About
Leadership Team
 |
 |
 |
 |
 |
Jelena Mirkovic (USC-ISI) - Lead PI
Erik Kline (USC-ISI) - Co-PI and Tech Lead
David Choffnes (Northeastern University) - Co-PI
David Balenson (USC-ISI) - Community Outreach Director
Alba Regalado (USC-ISI) - Project Manager
Project Team
 |
 |
 |
 |
 |
Terry Benzel (USC-ISI) - Liaison to ISI and USC
Geoff Lawler (USC-ISI) - Research Engineer
Joseph Barnes (USC-ISI) - Senior Research Engineer
Christopher Tran (USC-ISI) - Research Engineer
Yuri Pradkin (USC-ISI) - Operations Engineer
 |
 |
 |
 |
Srivatsan Ravi (USC-ISI) - SME, Distributed Systems
Erika Bobbitt (USC) - Consultant, Project Management
Shambhavi Sinha (USC-ISI) - Graduate Student Assistant
Rahul Ganesh (USC-ISI) - Graduate Student Assistant
 |
 |
 |
 |
Luis Garcia (University of Utah) - SME, Cyber-Physical Systems
Daniel Dubois (Northeastern University) - Tech Lead, IoT
Nandan Desai (Northeastern University) - Research Engineer
Kevin Aldana (Northeastern University) - Research Engineer
Advisory Board
 |
 |
 |
 |
Eric Eide (University of Utah) - Research Associate Professor
Inder Monga (ESNet) - Executive Director, Division Director of Scientific Networking
Kate Keahey (University of Chicago; Argonne National Laboratory) - Senior Fellow; Computer Scientist
Margaret Martonosi (Princeton University) - Professor of Computer Science
  |
 |
 |
Patrick Traynor (University of Florida) - John and Mary Lou Dasburg Preeminence Chair in Engineering
Raheem Beyah (Georgia Institute of Technology) - Dean of the College of Engineering, Southern Company Chair
Sujata Banerjee (Microsoft) - Partner Research Manager
Tingting Chen (Cal Poly Pomona) - Professor of Computer Science
From DETERLab to SPHERE
Over the past two decades, USC-ISI’s DETER Project built, designed, and operated DETERLab (cyber DEfense Technology Experimental Research Laboratory), a state-of-the-art scientific computing facility for cybersecurity researchers and educators. Researchers engaged in research, development, discovery, experimentation, and testing of innovative cybersecurity technology. Educators used the testbed to teach security, networking, and operating systems classes. As a shared, public testbed, DETERLab has supported and benefited research and education in cybersecurity across a broad user community, including academia, industry, and government. To date, it has served a broad research community, including 389 research project teams from 278 institutions, and involving 1,042 researchers from 205 locations and 46 countries. Some example projects included human behavior modeling in cybersecurity scenarios, defenses against extremely large scale DDoS, worm and botnet attacks, encrypted traffic classification, and phishing deception. DETERLab has also been used in education by 230 classes from 147 institutions, and helped educate more than 20,000 students.
The DETERLab design used and significantly extended Emulab testbed management code. The DETERLab team has added subsystems to enable experimentation at scale and complexity representative of strategic internets such as those encountered in enterprises, and specialized cyber physical domains. In 2019, USC-ISI introduced Merge, a new framework for testbed control and management, built using modern open-source tools and meant for large-scale, high-fidelity, robust experimentation. Merge currently supports three testbeds at USC-ISI (modernized DETERLab for cybersecurity, DCOMP for distributed systems, and Lighthouse for extreme virtualization) with diverse hardware and hundreds of users.
Now with support from the NSF Mid-Scale Research Infrastructure (MSRI) program, we are pleased to announce our plans to build a new research infrastructure – SPHERE: Security and Privacy Heterogeneous Environment for Reproducible Experimentation. SPHERE will be a research infrastructure for at-scale, realistic and reproducible cybersecurity and privacy experimentation across very diverse hardware. This next generation experimental research infrastructure will employ the Merge software control stack. On day one, SPHERE will adopt compute nodes from modernized DETERLab and embedded compute nodes from DCOMP. In the future, SPHERE will include a variety of hardware, including embedded/edge computing devices, devices for machine learning training and inference, cyber-physical devices and programmable logic controllers, Internet of Things devices, programmable network devices, and general computing devices. The SPHERE research infrastructure will facilitate novel, transformative research endeavors in cybersecurity and privacy: reproducible and deployable research products developed and tested in representative environments, integrated and broadly-applicable research across multiple disciplines, and research on novel threats and defenses.
