Isolated Virtualised Clusters: Testbeds for High-Risk Security Experimentation and Training

Adequate testbeds for conducting security experiments and test under controlled, safe, repeatable and as-realistic-as-possible conditions, are a key element for the research and development of adequate security solutions and the training of security personnel and researchers. In this paper, we report on the construction and operations of isolated virtualised testbeds used in two separate security research labs in Canada and France, as part of a joint collaborative effort. The main idea was to use mid- to large-scale isolated computing clusters to obtain high levels of scale, manageability and safety by heavily leveraging virtualisation technology, open-source cluster management tools and a network architecture separating experiment and control traffic. Both facilities have been used for conducting different types of security research experiments, including in-lab reconstructions of botnets, denial-of-service attacks, and virus detection experimentation. They have also been used for teaching and training students in experimental security methods. We describe these facilities and the criteria that we used to design them, the research and training activities that were conducted, and close by discussing the lessons learned and the pros and cons of this approach.

[1]  Guillaume Bonfante,et al.  Morphological detection of malware , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[2]  José M. Fernandez,et al.  Optimising Networks Against Malware , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[3]  Dongho Kim,et al.  Design, Deployment, and Use of the DETER Testbed , 2007, DETER.

[4]  Mike Hibler,et al.  Large-scale Virtualization in the Emulab Network Testbed , 2008, USENIX ATC.

[5]  Hajime Inoue,et al.  NetADHICT: A Tool for Understanding Network Traffic , 2007, LISA.

[6]  Peng Liu,et al.  Evaluation of collaborative worm containment on the DETER testbed , 2007 .

[7]  Dongho Kim,et al.  Experience with DETER: a testbed for security research , 2006, 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2006. TRIDENTCOM 2006..

[8]  George Kesidis,et al.  Evaluation of Collaborative Worm Containments on DETER Testbed , 2007, DETER.

[9]  Joan Calvet,et al.  Malware authors don't learn, and that's good! , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[10]  Céline Roehrig,et al.  The supervision of r esearch p rojects entailing computer risks within an academic context : The case of ecole polytechnique de Montréal , 2009 .