Security and Privacy Heterogeneous Environment for Reproducible Experimentation

Homepage

SPHERE featured in the USC ISI 2024 Year in Review
View All News

SPHERE RESEARCH INFRASTRUCTURE

SPHERE (Security and Privacy Heterogeneous Environment for Reproducible Experimentation) is a national research testbed funded by the NSF that supports integrated, reproducible cybersecurity and privacy research through access to diverse, user-configurable hardware, software, and networking resources via six specialized user portals. It aims to transform cybersecurity and privacy research, enabling representative, sophisticated, and reproducible experimentation that allows researchers to build on the work of their peers, thus supercharging scientific progress. In addition to scientific experimentation, SPHERE enables a broad range of activities including education, workforce training, cybersecurity exercises, and rigorous test and evaluation.

SPHERE aims to transform cybersecurity and privacy research into a highly integrated, community-wide effort by providing a common, rich, and representative research infrastructure.
SPHERE aims to transform cybersecurity and privacy research into a highly integrated, community-wide effort by providing a common, rich, and representative research infrastructure.
SPHERE completed the first year out of four funded years. We have started development of general-purpose and IoT enclaves, and some general-purpose nodes are already available to beta users.
SPHERE completed the first year out of four funded years. We have started development of general-purpose and IoT enclaves, and some general-purpose nodes are already available to beta users.
Diverse hardware to support diverse research needs (nearly 90% of today's publications): general and embedded compute nodes with trusted hardware, PLCs and IoT devices, programmable switches and NICs, and GPU-equipped nodes.
Diverse hardware to support diverse research needs (nearly 90% of today's publications): general and embedded compute nodes with trusted hardware, PLCs and IoT devices, programmable switches and NICs, and GPU-equipped nodes.
Move your mouse to discover and learn about the components of the SPHERE architecture
new graph
GUI portal
This Graphical User Interface portal enables users to draw and annotate network topologies and workflows through intuitive visual tools, designed for accessibility by novice users.
GUI portal
This Graphical User Interface portal enables users to draw and annotate network topologies and workflows through intuitive visual tools, designed for accessibility by novice users.
MAN portal
The Manual portal provides advanced SSH-based access for expert users to directly control experimental nodes and conduct exploratory research with maximum flexibility in testbed resource manipulation.
MAN portal
The Manual portal provides advanced SSH-based access for expert users to directly control experimental nodes and conduct exploratory research with maximum flexibility in testbed resource manipulation.
JUP portal
Through the Jupyter portal, mature experimental workflows are documented and automated using notebook interfaces, ensuring research reproducibility and systematic execution.
JUP portal
Through the Jupyter portal, mature experimental workflows are documented and automated using notebook interfaces, ensuring research reproducibility and systematic execution.
HUM portal
Operating as a Human Study portal, this platform facilitates researcher deployment of innovations and systematic collection of participant feedback through structured interaction pathways on the SPHERE platform.
HUM portal
Operating as a Human Study portal, this platform facilitates researcher deployment of innovations and systematic collection of participant feedback through structured interaction pathways on the SPHERE platform.
AEC portal
Functioning as the Artifact Evaluation Committee portal, this system connects paper authors with reviewers on shared infrastructure, supporting the submission, assessment, and archival of research artifacts for community reuse.
AEC portal
Functioning as the Artifact Evaluation Committee portal, this system connects paper authors with reviewers on shared infrastructure, supporting the submission, assessment, and archival of research artifacts for community reuse.
EDU portal
Serving as an Education portal, this platform empowers teachers to create student accounts, upload materials, and design cybersecurity assignments featuring attack-defense scenarios in contained network environments.
EDU portal
Serving as an Education portal, this platform empowers teachers to create student accounts, upload materials, and design cybersecurity assignments featuring attack-defense scenarios in contained network environments.
REE library
The Representative Experimentation Environment library serves as a crowdsourced collection of standardized evaluation environments for cybersecurity and privacy research, built through annual funding programs where artifact authors port mature research as virtual interns to create field-specific benchmarks.
REE library
The Representative Experimentation Environment library serves as a crowdsourced collection of standardized evaluation environments for cybersecurity and privacy research, built through annual funding programs where artifact authors port mature research as virtual interns to create field-specific benchmarks.
REE library
The Representative Experimentation Environment library serves as a crowdsourced collection of standardized evaluation environments for cybersecurity and privacy research, built through annual funding programs where artifact authors port mature research as virtual interns to create field-specific benchmarks.
Research artifact library
A comprehensive archive system that enables users to package, store, and share their research artifacts, featuring built-in support for experimental workflows and automatic recording of exploratory research actions, while maintaining verified reproducibility badges from evaluation committees.
Research artifact library
A comprehensive archive system that enables users to package, store, and share their research artifacts, featuring built-in support for experimental workflows and automatic recording of exploratory research actions, while maintaining verified reproducibility badges from evaluation committees.
Merge Portal
Kubernetes-based frontend implementation delivers core API services for experiment compilation and realization, alongside XDC (Experiment Development Container) pods that enable secure user access through SSH/Jupyter interfaces and connect to backend facilities via VPN tunnels. This microservice architecture supports flexible integration and scalable testbed operations.
Merge Facilities
Distributed backend resources combine infrastructure services and podman-containerized core API components with Qemu/KVM virtualization for user experiments, leveraging Cumulus Linux switches for VXLAN-based network segmentation. The system maintains strictly separated networks for infrastructure control and experiment traffic, while supporting multi-facility integration through the Merge Facility API.
Machine learning nodes
Ten powerful GPU-equipped servers are crucial in developing cybersecurity systems incorporating real-time machine learning detection and response capabilities.
Embedded compute nodes
The embedded-compute infrastructure, featuring 400 diverse nodes with CPUs and GPUs, forms a robust backbone for exploring edge security paradigms and advancing federated learning protocols in secure environments.
General compute nodes
Empowering privacy-centric experimentation, the 200 general-compute nodes integrate specialized processor architectures like Intel TDX and AMD SEV, enabling researchers to conduct large-scale security measurements and trustworthy computing investigations.
Embedded CPS
Critical infrastructure protection research finds its home in the cyber-physical systems setup, where complete architectures emulate industrial control systems, allowing security researchers to test and validate defensive measures for vital facilities.
Software-defined networking nodes
A network of 40 nodes equipped with NetFPGAs provide a programmable foundation for investigating SDN security improvements and implementing flexible network defense mechanisms.
FABRIC
FABRIC, a distributed research infrastructure spanning 29 sites with high-speed optical connections, enables SPHERE to link its IoT enclave at Northeastern University with USC-ISI and USC facilities. This connectivity, combined with Merge software, allows SPHERE to create unified experimental topologies across geographically distributed enclaves.
IoT (smart) nodes
The expansive collection of 500 IoT nodes, spanning various smart devices and appliances, serves as a comprehensive testbed for exploring IoT security vulnerabilities and developing privacy-preserving solutions for connected environments.
Security policies
The portal's security policies define three tiers of experiment access: (1) standard policies allow basic Internet connectivity (HTTP, HTTPS, SSH) for common research needs, (2) expanded policies permit broader Internet access with automated monitoring for riskier research like Internet-wide measurements, and (3) containment policies enforce complete isolation for maximum-risk experiments requiring strict security controls.
Security policies
The portal's security policies define three tiers of experiment access: (1) standard policies allow basic Internet connectivity (HTTP, HTTPS, SSH) for common research needs, (2) expanded policies permit broader Internet access with automated monitoring for riskier research like Internet-wide measurements, and (3) containment policies enforce complete isolation for maximum-risk experiments requiring strict security controls.
Six user portals to meet the needs of different user groups, including advanced researchers (MAN), Jupyter notebooks (JUP), novice users (GUI), teachers and students (EDU), human user studies (HUM), and artifact evaluation committees (AEC).
Six user portals to meet the needs of different user groups, including advanced researchers (MAN), Jupyter notebooks (JUP), novice users (GUI), teachers and students (EDU), human user studies (HUM), and artifact evaluation committees (AEC).
Security policies aligned with research needs, enabling experiments with full isolation, measurement research, software download, and risky experiments with malware.
Security policies aligned with research needs, enabling experiments with full isolation, measurement research, software download, and risky experiments with malware.
Support for reproducibility, via easy experiment packaging, sharing, and reuse; processes and incentives for community-wide efforts to develop representative experimentation environments and to continuously contribute high-quality research artifacts.
Support for reproducibility, via easy experiment packaging, sharing, and reuse; processes and incentives for community-wide efforts to develop representative experimentation environments and to continuously contribute high-quality research artifacts.

