SENDLAB:
Secure Network Systems Design Laboratory
Electrical
& Computer Engineering Department
Stevens
Institute of Technology
Hoboken,
NJ 07030
Located
within the Department of Electrical and Computer Engineering at Stevens
Institute of Technology, the secure network design laboratory (SENDLAB) will be
the first of its kind in the country and constitute a new technology in the
design of complex systems. Building on the achievements and lessons learned
from the Networking and Distributed Algorithms Lab in Arizona, SENDLAB's
infrastructure will enable the migration of a novel security idea for a given
network security problem, all the way from conception to testing it in a near
operational setting on a prototype network, quickly and accurately. The underlying
thinking, pioneered by SENDLAB researchers, is that security cannot be adopted
as an afterthought; it has to be integrated into the network system design
process. This promising technology is the result of one conceptual and four
technological innovations. The conceptual innovation consists of a fundamental
network security framework, adopted by the National Security Agency in their
Network Rating Model that enables a systematic and scientific approach to
analyzing network vulnerabilities, testing through synthetic attack models, and
designing comprehensive countermeasures. Under technological innovations, the
first is a new approach to behavior modeling and asynchronous distributed
simulation capability, that is unique, well tested, and established in the
networking and network security community. The use of distributed visualization
to ensure accurate simulation results also forms an element of the first
innovation. Following a successful simulation of the proposed solution, the
simulation code corresponding to the solution is transformed from C/C++/Java
into nVHDL and then mapped, quickly, onto field programmable gate array
hardware, FPGA-based circuit boards. nVHDL will incorporate accurate
representation of PCI and PCI-X buses and distributed simulation for fast
results, and constitutes the second innovation. The third innovation is a new
thinking that bootstraps the asynchronous simulation process with the
FPGA-based hardware design process through innovative performance metrics.
Under the fourth and final innovation, the FPGA-based boards are integrated
with existing processors (Pentium) to form a synthetic network node with new
properties, quickly. A prototype network is created from interconnecting an
appropriate number of these nodes and it constitutes a testbed that closely
resembles a true operational system. A
breakthrough research into integrating discrete and analog simulations within a
single framework, pioneered here, provides SENDLAB a unique and unprecedented
capability.
The
infrastructure within SENDLAB is organized into four key modules, A through D.
Module A consists of a testbed of 75 Pentium 1.8 Ghz machines with 512MB RAM,
connected by 100 Mb/s Fast Ethernet and configured as a loosely-coupled
parallel processor. Its primary function is to support very large-scale
modeling and asynchronous simulation efforts. Module B consists of a testbed of
ATM switches, ATM packet filters, and specialized hardware-software to study
network vulnerabilities, especially fast distributed intrusions that are highly
likely in the future. Module C is designed to investigate, at the computer
architecture level, the impact of lightning fast viruses and intrusions of the
future, and new mechanisms to defeat them. Module D constitutes the FPGA-based
hardware design stations and testing and debugging aids.
SENDLAB
will serve as a key laboratory and one of several labs within the overarching
Center for Wireless Network Security being established at Stevens Institute of
Technology. The center will constitute a timely and effective response to the
needs of homeland security. The need for security is inherent in homeland
defense system, US defense department's future combat system program, and every
complex networked information technology system. Thus, SENDLAB will play a
critical role, focusing on technogenesis, i.e. both theory and practice, and
adopt a holistic approach to the discipline of network security. By their very
nature, these systems permit users to utilize and share its distributed
resources. Thus, the system must protect its resources and the users'
information from external malicious users as well as internal processes gone
berserk.
In
addition to investigating virtually every aspect of network security, SENDLAB
will focus on challenging research problems from the following areas:
·
Asynchronous Distributed
Decision-Making Algorithms (ADDM): Fundamental properties of ADDM algorithms,
stability of ADDM algorithms, absolute performance of ADDM algorithms, and a
mathematical framework to synthesize asynchronous decentralized algorithms from
centralized descriptions.
