Testbed for Network-Scale Countermeasure Evaluation

Abstract

Network-scale attacks are an increasing source of instability. Such attacks target entire networks or the larger Internet. Routing insecurities, forged domain names, worms, and DDoS attacks have all led to widespread outages and data compro- mise. Recent attempts to address these vulnerabilities have failed largely because of a lack of balance between security, performance, reliability, and manageabil- ity in the countermeasure designs. This work proposes a metrics-based platform for network-scale security evaluation. A range of countermeasures will be tested in several experimental environments, and general conclusions and optimizations identified. The results of this analysis will deeply inform efforts within the general network community and ongoing standards processes.

Related Research Projects

Related Publications

Kevin Butler, William Aiello, and Patrick McDaniel. Optimizing BGP Security by Exploiting Path Stability. Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS'06), November 2006.

Kevin Butler and Patrick McDaniel, Testing Large Scale BGP Security in Replayable Network Environments. DETER Community Workshop on Cyber Security Experimentation and Test, June 2006.

Kevin Butler, Sophie Qui, and Patrick McDaniel, BGPRV: Retrieving and Processing BGP Data with Efficiency and Convenience. DETER Community Workshop on Cyber Security Experimentation and Test, June 2006.