2021 NSF Summit Workshop: Testbed Facility Security
Workshop Schedule
The workshop was held online (via Zoom) on Monday, October 18, 2021, from 1pm to 5pm Eastern Time as part of the 2021 NSF Cybersecurity Summit.
| Time (Eastern) | Topic | Presenters/Panelists |
|---|---|---|
| 1:00-1:15 | Welcome and Workshop Introduction | Jim Basney and Mauricio Tavares |
| 1:15-1:30 | Chameleon: Security Approaches/Challenges | Kate Keahey and Jason Anderson |
| 1:30-1:45 | Colosseum and PAWR: Security Approaches/Challenges | Abhimanyu Gosain |
| 1:45-2:00 | CloudLab: Security Approaches/Challenges | Robert Ricci |
| 2:00-2:15 | DETERLab Evolution: Security Experimentation Approaches/Challenges | Terry Benzel, USC-ISI |
| 2:15-2:30 | FABRIC: Security Approaches/Challenges | Mauricio Tavares |
| 2:30-2:45 | Trusted CI Framework: Applications to Testbeds | Jim Basney and John Zage |
| 2:45-3:00 | Break | |
| 3:00-5:00 | Discussion | Jim Basney and Mauricio Tavares |
Workshop Materials
Available materials from the workshop are published at https://doi.org/10.5281/zenodo.5574111.
Workshop Topic
"Better to be a dog in times of tranquility than a human in times of chaos."
Volume 3 of the 1627 short story collection by Feng Menglong, Stories to Awaken the World
Testbeds are chaotic by design.
Testbed facilities, such as Chameleon, CloudLab, DETER, FABRIC, GENI, and PAWR, have unique cybersecurity challenges stemming from their mission to enable experimental use, including configuration of facility resources for novel networking and security experiments, which may span multiple facilities. Unlike HPC centers and other traditional scientific computing facilities and instruments, these testbeds support dynamic network and security configurations for research experimentation, including research on the experimental facilities themselves. This workshop brought together testbed facility operators and users (experimenters) to discuss current approaches to addressing these security challenges and future directions.
In addition to discussing approaches to securing testbed cyberinfrastructure, we explored technology to support security research experimentation. For example, the DETER testbed has an 18 year history of researchers running experiments evaluating advanced security technologies ranging from DoS, Malware, Bots, Anonymous Communication, Edge Computing, Binary Analysis and Network slicing and much much more. Other testbeds which are not primarily aimed at security research, such as Chameleon and FABRIC, have different requirements than DETER. But, where are they similar and where do they differ? Finally, we discussed the role that testbeds can play in educating not only the next generation of security practitioners and researchers but also network and computational experiments in best security practices. For example, the DETER project includes a rich Cybersecurity Education program, and students use DETER to get hands-on experience with security technology. This is particularly important in the current era of global research collaboration where data used in experiments may be bound by security and privacy regulations of a myriad of countries. As it has sites in Europe, Asia, and South America, FABRIC is an example of a testbed subject to international regulations.
Topics include, but are not limited to:
data classification
data sharing across testbeds and across the world
encryption of experimental data
handling cross-testbed security incidents
identity federation
policies for experimental/research access to testbed operational security data
risk assessments
risk management for security experiments in the testbed
security compliance requirements
Security training for both experimenters and facility staff
security controls
security policies and mechanisms for enabling connectivity between testbeds
the relationship between safety and security
Workshop Program Committee
Jim Basney <jbasney@ncsa.illinois.edu> is deputy director of Trusted CI, the NSF Cybersecurity Center of Excellence. Trusted CI recently completed a cybersecurity engagement with FABRIC.
Mauricio Tavares <raubvogel@gmail.com> was senior security engineer at FABRIC and FAB (FABRIC Across Borders).
Abhimanyu Gosain <agosain@coe.neu.edu> is Technical Program Director for PAWR Program and Co-PI for Colosseum at Institute for Wireless Internet of Things at Northeastern University.
Robert Ricci <ricci@cs.utah.edu> leads the CloudLab facility that supports a broad range of CISE research in cloud computing and data centers.
Kate Keahey <keahey@mcs.anl.gov> leads the Chameleon facility that provides support for computer science systems experimentation.
Jason Anderson <jasonanderson@uchicago.edu> leads development and operations for the Chameleon facility, including designing and implementing cybersecurity measures.
Terry Benzel <tbenzel@isi.edu> is the Director of the Networking and Cybersecurity Research Division at the Information Sciences Institute. Terry leads the DETER Cybersecurity Experimentation Testbed and oversees the work on related Merge based spinout testbeds (DCOMP, SearchLight and STEAM).
Workshop Logistics
The session was not recorded.
References
Chameleon https://www.chameleoncloud.org/
Colosseum https://colosseum.net/
DETERLab https://www.deterlab.net/
FABRIC https://whatisfabric.net/
Trusted CI https://www.trustedci.org/