HiveMind: 2012-7-GENI-GEC14-Report-Revised.txt

File 2012-7-GENI-GEC14-Report-Revised.txt, 4.8 KB (added by Sean Peisert, 7 years ago)
Line 
1GEC14 - GENI "Hive Mind" Report
2===============================
3
4Period: March 1, 2012 - July 1, 2013
5
6I. Major accomplishments this period
7-------------------------------------
8
9### A. Milestones achieved this period
10
11Hive: Year 3.b Security Experimentation & Hive Mind based monitoring. Due 3/16/12.
12
13-Completed.
14
15Hive: Year S4.c Report on Experimentation and Hive Mind demo. Due 7/27/12
16
17-Completed
18
19### B. Deliverables made this period
20
21Hive Year 3.b Security Experimentation & Hive Mind based monitoring. Due 3/16/12.
22        - Demonstrate how the Hive Mind based monitoring system can be used to collect information on an experiment's environment. (Completed)
23
24        - Plan for making information about the environment available to experimenters/others though a portal such as the one being developed by NICTA. (Completed)
25
26        - Organize and lead a workshop/session on security experiments in GENI. (Completed)
27
28Hive: Year S4.c Report on Experimentation and Hive Mind demo. Due 7/27/12
29
30        - Written report on Security Experimentation in GENI. (Completed)
31
32        - Demonstration of monitoring system being used to collect information about an experiment's environment and making this information available through the portal identified in Milestone b. (Completed)
33
34II. Description of work performed during this period
35----------------------------------------------------
36
37### A. Activities and findings
38
39We demonstrated our Hive Mind prototype at GEC14.  Concurrently, we have also implemented a user portal for controlling, configuring and monitoring the Hive Mind system.  Specifically, we have created a web-based interface to interact with these scripts and the logs that are output by the Hive Mind, which drive the monitoring dashboard. Additionally, we have created a framework to allow inclusion of arbitrary sensor functions to detect both violations of policy and unexpected deviation from a baseline configuration.
40
41Given the importance of detecting compromised systems, particulary those involving "Advanced Persistent Treats", Zero-Day vulnerabilities or "rootkits", we have initiated an effort to implement a large collection of sensor functions derived from techniques used by expert cyber security auditors and forensics analysts to identify compromised systems. This is an extension of the argument that any compromised system must have been in some way changed and is a departure from traditional techniqus that employ signatures or other methods to identify attemtps to compromise a system or the overt misbehavior of a compromised system.
42
43We are on track to deliver working software and user documentation for the Hive Mind monitoring system by the deadline of September 14, 2012, specified in the SOW.  User documentation will include information needed by experimenters to set up the monitoring system, specify what information is to be collected, and accessing the information collected.
44
45### B. Current project participants
46
47PI: Sean Peisert (UC Davis)
48
49Senior Personnel:
50        Matt Bishop (UC Davis)
51        Steven Templeton (UC Davis)
52       
53Students:
54        Julian Fuchs (UC Davis)
55        Vishak Muthukumar (UC Davis)
56
57### C. Publications (individual and organizational) this period
58
59N/A
60
61### D. Outreach activities this period
62
63We have demonstrated the Hive Mind for personnel at the Department of Homeland Security, who has expressed interest in transitioning the results of the work to practice, outside of GENI.  As part of this we hope to be running additional experiments on a million-node Linux cluster in the near future.
64
65Prof. Peisert is again serving as program co-chair of the 5th Workshop on Cyber Security Experimentation and Test (CSET '12) on August 6, 2012:
66
67https://www.usenix.org/conference/cset12
68
69This workshop will have considerable discussion of and focus on testbeds, including GENI.
70
71Prof. Peisert presented at the "Workshop on Future Modeling and Simulation (M & S) for Cyber-Security and Cyber-Physical Applications," sponsored by Lawrence Livermore National Laboratory, on March 2, 2012; and will be presenting at the "Lawrence Livermore National Laboratory 2012 Workshop on Current Challenges in Computing (C3): Network Science," on August 27–29, 2012.  These discussions both include discussions of our GENI activities.
72
73https://nsic.llnl.gov/?q=education_and_outreach-professional_development-past_events-m_s_for_cyber_workshop
74
75### E. Collaborations this period
76
77Our project is now collaborating closely with the "Attribution for GENI" project (PI: M. Bishop, UC Davis).  Together, we are working toward shared goals, using shared project resources.
78
79We also are working with staff at the DETER project, who are facilitating our implementation and experimental work on DETER, and with Rob Ricci, who is facilitating our implementation and experimental work on ProtoGENI.  We are grateful to the staff at both projects for their valuable help.
80
81### F. Other Contributions
82
83N/A