Federated Cybersecurity Testbed as a Service (FCTaaS)
PI: Salim Hariri
With the advent of ‘smart’ infrastructure systems that integrate digital communications and controls with physical control systems and human operators or beneficiaries. These infrastructures and their services have created more new vulnerabilities than would exist if the sub-systems were isolated from one another. Sophisticated cyberattacks can exploit these vulnerabilities to disrupt or even completely disable the operations of our critical infrastructures and their services. The recent embrace of Internet of Things (IoT), autonomous driving, and cloud computing will further exacerbate the cybersecurity problem.
There are many testbeds, physical, virtual and simulations for critical infrastructures and cyber systems. Furthermore, it is extremely difficult for one organization to have all the required expertise to perform research and development on these heterogeneous testbeds, and it is cost prohibitive to own and manage these testbeds. However, to understand the interdependency among these testbeds and their implications on cybersecurity issues and how to develop effective defense solutions, researchers and educators need to have full access to federated testbeds that accurately represent their operations and their interdependencies. It is important to be able to compose several testbeds into one federated testbed that includes smart devices and sensors, IoT devices, cloud systems, smart grids, smart buildings, etc. (ultimately what is known as smart cities or smart governments). These federated testbeds can then be used to train students on how to analyze the normal operations of the composed testbeds, identify their interdependencies, vulnerabilities and how they can be exploited to lunch sophisticated cyberattacks, how to develop innovative defend techniques, and how to protect them.
The main goal of this project is to explore innovative techniques to allow seamlessly composition of a federated testbed that consists of several heterogeneous testbeds include virtual cybersecurity testbeds, IoT testbeds and cyber-physical testbeds. There are currently many isolated cybersecurity and cyber-physically testbeds but currently there are no methodologies and tools to automatically build a federated testbed (a testbed of heterogeneous testbeds). The availability of such a federated testbed that can be ubiquitously accessed as a cloud service to address important research issues related to future cyberspace applications and services such as:
1. How do we model, and predict operations and interactions among complex, large, heterogeneous, and dynamic federation of cybersecurity and cyberphysical testbeds?
2. How do we secure and protect smart infrastructure resources and services and their interactions under normal and abnormal situations that may be caused by nature, accident, or malicious actions?
3. How do we develop an innovative teaching and training experiments to provide hands-on experiences on how to discover existing or newly created vulnerabilities within an infrastructure or caused by the interactions with other infrastructures, detect and protect their operations against malicious attacks.
4. The development of the federated testbed will explore the following research issues:
a. How to seamlessly compose several testbeds (some completely virtual, some physical)?
b. How to schedule experiments on these heterogeneous testbeds that are managed and controlled by different organizations?
c. How to securely access geographically dispersed heterogeneous testbeds and maintain privacy of users and their experiments that are running on cross-domain resources?
d. How to manage the global time so one event in one testbed and its impacts on another testbed can be evaluated?
There are many challenges to develop the proposed federated cybersecurity testbed as a service (FCTaaS), and this proposal will allow us to explore innovative techniques in order to overcome the research challenges of developing a multi-domain collaborative and federated testbed environment.
Overview of Research Approach
The goal of this proposal is to explore the development of a federated cybersecurity testbed that can be offered as a cloud service (FCTaaS) that will provide innovative capabilities to allow researchers and students to experiment with and evaluate different techniques and tools to detect and protect smart infrastructures and their services from malicious cyberattacks, faults or accidents. There are currently many isolated security testbeds that are not easy to access or conduct complex security experiments, they are manual intensive and cannot seamlessly integrate virtual and physical security testbeds. Figure 1 shows the FCTaaS architecture that addresses these challenges. The architecture provides a service oriented architecture (see Figure 2) to allow the researchers and educators to publish security experiments for research and training. In addition, the FCTaaS will allow researchers to add their security testbeds to FCTaaS list of supported testbeds. Initially, we will collaborate with the researchers at University of Detroit Mercy (UDM) to add their Ford Breadboard Smart Car testbed. The initial list will include the UA IoT Testbed, Virtual Cybersecurity Testbed that is currently hosted on Amazon public cloud, and our Wireless Security Testbed. The FCTaaS architecture shown in Figure 1 will utilize open communication standards and security tools that are developed at the NSF Center for Cloud and Autonomic Computing to maintain the security and privacy of the federated security testbed. These services will allow heterogeneous testbeds to communicate their data syntactically and semantically (so we can understand the data semantics and the dependencies among these testbeds). The Experiment management services will also allow users to configure the required testbeds and their interactions, manage the global time among all testbeds used in the experiment, and also adopt these testbeds as required by the experiment goals.
