Workshop on GENI and Security

Date: January 22–23, 2009

Location: Davis, California, USA

Documents and Slides

The final workshop report is available here.

The executive summary of the workshop report is available here.

Powerpoint slides for a talk on the workshop given at the April 2009 GENI Conference.

Slides for individual talks from the workshop are accessible from the agenda page.

About the Workshop

The Global Environment for Network Innovations (GENI) is a suite of network research infrastructure now in its design and prototyping phase. It is sponsored by the National Science Foundation to support experimental research in network science and engineering.

The goal of this workshop is to engage the security community in GENI's design and prototyping, to ensure that security issues are properly considered during its development.

First, what classes of security experiments should GENI support? What capabilities will GENI require to allow the conduct of these experiments? The capabilities may be intrinsic to GENI (such as equipment or software of a particular kind) or extrinsic (such as organizational management, or external interfaces and connectivity). Experiments involving malware or vulnerabilities analysis may require that parts of the infrastructure suite be partitioned from other parts. Deploying and testing new protocols may require that the suite be partitioned to prevent errors in the implementation or in the protocol itself from interfering with other uses of the infrastructure.

Second, how can GENI itself be adequately secured and protected from attack? What forms of authentication, authorization, and accountability would be most appropriate? As access to GENI will be from the Internet, GENI will be exposed to potential attackers. Other types of attack may involve physical compromise of the systems making up GENI, or of the Internet (or other) infrastructure that provides support for GENI. Protocols, management and organizational procedures and processes, and access control mechanisms must be developed to safeguard both the GENI resource and the data and software that researchers deploy on it.

The workshop is designed to discuss questions such as: What security-related experiments would you like to run on GENI, and what benefit would you expect from them? What constraints or requirements would you need to carry out the experiments? How can we shield other experiments and work being done using GENI from the effects of your (or others') experiments? How can we prevent GENI from being attacked?

Background on GENI. More information on GENI is available at the GENI web site. The document GENI System Overview provides an overview of the GENI system design, and the document GENI Spiral 1 Overview discusses the first phase of GENI prototyping.

Steering Comittee:

Matt Bishop, co-chair, UC Davis
Chip Elliott, co-chair, BBN
Heidi Picher Dempsey, BBN
Deborah Frincke, PNNL
Suzanne Iacono, NSF
Karl Levitt, NSF
John Mitchell, Stanford
Vern Paxon, UC Berkeley
Taieb Znati, NSF

Original Workshop Web Page

The web page for the workshop, before it was held, is here.

This workshop was hosted by UC Davis This workshop was supported by the National Science Foundation.