Nov. 2 — SCinet is the backbone of SC, and the volunteer-driven Network Security Team goes to great lengths to protect that backbone from threats. Planning network security strategies and tactics begins nearly a year before the conference. As threats evolve, the team relies on new partnerships and innovative solutions to overcome emerging challenges. This year, the team is collaborating with CloudLab, a cloud computing testbed funded by the National Science Foundation (Grant No. CNS-1302688), to analyze terabytes of network traffic data during SC.
In observance of October’s National Cyber Security Awareness Month, we visited with Jeff Boote and Alan Commike, co-leads of the SCinet Network Security Team, and Robert Ricci, PI for CloudLab, about how this collaboration benefits exhibitors, attendees and volunteers at SC16.
Who shares in the responsibility for network security at SC?
Alan Commike and Jeff Boote: Network security touches every layer of SCinet. When you build a powerful network like SCinet from the ground up annually, network security cannot be achieved in isolation and it needs to be built into the network from the very start. Planning for SCinet starts nearly a year prior to the show opening. As the general SCinet architecture takes shape, the Network Security Team works closely with other SCinet teams – including Wide Area Networking, Routing, Fiber, Interconnect, DevOps, Edge Networking and the Help Desk – to ensure vendors, attendees and researchers have a successful SC. We also engage conference-goers in sharing the responsibility for computer security at SC. The SCinet Help Desk provides copies of our security tips handout, with security best practices for SC and beyond. If we find a compromised system, we help remediate the issue and then engage in conversation about how to secure the system going forward.
How has the network security strategy for SCinet changed over time? What, if anything, has remained consistent?
AC and JB: The goal has remained consistent through the years: we protect SCinet and all vendor, exhibitor and attendee resources that connect to it during SC. The challenge is to do so while working within the parameters of a very high-speed, high-traffic, open network. As threats become more sophisticated, the Network Security Team scales up protection efforts. In the past, we concentrated on protecting SCinet’s border, and now we are closely examining what’s happening inside the network, too. We spend as much effort looking for malicious intent on the commodity WiFi network as we do on the border between SCinet and the Internet at large. This year, we are partnering with CloudLab, which has a facility in Salt Lake City that provides the flexibility, autonomy and computational power we need to analyze network traffic and mitigate potential threats. The partnerships and the tools we rely on to secure SCinet continue to evolve, but the goal of finding bad actors on the network early and reliably is the same as it was 10 years ago.
What is CloudLab and how does it help the research community?
Robert Ricci: CloudLab is a facility that empowers researchers and educators to build their own clouds. Those who have used a cloud that is commercially-provided or owned by their home institution may be well aware of the limitations of not having full view or control over all layers, including the network, virtualization and the storage system. This is fine for a lot of work, but if you want to push forward the basic notion of what the cloud is and what it is good for, then you need to be able to work on those layers. That is where CloudLab comes in. CloudLab provides users with a set of resources they can use to build their own clouds, in which they can see everything and are in complete control. There are three main CloudLab sites: the University of Wisconsin – Madison, Clemson University and the University of Utah. CoudLab is funded by the National Science Foundation, so researchers and educators can apply for an account at www.cloudlab.us and use the lab at no cost.
What else makes CloudLab unique?
RR: CloudLab offers a lab facility that allows researchers to push the technology further without fear of breaking something others rely on. Researchers working in a production environment are bound by a tension between wanting to push the infrastructure to its edge – making it go beyond uses intended by designers or operators – and being held back by the fear that doing so will break it. We need testbeds in which researchers can push, prod and poke the technology with more flexibility and without fear. This is the kind of environment that CloudLab offers.
The CloudLab site in Utah has an emphasis on energy-efficient clouds. Our equipment includes both traditional server platforms and lower-power options using ARM architecture. Soon we will add Intel systems-on-chips designs. CloudLab machines have power instrumentation that allows users to evaluate not only the performance and robustness of the technologies, but also how “green” they are. Researchers can test different architectures to examine tradeoffs between power, performance and other metrics.
How will SCinet Network Security use CloudLab at SC16?
AC and JB: The Network Security Team probes and analyzes all of SCinet. We begin the process in late October during staging week to ensure SCinet equipment is not compromised when we bring it into the Salt Palace. Our job starts as soon as the first piece of SCinet equipment is powered on since we often see external probing and attacks soon after the network goes online. This provides us with a baseline, and we expand our analysis as more components of SCinet are brought online. During SC16, terabytes of analysis data, including logs, metadata and possible indicators of compromise, will be sent over a private, encrypted connection from SCinet to CloudLab. This secure connection is made possible by the ability to create private networks on the Utah Education Network and the University of Utah’s Science DMZ, which is managed by University Information Technology and the Center for High Performance Computing.
The data will be used for real-time and historical analysis, which looks at what happened over the past few hours and days during SC. The analysis occurring within the CloudLab computer cluster provides us with actionable intelligence regarding what is happening on SCinet. While lessons learned from that analysis carries over to our planning efforts for the next SC, we discard collected data at the end of the show to protect exhibitor, attendee and volunteer privacy.
RR: CloudLab provides SCinet’s Network Security Team with the resources needed to analyze those terabytes of data. Network data will be securely routed to computer clusters hosted in the University of Utah’s Downtown Data Center, just a few blocks from the Salt Palace. With CloudLab’s flexibility, the team will have complete control over the environment and can set up the processing pipeline to best meet their needs.