With the advent of SPHERE we are decommissioning DETERLab. Researchers and educational users of DETERLab are already using the early SPHERE prototype – general compute nodes running Merge software in modernized DETERLab. Current users will continue to be supported and will have the opportunity to benefit from early SPHERE research infrastructure as it comes online.
We thank the generations of DETERLab users and encourage you to participate in the new SPHERE community!
You can learn more about DETERLab at https://deter-project.org/
You can learn more about Merge at: https://mergetb.org/
and SPHERE at: https://sphere-project.net/. and
https://new.nsf.gov/news/nsf-announces-4-mid-scale-research-infrastructure
DARPA Test & Evaluation Projects
USC-ISI has provided deep, extensive technical expertise in T&E methodologies, tools, scenario development, and operation of testbed facilities. The team has performed T&E roles within DARPA’s SAFER, EdgeCT, DCOMP, XD3, and Searchlight programs, leveraging either DETERLab or other Merge-based testbeds.
The Merge testbed platform is a mature and fully open-source testbed software stack developed at ISI. Merge testbeds facilitate high-fidelity networked experimentation through state-of-the-art node and network virtualization technologies, enabling creation of realistic and diverse network topologies running real network hardware, operating systems, middleware, and application software.
SAFER
Under the DARPA Safer Warfighter Communications (SAFER) program, ISI's DETERLab served as the testbed and experimentation platform for the development and evaluation of technologies advancing the state-of-the-art in non-blockable and anonymous communication, such as Tor. Five separate research projects developed adversary-resistant communication technology to circumvent censorship. Complex experiments were conducted, requiring thousands of emulated users communicating with applications such as instant messaging, social networking, streaming video, and video conferencing, while red teams representing hostile network operators attempted to deanonymize users and block communication.
EdgeCT
Under the DARPA Edge-Directed Cyber Technologies for Reliable Mission Communication (EdgeCT) program, ISI’s DETERLab served as the testbed and experimental platform for the development evaluation of performer technologies. The testbed was used to build realistic models of networks and workloads to help guide partner researcher and evaluate prototypes. These networks had to accurately model transition partner edge enclaves, the networks between them, and the workflows they conducted.
DCOMP
Under the DARPA Dispersed Computing (DCOMP) program, ISI’s DCOMP testbed was used for program evaluation. The DCOMP testbed was controlled by the Merge software and composed of 1,444 nodes to routinely support simultaneous experiments with hundreds of nodes interconnected through complex network topologies. The DCOMP program developed robust decision systems to enable secure, collective tasking of computing assets in a mission-aware fashion by users with competing demands, and across large numbers of heterogeneous computing platforms at the edge.
XD3
Under the DARPA Extreme DDoS Defense (XD3) program, ISI’s DETERLab served as the test platform to evaluate six technologies: machine-learning based real-time endpoint detection and mitigation for low-volume DDoS attacks; elastic dispersion-oriented systems that deploy additional micro computational units when under attack; disguise-based in-network technology that mitigate attacks before they reach the server; and deceptive defense strategies providing false information to attackers.
SEARCHLIGHT
Under the DARPA Searchlight program, ISI partnered with Sandia National Laboratories to evaluate performer technologies developed for analysis and QoS management of an enterprise’s distributed applications overlaid on the internet. This evaluation used the Lighthouse Merge-based testbed, which consisted of a subset of the high-end nodes from the original DETERLab testbed that were modified to support extensive virtualization built around the open-source type-2 hypervisor system QEMU /KVM and Sandia’s virtual machine automation platform, Minimega.
