| |
CCIED: Collaborative Center for Internet Epidemiology and Defenses
This
NSF funded center is a joint effort with researchers at UCSD focused on
the growing problem of large-scale subversion of Internet systems. The
purview of CCIED is to: (1) analyze this threat, spanning the range from
theoretical models to empirical assessments to potential innovations that
threaten to develop; (2) devise defenses, both point-wise (for single
systems or sites) and more globally; and (3) investigate the surrounding
legal and policy issues that in practice affect and constrain approaches
for countering the threat.
Investigating the Underground Economy
One of the most disturbing recent
shifts in Internet attacks has been the change from attackers motivated
by glory or vanity to attackers motivated by commercial (criminal) gain.
This shift threatens to greatly accelerate the "arms race" between defenders
developing effective counters to attacks and highly motivated, well-funded
attackers finding new ways to circumvent these innovations. In this project
we explore these marketplaces in an attempt to characterize their
constituencies, impact, and sundry elements, with the ultimate goal of
employing such analysis to shed light on bottlenecks/weak spots present
in the underground economy that can then be targeted to provide maximal
benefit for defenders.
Detecting and Preventing Network Attacks
We conduct extensive research
on technology for analyzing network traffic streams to detect attacks,
either in "real time" as they occur, or in support of post facto forensic
exploration. The particular context for much of this research is the
open-source "Bro" network intrusion detection system authored by ICSI
staff. Bro runs 24x7 operationally at a number of institutes, and we have
particularly close ties with the Lawrence Berkeley National Laboratory,
where Bro deployments have formed an integral part of the institute's
cybersecurity operations for more than a decade.
Future Internet Architecture
Along with research groups around the world, the Networking Group at ICSI is exploring fundamental questions about Internet architecture. In particular, the group is asking, "If we were to redesign the Internet, what would it look like?" This effort involves looking at all aspects of the Internet architecture, including addressing, intradomain routing, interdomain routing, naming, name resolution, network API, monitoring and troubleshooting. Moreover, the effort involves both in-depth investigations of these isolated topics, and a synthesis of these aspects into a coherent and comprehensive future Internet architecture.
Open Software-Defined Networks
Today's routers and switches are both complicated and closed. The forwarding path on these boxes involve sophisticated ASICs, and the large base of installed software is typically closed and proprietary. Thus, functionality can only evolve on hardware design timescales, and only through the actions of the vendors. At ICSI, in collaboration with our colleagues at Stanford, we are pursuing a radically different approach which we call Open Software-Defined Networks. In OSDN, the forwarding hardware is extremely simple, but has an interface that allows it to be controlled by software. In turn, the software is open-source and designed to manage the network as a whole, not just each individual box. This results in lower capital and operational costs and more sophisticated management functionality. At ICSI, we are exploring how to use this approach to manage home networks, enterprise networks, datacenter networks, and wide-area networks.
More about the Networking Research Group
>>
top |
|
|
