2021 NSF Summit Workshop: Testbed Facility Security

Workshop Schedule

The workshop was held online (via Zoom) on Monday, October 18, 2021, from 1pm to 5pm Eastern Time as part of the 2021 NSF Cybersecurity Summit.

Time (Eastern)  Topic Presenters/Panelists
1:00-1:15 Welcome and Workshop Introduction Jim Basney and Mauricio Tavares
1:15-1:30 Chameleon: Security Approaches/Challenges Kate Keahey and Jason Anderson
1:30-1:45 Colosseum and PAWR: Security Approaches/Challenges Abhimanyu Gosain
1:45-2:00 CloudLab: Security Approaches/Challenges Robert Ricci
2:00-2:15 DETERLab Evolution: Security Experimentation Approaches/Challenges  Terry Benzel, USC-ISI
2:15-2:30 FABRIC: Security Approaches/Challenges  Mauricio Tavares
2:30-2:45 Trusted CI Framework: Applications to Testbeds Jim Basney and John Zage
2:45-3:00 Break
3:00-5:00 Discussion Jim Basney and Mauricio Tavares

Workshop Materials

Available materials from the workshop are published at https://doi.org/10.5281/zenodo.5574111.

Workshop Topic

"Better to be a dog in times of tranquility than a human in times of chaos."
Volume 3 of the 1627 short story collection by
Feng Menglong, Stories to Awaken the World

Testbeds are chaotic by design.

Testbed facilities, such as Chameleon, CloudLab, DETER, FABRIC, GENI, and PAWR, have unique cybersecurity challenges stemming from their mission to enable experimental use, including configuration of facility resources for novel networking and security experiments, which may span multiple facilities. Unlike HPC centers and other traditional scientific computing facilities and instruments, these testbeds support dynamic network and security configurations for research experimentation, including research on the experimental facilities themselves. This workshop brought together testbed facility operators and users (experimenters) to discuss current approaches to addressing these security challenges and future directions.

In addition to discussing approaches to securing testbed cyberinfrastructure, we explored technology to support security research experimentation. For example, the DETER testbed has an 18 year history of researchers running experiments evaluating advanced security technologies ranging from DoS, Malware, Bots, Anonymous Communication, Edge Computing, Binary Analysis and Network slicing and much much more. Other testbeds which are not primarily aimed at security research, such as Chameleon and FABRIC, have different requirements than DETER. But, where are they similar and where do they differ? Finally, we discussed the role that testbeds can play in educating not only the next generation of security practitioners and researchers but also network and computational experiments in best security practices. For example, the DETER project includes a rich Cybersecurity Education program, and students use DETER to get hands-on experience with security technology. This is particularly important in the current era of global research collaboration where data used in experiments may be bound by security and privacy regulations of a myriad of countries. As it has sites in Europe, Asia, and South America, FABRIC is an example of a testbed subject to international regulations.

Topics include, but are not limited to:

  • data classification

  • data sharing across testbeds and across the world

  • encryption of experimental data

  • handling cross-testbed security incidents

  • identity federation

  • policies for experimental/research access to testbed operational security data

  • risk assessments

  • risk management for security experiments in the testbed

  • security compliance requirements

  • Security training for both experimenters and facility staff

  • security controls

  • security policies and mechanisms for enabling connectivity between testbeds

  • the relationship between safety and security

Workshop Program Committee

  • Jim Basney <jbasney@ncsa.illinois.edu> is deputy director of Trusted CI, the NSF Cybersecurity Center of Excellence. Trusted CI recently completed a cybersecurity engagement with FABRIC.

  • Mauricio Tavares <raubvogel@gmail.com> was senior security engineer at FABRIC and FAB (FABRIC Across Borders).

  • Abhimanyu Gosain <agosain@coe.neu.edu> is Technical Program Director for PAWR Program and Co-PI for Colosseum at Institute for Wireless Internet of Things at Northeastern University.

  • Robert Ricci <ricci@cs.utah.edu> leads the CloudLab facility that supports a broad range of CISE research in cloud computing and data centers.

  • Kate Keahey <keahey@mcs.anl.gov> leads the Chameleon facility that provides support for computer science systems experimentation.

  • Jason Anderson <jasonanderson@uchicago.edu> leads development and operations for the Chameleon facility, including designing and implementing cybersecurity measures.

  • Terry Benzel <tbenzel@isi.edu> is the Director of the Networking and Cybersecurity Research Division at the Information Sciences Institute. Terry leads the DETER Cybersecurity Experimentation Testbed and oversees the work on related Merge based spinout testbeds (DCOMP, SearchLight and STEAM).

Workshop Logistics

The session was not recorded.

References