Trust
– CSR
– CRI
–…
• Experimental Facility
– Exploring different possibilities including MREFC
– Up to $300M
22 May 2016
DO NOT DISTRIBUTE
29
Future Internet
Must
• Be worthy of our society’s trust
– Even for managing and operating critical infrastructures
• Provide a bridge between physical and virtual worlds
– Via instrumented and managed sensorized physical environment
• Support pervasive computing
– From wireless devices to supercomputers
– From wireless channels to all optical light-paths
• Enable further innovations in S&E research
– Seamless access to networked instruments, supercomputers, storage,
22 May 2016
DO NOT DISTRIBUTE
30
Future Internet
Must Be A Platform for Innovations
NSF & Community Collaboration
Arch/Security
Disruptive Innovations
Real Time
GENI Initiative
Optical Technologies
Mobile wireless & sensor
Planning Grants and
Workshops FY04-05
www.nsf.gov/cise/geni/
Distributed Systems
22 May 2016
DO NOT DISTRIBUTE
32
NSF & Community Collaboration
Arch/Security
Disruptive Innovations
End to end architecture
Research
Experimental Facility
Optical Technologies
GENI Initiative
Mobile wireless & sensor
Planning Grants and
Workshops FY04-05
www.nsf.gov/cise/geni/
Distributed Systems
22 May 2016
DO NOT DISTRIBUTE
33
Research Community stepping up
to create Future Internet -Internet for the 21st Century
NSF wants to enable this
Scope of Research
• Core functionalities
• Communications during crisis
• Security and robustness
• High level conceptualization
• Privacy and accountability
• Support for applications design
• Manageability and usability
• Large scale storage management
• Economics viability
• Social needs
• Theoretical foundations
Networking and distributed systems broadly defined
22 May 2016
DO NOT DISTRIBUTE
35
What is Different This Time?
• Clean-slate approach
– To overcome Internet ossification
• A comprehensive coordinated effort
– Ability to try different approaches
• Ability to experiment at scale
– With real users and applications
22 May 2016
DO NOT DISTRIBUTE
36
Case for GENI Facility
Maturity
Need for Large experimental
testbed/infrastructure
Shared
Deployed
Infrastructure
This chasm represents a major
barrier to realization of GENI
Small Scale
Testbeds
Research
Prototypes
Foundations
Research
Funded by CISE Programs
Time
22 May 2016
DO NOT DISTRIBUTE
37
High Level Goals
Enable exploration of new network architectures and
distributed system capabilities
A shared facility that allows
• Embedding within itself a broad range of experimental
networks and distributed services
• Interconnection among these experimental networks and
with the Internet
• Users and applications to “opt-in”
• Observation, measurement, and recording of the resulting
experimental outcomes
22 May 2016
DO NOT DISTRIBUTE
38
Facility Goals and Key Concepts
Goal: shared platform that promotes innovations
Key Concepts: Slicing, Virtualization, Programmability
22 May 2016
DO NOT DISTRIBUTE
39
Details of the Facility
Sensor Network
backbone wavelength
backbone switch
Customizable
Router
Internet
Edge Site
Wireless Subnet
22 May 2016
DO NOT DISTRIBUTE
40
Global and Local Software
Infrastructure services
RDS PS
CS
MS
LS
. . . and others . . .
Slice Manager
Core
Resource Controller
Auditing Archive
node
control
sensor
data
CM
CM
CM
Node substrate
Node substrate
Node substrate
Components
22 May 2016
DO NOT DISTRIBUTE
41
Recognize Four Groups
• Baseline GENI facility providers
– Provide baseline GENI with appropriate capabilities and hooks
• Network architects and distributed systems builders: research teams
– Deploy new networks and services on the baseline facility
• Application providers: research teams
– Build and deploy example applications
• End users
– Use applications for their benefit and in the process test
22 May 2016
DO NOT DISTRIBUTE
42
Expected GENI Deliverables
•
Deep insight about
– Various proposed architectures
– Various engineering trade-offs
•
A new class of
– Network platforms: switches/routers/APs/Optical Systems/?
