Terry Benzel

Experience with DETER: a testbed for security research

The DETER testbed is shared infrastructure designed for medium-scale repeatable experiments in computer security, especially those experiments that involve malicious code. The testbed provides unique resources and a focus of activity for an open community of academic, industry, and government researchers working toward better defenses against malicious attacks on our networking infrastructure, especially critical infrastructure. This paper presents our experience with the deployment and operation of the testbed, highlights some of the research conducted on the testbed, and discusses our plans for continued development, expansion, and replication of the testbed facility

The science of cyber security experimentation: the DETER project

Since 2004, the DETER Cyber-security Project has worked to create an evolving infrastructure - facilities, tools, and processes - to provide a national resource for experimentation in cyber security. Building on our insights into requirements for cyber science and on lessons learned through 8 years of operation, we have made several transformative advances towards creating the next generation of DeterLab. These advances in experiment design and research methodology are yielding progressive improvements not only in experiment scale, complexity, diversity, and repeatability, but also in the ability of researchers to leverage prior experimental efforts of other researchers in the DeterLab user community. This paper describes the advances resulting in a new experimentation science and a transformed facility for cybersecurity research development and evaluation.

Cyber defense technology networking and evaluation

Creating an experimental infrastructure for developing next-generation information security technologies.

The DETER project: Advancing the science of cyber security experimentation and test

Since 2004, the DETER Cybersecurity Testbed Project has worked to create the necessary infrastructure — facilities, tools, and processes-to provide a national resource for experimentation in cyber security. The next generation of DETER envisions several conceptual advances in testbed design and experimental research methodology, targeting improved experimental validity, enhanced usability, and increased size, complexity, and diversity of experiments. This paper outlines the DETER projects status and current R&D directions.

Teaching Cybersecurity with DeterLab

The DETER project aims to advance cybersecurity research and education. Over the past seven years, the project has focused on improving and redefining the methods, technology, and infrastructure for developing cyberdefense technology. The projects research results are put into practice by DeterLab, a public, free-for-use experimental facility available to researchers and educators worldwide. Educators can use DeterLabs exercises to teach cybersecurity technology and practices. This use of DeterLab provides valuable feedback on DETER innovations and helps grow the pool of cybersecurity innovators and cyberdefenders.

Current Developments in DETER Cybersecurity Testbed Technology

From its inception in 2004, the DETER testbed facility has provided effective, dedicated experimental resources and expertise to a broad range of academic, industrial and government researchers. Now, building on knowledge gained, the DETER developers and community are moving beyond the classic “testbed” model and towards the creation and deployment of fundamentally transformational cybersecurity research methodologies. This paper discusses underlying rationale, together with initial design and implementation, of key technical concepts that drive these transformations.

Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture

During many crises, access to sensitive emergency-support information is required to save lives and property. For example, for effective evacuations first responders need the names and addresses of non-ambulatory residents. Yet, currently, access to such information may not be possible because government policy makers and third-party data providers lack confidence that todays IT systems will protect their data. Our approach to the management of emergency information provides first responders with temporary, transient access to sensitive information, and ensures that the information is revoked after the emergency. The following contributions are presented: a systematic analysis of the basic forms of trusted communication supported by the architecture; a comprehensive method for secure, distributed emergency state management; a method to allow a userspace application to securely display data; a multifaceted system analysis of the confinement of emergency information and the secure and complete revocation of access to that information at the closure of an emergency.

The DETER Project: Towards Structural Advances in Experimental Cybersecurity Research and Evaluation

It is widely argued that today’s largely reactive, “respond and patch” approach to securing cyber systems must yield to a new, more rigorous, more proactive methodology. Achieving this transformation is a difficult challenge. Building on insights into requirements for cyber science and on experience gained through 8 years of operation, the DETER project is addressing one facet of this problem: the development of transformative advances in methodology and facilities for experimental cybersecurity research and system evaluation. These advances in experiment design and research methodology are yielding progressive improvements not only in experiment scale, complexity, diversity, and repeatability, but also in the ability of researchers to leverage prior experimental efforts of others within the community. We describe in this paper the trajectory of the DETER project towards a new experimental science and a transformed facility for cyber-security research development and evaluation.

Information Assurance Technology Forecast 2008

A virtual roundtable (featuring panelists Steven Bellovin, Terry Benzel, Bob Blakely, Dorothy Denning, Whitfield Diffie, Jeremy Epstein, and Paulo Verissimo) discussing the next 15 years in computer security.

First steps toward scientific cyber-security experimentation in wide-area cyber-physical systems

This extended abstract reports on steps towards an environment for repeatable and scalable experiments on wide-area cyber-physical systems. The cyber-physical systems that underlie the worlds critical infrastructure are increasingly vulnerable to attack and failure. Our work has focused on secure and resilient communication technology for the electric power grid, a subset of the general cyber-physical problem. We have demonstrated tools and methodology for experimentation with GridStat, a middleware system designed to provide enhanced communication service for the grid, within the DETERlab cyber-security testbed. Experiment design tools for DETERlab and for GridStat will ease the creation and execution of relatively large experiments, and they should make this environment accessible to users inexperienced with cluster testbeds. This abstract presents brief overviews of DETERLab and of GridStat and describes their integration. It also describes a large scale GridStat/DETERlab experiment.