GETTING STARTED WITH SPHERE

While the SPHERE infrastructure is still undergoing construction, it is open to beta users using currently available resources. To begin using SPHERE, click the “Register” button in the top-right corner of the homepage to create an account; returning users can log in via the adjacent “Login” button. Once approved, you can begin designing and running experiments using SPHERE’s intuitive interfaces and configurable infrastructure. The platform also provides user guides, tutorials, and community support to help you make the most of its capabilities.

Researchers, educators, students, and industry partners can collaborate with SPHERE by contributing experiment artifacts, participating in community workshops, or integrating SPHERE into academic courses, training programs, or cybersecurity exercises.

CALL FOR REPRESENTATIVE EXPERIMENT ENVIRONMENTS (REEs)

Reproducibility is vital to scientific progress but remains a challenge in computer science, particularly in systems, networking, and cybersecurity/privacy research. By working together, we can improve the reusability and transparency of research artifacts, making it easier to build on prior work. The SPHERE research infrastructure aims to accelerate this progress by soliciting Representative Experimentation Environments (REEs) for integration into SPHERE. To support this effort, selected REE contributors will receive paid virtual internships to port their work to SPHERE, ensuring broader accessibility and long-term impact.
Application deadline: April 15, 2025

CALL FOR REES

SUMMER 2025 INTERNSHIP APPLICATIONS NOW CLOSED!

Thank you to all the students who applied for the SPHERE Summer 2025 internships! If you missed this opportunity, be sure to check back next year when we open applications for Summer 2026. Click 'Student Internships' for more information.

Student Internships

PLEASE TAKE OUR COMMUNITY NEEDS SURVEY

We are running a survey to learn about researcher needs around cybersecurity and privacy experimentation. Your feedback will inform our future endeavors in supporting cybersecurity experimentation through our recently funded SPHERE research infrastructure. We want to hear from a wide range of researchers, no experience is too small. The form has six open-ended questions, it is anonymous and you can skip any questions.

Provide feedback
bit.ly_SPHERE-Needs-Survey-Black