Current Testbed Status
SPHERE Testbed Resources (as of July 2, 2025)
User Portals
Available portals
| Portal Name | Description | Demographic |
|---|---|---|
| GUI (Graphical User Interface) | This Graphical User Interface portal enables users to draw and annotate network topologies and workflows through intuitive visual tools, designed for accessibility by novice users. | Novice users |
| MAN (Manual) | The Manual portal provides advanced SSH-based access for expert users to directly control experimental nodes and conduct exploratory research with maximum flexibility in testbed resource manipulation. | Exploratory research |
| JUP (Jupyter) | Through the Jupyter portal, mature experimental workflows are documented and automated using notebook interfaces, ensuring research reproducibility and systematic execution. | Mature research |
| EDU (Education) | Serving as an Education portal, this platform empowers teachers to create student accounts, upload materials, and design cybersecurity assignments featuring attack-defense scenarios in contained network environments. | Teachers, students |
Future portals
| Portal Name | Description | Demographic |
|---|---|---|
| HUM (Human User Studies) | Operating as a Human Study portal, this platform facilitates researcher deployment of innovations and systematic collection of participant feedback through structured interaction pathways on the SPHERE platform. | Researchers, study participants |
| AEC (Artifact Evaluation Committee) | Functioning as the Artifact Evaluation Committee portal, this system connects paper authors with reviewers on shared infrastructure, supporting the submission, assessment, and archival of research artifacts for community reuse. | Authors, evaluators |
Libraries
Available resources
| Artifacts |
|---|
| ... |
Available resources
| REEs |
|---|
| ... |
Introductory Labs
| Lab | Description | Prerequisites |
|---|---|---|
| Introduction to SPHERE | Introduction to the SPHERE testbed. | Basic understanding of the Unix command line and virtual machines. |
| Introduction to Unix/Linux | Introduction to the Unix command line interface and its utilities. | Basic understanding of programming. |
Distributed Denial of Service Labs
| Lab | Description | Prerequisites |
|---|---|---|
| DDoS: Hash Collisions | In this exercise, you will exploit and mitigate a has-collision denial-of-service (DOS) attack. | Basic understanding of hash tables (especially algorithmic complexity of its operations). |
| DDoS: Slowloris Attack | This exercise demonstrates the Slowloris attack and the resources it consumes. | Basic understanding of computer networking. |
| DDoS: TCP SYN Flood | This exercise demonstrates the TCP SYN (synchronize) flood. | Basic understanding of computer networking, TCP SYN flood attack logistics, and SYN cookies. |
Exploitative Labs
| Lab | Description | Prerequisites |
|---|---|---|
| Exploits: Buffer Overflow | Introduction to buffer overflows, their exploits, and their mitigation. | Basic understanding of the Unix command line, POSIX permissions, and basic programming (C and HTTP). |
| Exploits: Computer Forensics | Introduction to basic forensic analysis theory and practice. Investigation of disk images, data recovery, and compromised systems. | Basic understanding of the Unix shell environment and common shell utilities (e.g., find, grep, strings, etc.). |
| Exploits: Cross-Site Scripting (XSS) | Introduction to XSS and Persistent Cross-Site Scripting. | Basic understanding of the Unix command line, POSIX permissions, and basic programming (C and HTTP). |
| Exploits: Pathname Attacks | Introduction to pathname attacks. | Basic understanding of the Unix command line, POSIX permissions, and basic programming (Perl and HTTP). |
| Exploits: SQL Injection | Introduction to SQL (Structured Query Language) Injection attacks. | Basic understanding of the Unix command line, POSIX permissions, and basic programming (PHP and SQL). |
Networking Labs
| Lab | Description | Prerequisites |
|---|---|---|
| Networking: IPv6 | Exercise that incorporates IPv6 internetworking. | Basic understanding of the Unix command line and networking. |
| Networking: Routing, Addressing, and Port Forwarding | In this exercise, you'll practice configuring IP addressing, route tables, private address prohibition, network address translation, and port forwarding. | Basic understanding of the Unix command line, networking, and configuration. |
Prevention Labs
| Lab | Description | Prerequisites |
|---|---|---|
| Passwords: Cracking | This exercises introduces password cracking and its ease. | Basic understanding of the Unix command line. |
