Version 2 (modified by 13 years ago) (diff) | ,
---|
ExptsSecurity Project Status Report
Period: GEC10 (March) 2011
I. Major accomplishments
A. Milestones achieved
We have been working towards achieving the Milestone ExptsSec:
S3.b. We have run some experiments to explore running
environment vulnerabilities. The experiments also tried to use
two aggregates. Report on the results is submitted at this
time, presentations are made at GEC10. The suggestions are made
with the experiments in the report. At this moment, we don't
see a need to revise the experiment design document. The most
issue we have is that some S2 developments were not available
when we tried to use them for experiments. We will follow up
those in the future.
B. Deliverables made
(1) Presentation at GEC10.
http://groups.geni.net/geni/attachment/wiki/GEC10-presentation.pdf
(2) Dawei Li, Xiaoyan Hong, "Practical Exploitation on System
Vulnerability of ProtoGENI", 49th ACM Southeast Conference,
March 24-26, 2011, Kennesaw, GA, USA.
http://groups.geni.net/geni/attachment/wiki/acmse2011_attachment_52.pdf
II. Description of work performed during last quarter
A. Activities and findings
Major activities are the experiments that explore
vulnerabilities in various areas of GENI/ProtoGENI security. We
also read documents to study GENI Spiral 2 results. Our
findings are made as deliverables.
In addition to the results reported and delivered, there are
activities study in progress the following aspects of
GENI/ProtoGENI security. 1) Conducting various DoS/DDoS attacks
in ProtoGENI. 2) Analysis of GENI/ProtoGENI's authentication
and its vulnerabilities. 3) Analysis of GENI/ProtoGENI's access
control and its vulnerabilities.
In GEC10, we also reported work-in-progress that investigates
the interface between experiment environment and the
Internet.
Our REU students are reading documents about federation and
following up new developments in this area.
We attended and presented results at GEC10 in March 2011. We
interacted with other GENI teams during GEC10 and obtained
great feedback from them. Two REU students also attended GEC10
and participated in tutorials, demo session, etc.
We introduced GENI/ProtoGENI security issue in a graduate course of Computer Security (CS 591) in Spring 2011 as course projects.
B. Project participants
Xiaoyan Hong (PI)
Fei Hu (Co-PI)
Yang Xiao (Co-PI)
Bo Fu (Graduate student)
Jingcheng Gao (Graduate student)
Dawei Li (Graduate student)
Zhifeng Xiao (Graduate student)
Darwin Witt (Undergraduate student)
Jason Bowman (Undergraduate student)
C. Publications (individual and organizational)
Dawei Li, Xiaoyan Hong, "Practical Exploitation on System
Vulnerability of ProtoGENI", 49th ACM Southeast Conference,
March 24-26, 2011, Kennesaw, GA, USA.
D. Outreach activities
E. Collaborations
We participated in Cluter C conference-calls.