It is critical to protect the Internet from attacks such as denial of service, and attacks on inter-domain routing. Although several defenses have been proposed, actual deployments have been limited. A primary reason for this lack of deployment is that most defenses have not been validated under realistic conditions, or at sufficiently large scales. Many attacks also have second-order effects that are not well understood. This is because it is difficult to incorporate all the protocols involved at any reasonable scale in analytical, simulation, or emulation models or testbeds. This project includes two complementary efforts to address both the fidelity and scale challenges in security experiments by designing the following: (1) Router models: High-fidelity yet scalable models for routers and other devices will be designed that are based on simple device measurements under a few well-crafted scenarios. Both the queueing behavior in the data plane and resource consumption in the control plane will be considered. (2) Downscaling tools: Techniques will be developed to simplify experimental scenarios before studying them using simulation, emulation, or testbed experiments. Algorithms that can downscale an experimental scenario while still preserving the important queueing or routing characteristics of this scenario will be devised. Broader Impact: Development and public dissemination of general- purpose experimental tools, large-scale testing techniques, methodologies for the use of testing frameworks, and related graduate- level courseware will be undertaken. Significant outreach is planned to simulation and testbed teams, e.g., ns-3, C-BGP, and DETER (based on Emulab), and to industry, specifically Cisco, Intel, and AT&T. Students from under-represented minority groups in computer science and electrical engineering will be actively involved.
|