wiki:Quarterly-ExptsSec-report-2011a.txt

Version 2 (modified by hxy@cs.ua.edu, 8 years ago) (diff)

--

ExptsSecurity Project Status Report

Period: GEC10 (March) 2011

I. Major accomplishments

A. Milestones achieved

We have been working towards achieving the Milestone ExptsSec: S3.b. We have run some experiments to explore running environment vulnerabilities. The experiments also tried to use two aggregates. Report on the results is submitted at this time, presentations are made at GEC10. The suggestions are made with the experiments in the report. At this moment, we don't see a need to revise the experiment design document. The most issue we have is that some S2 developments were not available when we tried to use them for experiments. We will follow up those in the future.

B. Deliverables made

(1) Presentation at GEC10. http://groups.geni.net/geni/attachment/wiki/GEC10-presentation.pdf

(2) Dawei Li, Xiaoyan Hong, "Practical Exploitation on System Vulnerability of ProtoGENI", 49th ACM Southeast Conference, March 24-26, 2011, Kennesaw, GA, USA. http://groups.geni.net/geni/attachment/wiki/acmse2011_attachment_52.pdf

II. Description of work performed during last quarter

A. Activities and findings

Major activities are the experiments that explore vulnerabilities in various areas of GENI/ProtoGENI security. We also read documents to study GENI Spiral 2 results. Our findings are made as deliverables.

In addition to the results reported and delivered, there are activities study in progress the following aspects of GENI/ProtoGENI security. 1) Conducting various DoS/DDoS attacks in ProtoGENI. 2) Analysis of GENI/ProtoGENI's authentication and its vulnerabilities. 3) Analysis of GENI/ProtoGENI's access control and its vulnerabilities.

In GEC10, we also reported work-in-progress that investigates the interface between experiment environment and the Internet.

Our REU students are reading documents about federation and following up new developments in this area.

We attended and presented results at GEC10 in March 2011. We interacted with other GENI teams during GEC10 and obtained great feedback from them. Two REU students also attended GEC10 and participated in tutorials, demo session, etc.

We introduced GENI/ProtoGENI security issue in a graduate course of Computer Security (CS 591) in Spring 2011 as course projects.

B. Project participants

Xiaoyan Hong (PI)
Fei Hu (Co-PI)
Yang Xiao (Co-PI)
Bo Fu (Graduate student)
Jingcheng Gao (Graduate student)
Dawei Li (Graduate student)
Zhifeng Xiao (Graduate student)
Darwin Witt (Undergraduate student)
Jason Bowman (Undergraduate student)

C. Publications (individual and organizational)

Dawei Li, Xiaoyan Hong, "Practical Exploitation on System Vulnerability of ProtoGENI", 49th ACM Southeast Conference, March 24-26, 2011, Kennesaw, GA, USA.

D. Outreach activities

E. Collaborations

We participated in Cluter C conference-calls.

F. Other Contributions