ProtoGENI, a Prototype GENI Under Security Vulnerabilities: An Experiment-Based Security Study

ProtoGENI is one of the prototype implementations of global environment for network innovations (GENI). ProtoGENI proposes and executes the GENI control framework, including resource management and allocation for authenticated and authorized experimenters. Security and inevitably are the most import...

Full description

Saved in:
Bibliographic Details
Published inIEEE systems journal Vol. 7; no. 3; pp. 478 - 488
Main Authors Dawei Li, Xiaoyan Hong, Witt, Darwin
Format Journal Article
LanguageEnglish
Published New York IEEE 01.09.2013
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Allocations
Authorization
Experiments
Exploration
Feasibility
Freeware
GENI security
global environment for network innovations (GENI) experiments
Internet
Local area networks
Network security
Networks
protoGENI
Prototypes
Resource management
Security
Servers
Software
Strategy
vulnerability
Online AccessGet full text

Cover

More Information
Summary:ProtoGENI is one of the prototype implementations of global environment for network innovations (GENI). ProtoGENI proposes and executes the GENI control framework, including resource management and allocation for authenticated and authorized experimenters. Security and inevitably are the most important concerns in the whole development process. In this paper, we study and evaluate its security vulnerabilities according to GENI's security goals. We analyze the threat model of ProtoGENI and categorize four broad classes of attacks. Based on the role of an active experimenter, we demonstrate experiments as proof of the concept that each class of attacks can be successfully launched using common open source network tools. We also present analysis and experiments that show perspectives on the potential risks from an external user. Furthermore, we discuss the feasibility and possible defense strategies on ProtoGENI security with respect to our preliminary experiments and potential future directions. Our contribution lies in examining known vulnerabilities without requiring sophisticated experiments while remaining effective. We have reported our findings to the ProtoGENI Team. Our work indicates that the solutions have been deployed. This paper validates that experiment-based vulnerability exploration is necessary.
Bibliography:ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 23
ISSN:1932-8184
1937-9234
DOI:10.1109/JSYST.2012.2221959