From DETERLab to SPHERE

Over the past two decades, USC-ISI’s DETER Project built, designed, and operated DETERLab (cyber DEfense Technology Experimental Research Laboratory), a state-of-the-art scientific computing facility for cybersecurity researchers and educators. Researchers engaged in research, development, discovery, experimentation, and testing of innovative cybersecurity technology. Educators used the testbed to teach security, networking, and operating systems classes. As a shared, public testbed, DETERLab has supported and benefited research and education in cybersecurity across a broad user community, including academia, industry, and government. To date, it has served a broad research community, including 389 research project teams from 278 institutions, and involving 1,042 researchers from 205 locations and 46 countries. Some example projects included human behavior modeling in cybersecurity scenarios, defenses against extremely large scale DDoS, worm and botnet attacks, encrypted traffic classification, and phishing deception. DETERLab has also been used in education by 230 classes from 147 institutions, and helped educate more than 20,000 students.

The DETERLab design used and significantly extended Emulab testbed management code. The DETERLab team has added subsystems to enable experimentation at scale and complexity representative of strategic internets such as those encountered in enterprises, and specialized cyber physical domains. In 2019, USC-ISI introduced Merge, a new framework for testbed control and management, built using modern open-source tools and meant for large-scale, high-fidelity, robust experimentation. Merge currently supports three testbeds at USC-ISI (modernized DETERLab for cybersecurity, DCOMP for distributed systems, and Lighthouse for extreme virtualization) with diverse hardware and hundreds of users.

Now with support from the NSF Mid-Scale Research Infrastructure (MSRI) program, we are pleased to announce our plans to build a new research infrastructure – SPHERE: Security and Privacy Heterogeneous Environment for Reproducible Experimentation. SPHERE will be a research infrastructure for at-scale, realistic and reproducible cybersecurity and privacy experimentation across very diverse hardware. This next generation experimental research infrastructure will employ the Merge software control stack. On day one, SPHERE will adopt compute nodes from modernized DETERLab and embedded compute nodes from DCOMP. In the future, SPHERE will include a variety of hardware, including embedded/edge computing devices, devices for machine learning training and inference, cyber-physical devices and programmable logic controllers, Internet of Things devices, programmable network devices, and general computing devices. The SPHERE research infrastructure will facilitate novel, transformative research endeavors in cybersecurity and privacy: reproducible and deployable research products developed and tested in representative environments, integrated and broadly-applicable research across multiple disciplines, and research on novel threats and defenses.

With the advent of SPHERE we are decommissioning DETERLab. Researchers and educational users of DETERLab are already using the early SPHERE prototype – general compute nodes running Merge software in modernized DETERLab. Current users will continue to be supported and will have the opportunity to benefit from early SPHERE research infrastructure as it comes online.

We thank the generations of DETERLab users and encourage you to participate in the new SPHERE community!

You can learn more about DETERLab at https://deter-project.org/

You can learn more about Merge at: https://mergetb.org/
and SPHERE at: https://sphere-project.net/. and
https://new.nsf.gov/news/nsf-announces-4-mid-scale-research-infrastructure

DARPA Test & Evaluation Projects

USC-ISI has provided deep, extensive technical expertise in T&E methodologies, tools, scenario development, and operation of testbed facilities. The team has performed T&E roles within DARPA’s SAFER, EdgeCT, DCOMP, XD3, and Searchlight programs, leveraging either DETERLab or other Merge-based testbeds.

The Merge testbed platform is a mature and fully open-source testbed software stack developed at ISI. Merge testbeds facilitate high-fidelity networked experimentation through state-of-the-art node and network virtualization technologies, enabling creation of realistic and diverse network topologies running real network hardware, operating systems, middleware, and application software.

SAFER

Under the DARPA Safer Warfighter Communications (SAFER) program, ISI's DETERLab served as the testbed and experimentation platform for the development and evaluation of technologies advancing the state-of-the-art in non-blockable and anonymous communication, such as Tor. Five separate research projects developed adversary-resistant communication technology to circumvent censorship. Complex experiments were conducted, requiring thousands of emulated users communicating with applications such as instant messaging, social networking, streaming video, and video conferencing, while red teams representing hostile network operators attempted to deanonymize users and block communication.

EdgeCT

Under the DARPA Edge-Directed Cyber Technologies for Reliable Mission Communication (EdgeCT) program, ISI’s DETERLab served as the testbed and experimental platform for the development evaluation of performer technologies. The testbed was used to build realistic models of networks and workloads to help guide partner researcher and evaluate prototypes. These networks had to accurately model transition partner edge enclaves, the networks between them, and the workflows they conducted.

DCOMP

Under the DARPA Dispersed Computing (DCOMP) program, ISI’s DCOMP testbed was used for program evaluation. The DCOMP testbed was controlled by the Merge software and composed of 1,444 nodes to routinely support simultaneous experiments with hundreds of nodes interconnected through complex network topologies. The DCOMP program developed robust decision systems to enable secure, collective tasking of computing assets in a mission-aware fashion by users with competing demands, and across large numbers of heterogeneous computing platforms at the edge.

XD3

Under the DARPA Extreme DDoS Defense (XD3) program, ISI’s DETERLab served as the test platform to evaluate six technologies: machine-learning based real-time endpoint detection and mitigation for low-volume DDoS attacks; elastic dispersion-oriented systems that deploy additional micro computational units when under attack; disguise-based in-network technology that mitigate attacks before they reach the server; and deceptive defense strategies providing false information to attackers.

SEARCHLIGHT

Under the DARPA Searchlight program, ISI partnered with Sandia National Laboratories to evaluate performer technologies developed for analysis and QoS management of an enterprise’s distributed applications overlaid on the internet. This evaluation used the Lighthouse Merge-based testbed, which consisted of a subset of the high-end nodes from the original DETERLab testbed that were modified to support extensive virtualization built around the open-source type-2 hypervisor system QEMU /KVM and Sandia’s virtual machine automation platform, Minimega.

SPHERE Proposal

• Summary
• Description and References
• Data Management Plan

Current Testbed Status (as of June 11, 2024)

SPHERE Sponsors and Partners

Organizations interested in sponsoring or partnering with SPHERE, or donating equipment, including CPS or IoT devices, please contact us.

Sponsor

National Science Foundation (NSF)

NSF is an independent agency of the United States federal government that supports fundamental research and education in all the non-medical fields of science and engineering. NSF is funding the construction of SPHERE through a Mid-scale Research Infrastructure-1 award. With NSF's support, SPHERE will deploy advanced hardware and software to facilitate foundational and translational cybersecurity and privacy research, including edge computing devices, programmable logic controllers, and Internet of Things devices. This support will enable SPHERE to transform cybersecurity and privacy research into a community-wide effort, advancing scientific discovery and enhancing the nation's cybersecurity research capabilities.

Partners

Advanced Micro Devices, Inc. (AMD)

AMD is an American multinational corporation and semiconductor company that develops computer processors and related technologies for business and consumer markets. AMD donated eight (8) NetFPGA network cards to SPHERE, enhancing the platform's ability to conduct comprehensive cybersecurity and privacy experiments across varied infrastructures. This donation strengthens SPHERE's research capabilities in network performance monitoring and advanced networking protocol analysis.