Version 8 (modified by 16 years ago) (diff) | ,
---|
Deter Federation Architecture
The papers below lay out the general model for DETER's Federation and fedd's role in it, and reading them is very helpful in understanding the software. As a starting point, the 2008 CSET paper describes the architecture, as follows.
The full federation architecture must meet three goals. First, it must provide experimenters and their tools with sufficient information to guide the process of decomposing experiments into testbeds. To accomplish this the architecture must provide scalable channels for testbeds to advertise or respond to queries about the resources they permit to be federated; this information may be filtered based on the identity of the experimenter or abstracted for scaling. Secondly, experiments must be decomposed and embedded into federated testbeds – we focus on this below. Finally the architecture must support experimentation across the federated experiment. Part of this goal is to generate a cohesive, scalable experimental environment that may be represented differently to different experimenters. For example, experimenters representing attackers and defenders in a competitive experiment may be provided limited knowledge of their opponents' topology. This paper focuses on the decomposition and embedding facets of the architecture – specifically the access control.
The experiment decomposition and embedding phase of the DETER federation architecture can be viewed from several perspectives – experimenters, the federation system, and the federants all see the architecture differently. We discussed the experimenters' view of federation in the introduction, and focus on the system and federants viewpoints here.
For the system implementers the centerpiece of the federation system is the federator. It takes input from experimenters or their tools and creates an experimental environment split across federant testbeds. Specifically, the federator decomposes an experimenter's annotated topology into federable sub-experiments, acquires access to appropriate federants, embeds the sub-experiments in federants, and then connects them into a shared environment. The following figure illustrates this architecture.
The architecture is partitioned to separate concerns of the various players. The partitioning of the experiment into pieces suitable to federation depends on the nature of the experiment. This split must be guided by the experimenter using knowledge of the resources provided by the federation system. For example, an experiment used to study throughput of a new protocol must be aware which links are inside a testbed and completely controlled and which are not, to ensure that the unpredictable link performance does not invalidate the results. Collaborative or adversarial experiments will divide along the lines of visibility and testbed administrative boundaries.
The output of this splitting step is an annotated topology description in a standard language, annotated to facilitate the decomposition. The federator accepts these experiment topology descriptions. Currently this language is the Emulab topology description language, based on the ns simulator language. Each node is annotated to indicate the testbed in which it should be embedded. This is a standard but low-level format: we assume that in most cases this description will be generated by higher-level, more sophisticated tools. The division allows development of domain-specific annotation tools to proceed at the same time as the federator is advanced.
On the other end, the federator must communicate with federant testbeds for two basic operations: requesting resource allocation within the federant and embedding a topology subgraph on that federant. Emulab-based testbeds have interfaces for embedding topologies remotely, and the DETER architecture uses those interfaces directly.
Fedd is our implementation of the federator in the diagram above. More information is available from these papers.
- Ted Faber and John Wroclawski, "A Federated Experiment Environment for Emulab-based Testbeds," in Proceedings of The 5th International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, Washington, DC, (April 2009). (Copies available from the authors upon request)
- Ted Faber and John Wroclawski, "Access Control for Federation of Emulab-based Network Testbeds," In Proceedings of the CyberSecurity Experimentation and Test (CSET) Workshop, San Jose, (July 2008). (pdf)
- Ted Faber, John Wroclawski, and Kevin Lahey, "A DETER Federation Architecture," Proceedings of the DETER Community Workshop on Cyper Security Experimentation and Test, Boston, MA, (August 2007). (pdf)
An overview of DETER research can be found in
- Terry Benzell, Bob Braden, Ted Faber, Jelena Mirkovic, Steve Schwab, Karen Sollins, and John Wroclawski "Current Developments in DETER Cybersecurity Testbed Technology," Proceedings of Cybersecurity Applications and Technology for Homeland Security, Washington, DC, (March 2009).
Attachments (1)
- Fed_arch_fig.png (68.3 KB) - added by 16 years ago.
Download all attachments as: .zip