·
Network Security: A
fundamental framework for comprehensive network security -- adopted by National
Security Agency in their Network Rating Model
(http://www.radium.ncsc.mil/nrm/rev961031.html),
security on demand in ATM network, a framework to evaluate network topology
impact on network security performance, a new approach to uncovering
vulnerabilities and designing attacks for ATM networks, design of a distributed
hardware-software sentinel for ATM network, integrating ATM Forum security
specifications with fundamental security framework, human immune
system-inspired strategic-tactical architecture for intrusion detection in future
networking, new forms of cyberattacks enabled by advances in networking in the
future, fundamental nature of computer viruses, and computer architecture
redesign to harden against next-generation virues and intrusions.
·
Network security and law
enforcement: Identify, comprehensively, the requirements of the future network,
from the perspective of law enforcement, one that reflects the network
performance and functionality needs of the public, industry, and DoD, and in
keeping with advances in networking and computing infrastructure. Delineate the
necessary legal basis to address cybercrimes relative to the future network.
The role of the 5th Amendment in protecting privacy at increasingly higher
levels of abstraction, beyond the present cyberspace.
·
Networking: Network-centric
systems design language, secure network architecture for critical functions,
high-performance, next generation IP router architecture, definition and
fundamental attributes of high-speed networks, generalized networks,
distributed dynamic self-healing algorithms for ATM networks, accurate modeling
and simulation of ATM networks, performance characterization of ATM networks,
fuzzy thresholding-based buffer management in ATM networks,
guaranteed-no-cells-dropped buffer management scheme for ATM networks, impact
of source traffic bandwidth distribution on the quality of service (QoS) in ATM
networks, novel routing mechanism for future high-speed networks, concurrent
call processing architectures for ATM networks, architectures for interfacing
call processor with switch fabric, network topology and performance,
architecture for deep space networking, determining network operating point for
ATM and future networks, intelligent network management, ATM traffic modeling,
distributed visualization of network operations, and stability of distributed
algorithms for dynamic routing.
·
Interdisciplinary research:
Analyzing phenomena in biology and nature and conceptualizing and adapting the
ideas across different engineering problems. Synthesizing creative traits in
robot colonies that will survive unforeseen situations during space
exploration, introducing new behaviors in selected molecules of a synthetic
vaccine so the drug can make a difference under abnormal life threatening
conditions. Human immune system inspired strategic-tactical architecture for
fast and accurate intrusion detection in high-speed networks. Use of reflection
as practical vehicle to triggering creativity in ordinary engineering students.
·
Computer-Aided Design of
Digital Systems: A science of hardware description languages (HDLs) to address
future digital systems, new semantics for transport delays in VHDL, origin of
delta delays in VHDL, behavior-level fault modeling, distributed test
generation and fault simulation and concurrent execution of VHDL models on
loosely-coupled parallel processors, design and implementation of the
next-generation hardware description language (nVHDL), a breakthrough approach
for simulating continuous (analog) and discrete (digital) subcomponents of a
VLSI design simultaneously (in a uniform framework) in nVHDL.
·
Modeling and Simulation of
Complex Systems: The fundamental notion of timing in simulation, a science of
modeling and distributed simulation of complex processes, a distributed
deadlock-free and null message-free discrete event simulation algorithm,
modeling an architecture for integrating patient medical records, modeling
decentralized command and control in the military, generalized discrete event
specification (GDEVS), a new principle for simulation beyond time-based and
event-driven techniques.
·
Intelligent Transportation:
A distributed, national architecture for IVHS, new algorithms for coordination
and control in railway networks, personalized rapid transport, stability of
large-scale intelligent transportation systems, and scientific estimation of
realistic traffic for design of ITS systems.
·
Computational Science &
Engineering: A fundamental continuity of care index in medical care
(computational medicine), real-time domestic and international payments
processing systems, computational intelligence in IP and ATM networking.