– Control and management planes
– Distributed system infrastructures
– Embedded measurement and instrumentation infrastructure
– Optical transport systems and networks
•
An operational infrastructure
– new architecture(s): secured, robust, scalable, manageable, and evolvable
– New and old applications with real users
Accelerate innovations and continued growth
22 May 2016
DO NOT DISTRIBUTE
43
Many teams across the nation to
participate
Current snapshot of our collective
thinking -- will most likely evolve
Success Scenarios
• Internet evolution influenced by clean-slate approach
• Alternate infrastructure emerges
– Single architecture emerges and dominates
– Virtualization becomes the norm with plurality of architectures
– Alternate infrastructure becomes the mainstream over time
• Many other payoffs
– Some unexpected
22 May 2016
DO NOT DISTRIBUTE
45
GENI
• MREFC (Major Research Equipment and
Facilities Construction) Funding
• NOT research funding
• Idea is Think Big more research funding to
promising area
22 May 2016
DO NOT DISTRIBUTE
46
Community Input
• GENI Town Hall Meetings
– March 10 Crystal City VA (near Reagan Airport)
– West Coast and Central US TBD
• See www.geni.net for current plan
– Join GENI discussion list
– Email/call Guru or me
• NeTS FIND proposals— submit 2 page facility needs
22 May 2016
DO NOT DISTRIBUTE
47
Does Everyone in the Research
Community Agree with GENI’s Goals?
NO!!!!
22 May 2016
DO NOT DISTRIBUTE
48
Challenges to Reinventing the Internet
Dr. Stephen Kent
Chief Scientist - Information
Security
How the Internet Came About
(v1)
• Vint Cerf ande Bob Kahn (and, of course, Al
Gore) invented the Internet
• No attention was paid to security concerns
• Tim Berners-Lee invented the Web, moving the
Internet beyond e-mail, FTP, and Telnet
• Marc Andreesen invented the browser, making
the web accessible to everyone, and making him
rich
• Google indexed the web, making it all accessible
• We all live happily ever after
22 May 2016
DO NOT DISTRIBUTE
50
How the Internet Came About
(v2)
• Vint & Bob invented IP & TCP
• Vint and Bob went to ARPA and spent lots of R&D
money to evolve Internet technology
• Security was a concern: KDC system built and tested 5
years before Kerberos, MLS e-mail prototypes, IPSO, …
• Vint & Bob provided active technical leadership for these
Internet R&D projects
• Vint & Bob made the DoD a major client, which helped
stimulate vendors to support IP
• Vint created the IAB to oversee the Internet architecture
• The IETF was formed to create Internet standards
• This enabled the web, browsers, Google, etc. to come
about
22 May 2016
DO NOT DISTRIBUTE
51
The Original Internet Competition
• Data communication options circa 1978-85
–
–
–
–
–
–
Leased lines
SNA
X.25
DecNet
OSI
Proprietary LANs
• Significant investment by some businesses, all
major computer vendors, a few service
providers, very, very few individual users
22 May 2016
DO NOT DISTRIBUTE
52
The Competition Today
• The Internet as we know it!
– It evolves to support new apps, higher performance,
new media, bigger scale, …
• Enormous investment in the current technology
by
–
–
–
–
–
Businesses in all areas
Local, state, and federal governments
All computer vendors (fewer than there used to be!)
Thousands of service providers
Hundreds of millions of individual users
• The scope of affected organizations and people,
and the magnitude of the investment in the
current Internet is enormous
22 May 2016
DO NOT DISTRIBUTE
53
•
•
•
•
•
What Motivated the Internet
Transition?
Significantly reduced cost to communicate
Network scope
Significantly improved functionality
Competitive advantage
But, these factors have to be balanced against
–
–
–
–
22 May 2016
Capital costs for hardware & software
Training costs for users, system administrators, …
Service disruption for customers, internal users, …
…
DO NOT DISTRIBUTE
54
Do We Need to Replace the
Internet?
• Spam is very annoying, but so are all the phone calls I
receive on behalf of charities
• Most phishing looks like spam to me, and largely is a
social engineering concern
• Network availability is good enough to do billions of
dollars of transactions daily
• Network performance is good enough for VoIP, web
surfing, etc. IF you have good local access (i.e., the core
is OK)
• Security for end systems is NOT intrinsically a network
problem, although the net can help …
• Real time and control applications are not reliably
handled by the Internet
22 May 2016
DO NOT DISTRIBUTE
55
Can NSF Develop a New
Internet?
