[[PageOutline]] = ExptsSecurity Project Status Report = '''Period: GEC10 (March) 2011''' [[BR]] == I. Major accomplishments == === A. Milestones achieved === We have been working towards achieving the Milestone ExptsSec: S3.b. We have run some experiments to explore running environment vulnerabilities. The experiments also tried to use two aggregates. Report on the results is submitted at this time, presentations are made at GEC10. The suggestions are made with the experiments in the report. At this moment, we don't see a need to revise the experiment design document. The most issue we have is that some S2 developments were not available when we tried to use them for experiments. We will follow up those in the future. [[BR]] === B. Deliverables made === (1) Presentation at GEC10. http://groups.geni.net/geni/attachment/wiki/GEC10-presentation.pdf [[BR]] (2) Dawei Li, Xiaoyan Hong, "Practical Exploitation on System Vulnerability of ProtoGENI", 49th ACM Southeast Conference, March 24-26, 2011, Kennesaw, GA, USA. http://groups.geni.net/geni/attachment/wiki/acmse2011_attachment_52.pdf [[BR]] == II. Description of work performed during last quarter == === A. Activities and findings === Major activities are the experiments that explore vulnerabilities in various areas of GENI/ProtoGENI security. We also read documents to study GENI Spiral 2 results. Our findings are made as deliverables.[[BR]] In addition to the results reported and delivered, there are activities study in progress the following aspects of GENI/ProtoGENI security. 1) Conducting various DoS/DDoS attacks in ProtoGENI. 2) Analysis of GENI/ProtoGENI's authentication and its vulnerabilities. 3) Analysis of GENI/ProtoGENI's access control and its vulnerabilities.[[BR]] In GEC10, we also reported work-in-progress that investigates the interface between experiment environment and the Internet.[[BR]] Our REU students are reading documents about federation and following up new developments in this area.[[BR]] We attended and presented results at GEC10 in March 2011. We interacted with other GENI teams during GEC10 and obtained great feedback from them. Two REU students also attended GEC10 and participated in tutorials, demo session, etc. [[BR]] === B. Project participants === Xiaoyan Hong (PI) [[BR]] Fei Hu (Co-PI) [[BR]] Yang Xiao (Co-PI) [[BR]] Jingcheng Gao (Graduate student) [[BR]] Dawei Li (Graduate student) [[BR]] Fnu Shalini (Graduate student) [[BR]] Darwin Witt (Undergraduate student) [[BR]] Jason Bowman (Undergraduate student) [[BR]] === C. Publications (individual and organizational) === Dawei Li, Xiaoyan Hong, "Practical Exploitation on System Vulnerability of ProtoGENI", 49th ACM Southeast Conference, March 24-26, 2011, Kennesaw, GA, USA. [[BR]] === D. Outreach activities === We introduced GENI/ProtoGENI security in a graduate course of security in the Spring 2011 as course projects. === E. Collaborations === We participated in Cluter C conference-calls. [[BR]] === F. Other Contributions ===