·
Reconfigurable Computer
Architecture: We have developed the research area of reconfigurable computer
architectures wherein an architecture is synthesized from a finite set of
reconfigurable hardware blocks such that the architecture executes given
critical sections most efficiently. A configuration compiler intercepts a
high-level program, analyzes it, and generates a map to reconfigure a
specialized processor organization in addition to its normal task of generating
instructions for execution on the machine.
·
Computer Engineering and
Science (CpE&S) Education: New graduate program in networked information
systems engineering, characteristics of the Ph.D. process, redesigning the
computer engineering and science program, physics of computer engineering and
science problems, qualitative metrics to assess quality of advanced graduate,
role of honors theses in a computer engineering B.S. program, influence of
challenging exams and open-ended projects in fostering creativity in
engineering students, and modeling the admissions process for an engineering
B.S. program.
·
Ethics: Basis for ethical
thinking in the increasingly abstract engineering systems in the future,
practical mechanisms for ethical decision-making in subtle and complex
engineering situations.
·
Others: Electromagnetic
field theory as the basis for point location algorithm in computational
geometry, large-scale asynchronous concurrent software systems, distributed
resources allocation, and dynamic debugging environments for distributed
algorithms executing on loosely-coupled parallel processors.
In
addition to leading edge research, researchers envision SENDLAB playing a
critical role, not only in testing new networking and network security ideas,
but in training personnel from industry, law enforcement, government, and
military in the area of networked information systems.
At
the present time, the research personnel consists of 5 advanced and highly
motivated Ph.D. students, all with unusually strong background in industry,
defense, or research, several talented undergraduate researchers, and one
faculty. In addition, two dynamic professors will spend their year-long
sabbatical at SENDLAB. A number of prominent individuals have visited the
laboratory including Frank Fernandez (ex-Darpa director and currently institute
director at Stevens), Sudhir Aggarwal (Chief Technical Officer of a Lucent
spinoff), Jerry Hultin (Former undersecretary of US Navy and currently Dean at
Stevens), Michael Bayer (Chief, Army Sciences Board), Danny Demarinis (Director
of Technical Operations, Mitre Corporation), Paul Barr (Chief Research
Scientist, Mitre Corporation), Seong-Soon Joo (Department Head of Optical
Transwitching at ETRI, Korea), Rich Gitlin (Vice President of Research,
Lucent), Vishwani Agarwal (Distinguished Member of Technical Staff, Agere
Systems), George Telecki (Associate Publisher, John Wiley Publishers), Larry
French (ex-VP, RCA labs and ex-CTO, North American Philips), Barett Hazeltine
(Stevens Trustee and Professor of Brown University), Elliot Turrini (Asst.
U.S. Attorney of the Department of
Justice) and others. Traditionally, every Ph.D. researcher has, in general,
produced at least 2 refereed journal and 2 refereed conference papers, in
important areas. All of us at the lab are very eager to start new research
thrusts. In the past, we have pioneered dynamic self-healing algorithms for
ATM, fuzzy thresholding, synthesizing distributed algorithms, distributed visualization,
integrated patient medical records, distributed real-time banking,
behavior-level fault modeling of VHDL descriptions, and inertial and transport
timing semantics in VHDL hardware description languages, stability in
distributed algorithms, modeling and simulating the issues of referral and
continuity in medicine, and high-level intrusion detection in complex
distributed systems. We are currently focused in new research in secure and
high-performance network design for critical functions, new computer
architectures resistant to viruses and intrusions of the future,
network-centric systems design language, stationary and mobile wireless
networks for the battlefield of the future, high performance computing testbed
for accurate testing and analysis of large-scale combat simulation, scalable
strategic-tactical architecture for intrusion detection against ultra-fast
intrusions, and understanding the role of creative traits in the design of
future vaccines and drugs.
