= Draft Notes from [GeniOmis OMIS] meeting at GEC!#3 = == October 30, 2008 == (Audio recording of the session should be posted on the wiki later, and we'll update with a link here when that happens.) ---- === Introduction === Heidi Picher Dempsey, WG Chair, introduced the session. The [http://groups.geni.net/geni/attachment/wiki/presentations/OMIS-agenda.txt agenda] as posted to the mailing list: 10:00-10:30:: GENI Meta Operations Center - Jon-Paul Herron, Indiana University 10:30-11:00:: GENI Security Architecture - Stephen Schwab, SPARTA, Inc. 11:00-11:15:: GENI at Four-Year Colleges - Pierre Tiako, Langston University 11:15-11:30:: GENI 2008 Operations Security Internship summary and call for participation - Ketly Jean-Pierre, Howard University 11:30-12:00:: Spiral 1 Integration Plans and OMIS working group deliverables- Mike Patton and Heidi Picher Dempsey, GPO 12:00-12:30:: Discussion and Lightning talks. The only agenda bashing was to note that Steve Schwab was sick and couldn't attend. So, rather than a presentation, we'll have some general security discussion in that slot. === Project presentations === ==== GENI Meta Operations Center ==== Jon-Paul Herron, with the GRNOC at Indiana University, presented the plan for the GMOC project. Presentation listed several networks that the GRNOC has experience from, including Internet2, NLR, HOPI and now, GMOC. See [http://groups.geni.net/geni/attachment/wiki/presentations/GMOC%20Presentation%20-%20GEC3%2010%7C08.pdf his slides] for details. There was some discussion: * Mike Patton asked about managing historical data, especially dealing with changing formats, etc. over the expected GENI lifetime. Response: operational data should be small enough that bulk conversion should be feasable. * ~~Name Missed~~ asked if there was an allowance for experiments generating additional data. In discussion it seemed like an interesting idea, but it was unclear what operational data might need to be exported. In the discussion it was brought up that both of these will be big concerns in GIMS in the long run, but possibly less critical in operational data. * Ted Faber argued strongly for defining "Minimalist datasets" to lower the hurdle for contributing components, among other things. * There was some discussion of allowing for recording intentional (or experimentally induced) outages. Response: This seems like a fairly straight forward extension of the standard operational distinction of administratively up/down vs. operationally up/down. ==== Security ==== Since Stephen Schwab, SPARTA, Inc. was unable to attend, Heidi Picher Dempsey led an open discussion of Rules, Policies, and Procedures that might apply to GENI. Should there be a Recommended Usage Policy (variant AUP)? This kicked off some discussion... * Karl Evans, NSF asked "do we allow live malware?" Which triggered the most interesting discussion. * Ted Faber wasn't worried about existing malware, but New Ideas in malware could be Dangerous... * Mike Patton: Do we need to distinguish real Malware from experiments gone berserk? * Aaron Falk: Policy on Malware depends on research agenda being formulated by NetSE * Matt Mathis: Policies may need to make a distinction for different site types: e.g. Firewalled vs Open * Ted Faber: This applies to more than just malware... Possible policy: Experimenters can't do anything that killing their slice won't stop. * ~~Name Missed~~: Don't overly constrain what experiments can be run * Kemp(?): Don't be naive. Use enforceable penalties for behaving badly. Russian Business making profits from behaving badly given as an example. * Ted Faber: Need nuances in the policies * Jonathan Turner: Would it help to have a Mini-GENI to clear experiments? Not clear... * Aaron Falk: With contributions from multiple parties, there will be a range of AUPs (Should the AUP be in resource discovery?) * Ted Faber: Idea for a Mini-GENI: run it in an emulab? or roll one up. * Heidi Picher Dempsey: Adopt the "test first" policy from Planetlab? * Jonathan Turner: Maybe provide closed, isolated, staging * Aaron Falk: What to provide so that experimenters can DTRT ==== GENI at 4yr colleges ==== Pierre Tiako, Langston University presented [http://groups.geni.net/geni/attachment/wiki/presentations/Langston_and_GENI_Fall2008_v1.pdf some slides] on his project to explore ways that four year colleges might use and/or contribute to GENI. === GENI 2008 Operations Security Internship summary and call for participation === Ketly Jean-Pierre, Howard University, presented some [http://groups.geni.net/geni/attachment/wiki/presentations/GPO%20Presentation.ppt work] from her summer internship looking at operational security for GENI. Ketly reviewed her work preparing draft security policies for use on GENI. She developed drafts for both internal GPO and external GENI policies and usage guidelines. She also installed and experimented with monitoring tools such as SNORT that can be useful to people connecting laboratories or other infrastructure to GENI, who are already knowledgable about computers and software. Ketly would like inputs from other people in OMIS on what tools they have used successfully and what recommendations they have for graduate and undergraduate students participating in GENI who want to design and implement security procedures and tools for their labs and classes. === OMIS SE report === Mike Patton, the OMIS WG System Engineer, gave a presentation on early plans around integration for Spiral 1 and what the OMIS WG deliverables were. The presentation included some diagrams showing multiple options for integration and how they might work together. === Lightning Talks === For our first lightning talk, Karl Levitt (NSF) talked (and moderated discussion) on some pointed security questions (no slides): 1 What does it mean to "make GENI secure"? * Protecting GENI * Slice shutdown important * How will the experiment use its resources? * Protecting Opt-In Users * Protecting the Internet 2 What experiments can be run in security * Understanding worms/botnets/etc. * Run games between attacker and defender.. * Run "The Internet" inside GENI and experiment with what would take it all down. In the discussion Aaron Falk said: Don't make it too high a hurdle to run experiments. The second lightning talk was a [http://groups.geni.net/geni/attachment/wiki/presentations/NetFPGA_Status_Update_at_GEC3.ppt NetFPGA update] from John Lockwood. The first run of 500 have been deployed, faster than expected. They are now sold out, next batch ships around Nov 17. Expected cost $500. See details on [http://NetFPGA.org NetFPGA.org].