Experimental cybersecurity research is inherently risky. An experiment may involve releasing live malware code, operating a botnet, or creating highly disruptive network conditions. Realism is required in replicating attacks so that proposed defenses can be thoroughly tested and future attacks anticipated. This proposal, in addressing intellectual merit, seeks to develop a unique model for risky experiment management; enabling researchers to carry out experiments that interact with their larger environment while retaining both control and safety. The model forwarded here is based on a very simple line of reasoning: If the behavior of an experiment is completely unconstrained, the behavior of the host environment must be completely constraining, because it can assume nothing about the experiment; but, if the behavior of the experiment is constrained in some particular and well-chosen way or ways, the behavior of the host testbed can be less constraining, because the combination of experiment and environment constraints together can provide the required overall assurance of good behavior. The key benefit of this model is that both experimenter and testbed operator can proceed with assurance in carrying out a wide and interesting range of previously unsupportable experiments. The ultimate goal is to develop both implementation and formalization of this model, including logical tools to reason about experiment and testbed constraint composition (broader impact). Initial work will develop mechanisms to support the model in the DETER facility and similar Emulab-based testbeds.
The proposal was reviewed by panelists and received one Very Good, one Very Good/Good and one Good. Panelists viewed all three elements of the proposal (risky experimentation support, dynamic health monitoring, and federation of testbeds) to represent contributions to the field, with the most valuable area of the three being risky experimentation support. The panel overall wanted to see a stronger case made for improving existing security testbeds in general, and particularly a tie in with current uses and needs of the DETER testbed by researchers. Panelists recognized the team as being well qualified for the work. If successful, the activities were viewed as advancing the state-of-the-art in experimental facilities for cybersecurity.