| Prevention: OS Hardening | This exercise demonstrates how services are started and stopped in Linux. | Basic understanding of the Unix command line and operating systems. |
| Prevention: POSIX Perfmissions | Introduction to the filesystem and network access control schemes. | Basic understanding of the Unix command line and POSIX permissions. |
| Prevention: Setting up IPSec | This exercise demonstrates the installation, configuration, and testing of IPSec (Internet Protocol Security). | Basic understanding of the Unix command line, networking, and strongswan. |
| Prevention: Snort | Introduction to securing legacy systems and software. | Basic understanding of the Unix command line and networking. |
| Prevention: Stateful Firewalls | This exercise demonstrates network access control schemes and firewalls. | Basic understanding of the Unix command line and iptables. |
Attacks & Miscellaneous Labs
| Lab | Description | Prerequisites |
|---|---|---|
| BGP Prefix Hijack Attacks | Introduction to Border Gateway Protocol (BGP) and prefix hijacking. | Basic understanding of routing protocols, IP forwarding, and Unix command line. |
| Binary Analysis: Introduction to Dwarf | Review different types of compiled binaries and the structure of debugging information in binary programs. | Basic understanding of binary. |
| CCTF: Secure Server | This exercise allows students to practice setting up and monitoring a Web server. | This is a team exercise. |
| CCTF: Secure and Resilient Server | This exercise lets students practice monitoring and defending a Web server. | This is a team exercise. |
| DNS: Man-in-the-Middle Attacks | Introduction to Domain Name System (DNS) and Domain Name System Security (DNSSEC). | Basic understanding of TCP/IP, the client-server model, and the Unix command line. |
| Worms: Modeling the Spread | This exercise demonstrates worm attacks and mitigation. | Basic understanding of the Unix command line, SlammerWorm attacks, WiityWorm attacks, and TCP dumps. |
Upcoming Labs
We are currently developing Jupyterized (using Jupyter Notebook) versions
of these labs for a more user-friendly experience! Coming soon ~
Facilities
Available Nodes
| Manufacturer | Model | CPU(s) | Cores | RAM | Total Memory | NIC | Storage | Node Count |
|---|---|---|---|---|---|---|---|---|
| Gigabyte | Custom Mod-Deter Server | AMD 64C 2.0Ghz 256 mb 200W | 128 | 16 GB (16 modules) | 256 GB | Mellanox CX6 Dual Port 100Gbps PCIe4.0 x16 | 10.4 TB | 44 |
Available Nodes
| Manufacturer | Model | CPU(s) | Cores | RAM | Total Memory | NIC | Storage | Node Count |
|---|---|---|---|---|---|---|---|---|
| Colfax | DcompTB Supermicro Ahi GPU Node | AMD EPYC (Turin) 24C 3.2Ghz 256mb 12channel 360W | 24 | 16 GB (12 modules) | 192 GB | Mellanox Single Port 25 Gbps PCIe4 FHHL | 800 GB | 4 |
Planned Nodes
| Manufacturer | Model | CPU(s) | Cores | RAM | Total Memory | NIC | Storage | Node Count |
|---|---|---|---|---|---|---|---|---|
| Colfax | Custom Gigabyte SPHERE GPU Node CX-119366 | AMD EPYC (Turin) 64C 3.2Ghz 256mb 12channel 360W | 64 | 16 GB (12 modules) | 192 GB | Mellanox Dual Port QSFP56 200Gbps PCIe5.0x16 | 15.8 TB | 10 |
Currently in development and testing.
Currently in development.
Coming Soon!
Coming Soon!
SPHERE Sponsors and Partners
Organizations interested in sponsoring or partnering with SPHERE, or donating equipment, including CPS or IoT devices, please contact us.
Sponsor
National Science Foundation (NSF)
NSF is an independent agency of the United States federal government that supports fundamental research and education in all the non-medical fields of science and engineering. NSF is funding the construction of SPHERE through a Mid-scale Research Infrastructure-1 award. With NSF's support, SPHERE will deploy advanced hardware and software to facilitate foundational and translational cybersecurity and privacy research, including edge computing devices, programmable logic controllers, and Internet of Things devices. This support will enable SPHERE to transform cybersecurity and privacy research into a community-wide effort, advancing scientific discovery and enhancing the nation's cybersecurity research capabilities.
Partners
Advanced Micro Devices, Inc. (AMD)
AMD is an American multinational corporation and semiconductor company that develops computer processors and related technologies for business and consumer markets. AMD donated eight (8) NetFPGA network cards to SPHERE, enhancing the platform's ability to conduct comprehensive cybersecurity and privacy experiments across varied infrastructures. This donation strengthens SPHERE's research capabilities in network performance monitoring and advanced networking protocol analysis.