We
are very keen in initiating collaborations with other researchers, to learn
from them, and jointly develop new ideas for research. We maintain active
collaborations with Prof. A. Nerode, an applied mathematician at Cornell
University, Prof. C.V. Ramamoorthy of Berkeley, Prof. Giambiasi of University
of Marseilles in France, Dr. S.S. Joo of the Electronics and Telecommunications
Research Institute in Korea, Dr. P. Barr of Mitre Corporation, Prof. B. Zeigler
of University of Arizona, Prof. Gottfried Luderer of Arizona State University,
the ATM Forum, Telemanagement Forum, and many others. We are actively pursuing
joint research development with faculty from New Jersey Institute of
Technology, Princeton, and Rutgers. In engineering education, we are pursuing
collaborations with Dr. L. Dyer, trustee of Caltech, and a number of leading
educators, world-wide.
Every
individual researcher in SENDLAB is entitled to enormous latitude in selecting
problems of his/her choice, subject to the following minimal constraints: (a)
it is a real-world problem of interest to the industry, and/or society, (b) it
is intellectually challenging, (c) address a fundamental aspect of computer
engineering and science, and (d) the solutions must be innovative and
contribute to service towards the nation and the world. A strong effort is
expended to publish the results through referred transactions/journal and/or
international conference papers. The lab acknowledges that its existence is
defined solely by the constituent researchers and recognizes that it is an
honor and privilege to have such outstanding researchers. SENDLAB warmly
invites researchers from all over the world to propose and participate in
research collaborations with SENDLAB researchers whose backgrounds range from
dedicated undergraduates to post-doctorals, faculty, and visiting scientists.
Partial List of Books,
Publications, Talks:
1.
Ed Witzke, Tom Tarman, Sumit Ghosh, and Gerald Woodard,
"A Novel Scaleable Architecture for Intrusion Detection and Mitigation in
Switched Networks,'' Proceedings of the IEEE Milcom 2002 Conference, Oct 7-10,
2002, The Disneyland Resort, Anaheim, CA.
2.
Sumit Ghosh and Pete Robinson, "A Framework for
Investigating Security Attacks in ATM Networks,'' Accepted for presentation and
inclusion in the Proceedings of the MILCOM'99 Conference, Atlantic City
Convention Center, NJ, Oct 31 - Nov 3, 1999, pp. 724-728.
3. Sumit Ghosh,
"Computer Virus Attacks on the Rise: Causes, Mitigation, and the Future,''
Financial IT Decisions 2002, Vol. 1, a Bi-Annual Technology Publication of the
Wall Street Technology Association, Red Bank, New Jersey, http://www.wsta.org,
Feb/Mar 2002, pp. 16-17, ISBN 1-85938-369-6.
4. Sumit Ghosh,
"A Novel Architecture for Intrusion Detection and Mitigation in ATM
Networks,'' Broadband Exchange: Homeland Security & Public Safety Networks,
ATM Forum, Oct 21, 2002, Renaissance hotel, Richardson, Texas.
5.
Sumit Ghosh, "The Fundamental Nature of Network
Security: A Tutorial,'' Management of Technologies Symposium: Guarding your
Business: Enterprise Architectures for Security, Oct 22-24, 2002, Stevens
Institute of Technology Campus, Hoboken, NJ.
6.
Sumit Ghosh, Principles of Secure Network Systems Design, A
Springer Verlag Original Monograph, 0-387-95213-6, April 2002.
Graduate Certificate
Program in Secure Network Systems Design: (http://cs.uttyler.edu/Faculty/Ghosh/snsd_certificate_25nov02.doc)
(Any sequence of four out of 5 following
courses):
1.
CpE 691 Information
Systems Security
2.
CpE 560 Introduction
to Networked Information Systems
3.
CpE 592 Computer
and Multimedia Network Security
4.
CpE 654 Design
and Analysis of Network Systems
5.
CpE 692 Modeling
and Simulation for Secure Network Systems Design
Contact: Cecilia Jololian, ECE Department,
201-216-8067, cjololia@stevens-tech.edu, Updated: 25 Nov 2002