• NSF’s model for program funding and
management is very different from DARPA
– Grants to faculty, leadership by faculty, graduate
student labor, minimal industry involvement, most
grants are modest by DARPA standards
– NSFNET was a big exception to this model but still
modest in scale vs. DARPA’s investment
– The scope of the public Internet is international, the
investment is enormous, the number of affected users
staggering, …
• Convincing users, vendors, and service
providers that the new Internet is worth the
transition costs will be very, very hard
22 May 2016
DO NOT DISTRIBUTE
56
The Report of the Internet’s Death was an
Exaggeration
Challenges
• How do incorporate security into GENI?
– To protect it against external attacks
– To protect it against experimental malware
– To protect applications from a potentially malicious GENI
• Does GENI provide the mechanisms to support “interesting” new
ideas from TONC?
– Network Coding
– …
• The “clean slate” for FIND is mostly about a new network. What
should be in the new network to support:
– Wireless computing: location services, …
– Security: traceability, forensics, …
• It has been conjectured that Denial of Service attacks can be
neither prevented or mitigated. Prove this wrong.
• For what disruptions will the Internet recover? How long
will it take?
22 May 2016
DO NOT DISTRIBUTE
58
More Challenges
• View GENI as a step towards Big ComputerScience
• What theories can be validated with GENI?
– Time for a worm to propagate through the Internet -under varying assumed conditions
– Can a worm defense keep up with a fast moving
worm?
22 May 2016
DO NOT DISTRIBUTE
59
More Challenges
• Can the next Internet be designed for real-time
computations (Wei Zhao)
• What are the limitations of formal
methods?
– Model checking to prove properties of configurations
– Identify vulnerabilities in source and object code
– Prove security properties of protocols
• Can data be sanitized for use by experimenters?
– This might be a special case of the transfomation
of research data to achieve confindentiality
and usability (Dwork, and many others)
22 May 2016
DO NOT DISTRIBUTE
60
Toolkit architecture
Security
Properties
Program
Intermediate
representation
Parsers
C parser
C++ parser
Java parser
22 May 2016
Toolkit
Analysis
engines
Model checking
(MOPS)
Type inference
(Cqual)
Integrated
error report
Raw
error report
Report
engines
HTML
report
generator
Range analysis
(BOON)
DO NOT DISTRIBUTE
61
Analysis engines
• MOPS: pushdown model checking
– Privilege elevation bugs
– Race condition bugs
–…
• Cqual: type inference
– Format string bugs
– User/kernel pointer bugs
–…
• BOON: integer range analysis
– Buffer overrun bugs
22 May 2016
DO NOT DISTRIBUTE
62
Experience: checking critical servers
Program
Apache HTTPD
2.0.40-21
Bugs
found
Total Real
229K
2:33
6
2
6K
0:25
7
1
279K
3:15
4
0
OpenSSH 3.5p1-6
59K
3:29
24
5
Postfix 1.1.11-11
94K
6:53
6
0
Samba 2.2.7a-7.9.0
254K
45:33
8
2
Sendmail 8.12.8-4
222K
18:34
11
0
VixieCron 3.0.1-74DO NOT DISTRIBUTE
4K
0:27
4
3
At 3.1.8-33
BIND 9.2.1-16
22 May 2016
Lines Runnin
of
g time
code
63
Experience: checking the entire
RedHat Linux 9
• RedHat Linux 9
– 839 packages
– More than 60 million lines of code
• Experiments
– Checked 6 properties
– Found 79 new bugs so far
22 May 2016
DO NOT DISTRIBUTE
64
Can Security be Achieved using
Simple Paradigms?
• Accountability
• Partitioning of data into trusted and
untrusted sets
• Virtualization throughout
• Diversity to thwart attacker
• Control theory for security
• “Currency” needed for each packed issued
Can security be predicted or measured,
perhaps if simple paradigms are used?
22 May 2016
DO NOT DISTRIBUTE
65
Diversity System Functional Architecture
Address randomization does not remove vulnerability
but makes effect of attack unpredictable
Normal user
Attacker
inputs work
Modifications
transform original
stored program User Inputs
Translation
Other
System
Resources
Original
Program
Modified PE
File, Loader &
System Calls
PRNG*
Optional
Annotation
File
*Pseudo-Random Number Generator
22 May 2016
Wrapper
Transformed Some attacks
In-memory
fail because
program
vulnerability
is not at
assumed
address
DO NOT DISTRIBUTE
Other attacks
fail because
injected
commands
are wrong
66
More Challenges
• Can anonymity and authorized monitoring
co-exist?
22 May 2016
DO NOT DISTRIBUTE
67