An extensible platform for evaluating security protocols

38th Annual Simulation Symposium Pub Date : 2005-04-04 DOI:10.1109/ANSS.2005.11

S. Kamara, Darren Davis, L. Ballard, Ryan Caudy, F. Monrose

{"title":"An extensible platform for evaluating security protocols","authors":"S. Kamara, Darren Davis, L. Ballard, Ryan Caudy, F. Monrose","doi":"10.1109/ANSS.2005.11","DOIUrl":null,"url":null,"abstract":"We present a discrete-event network simulator, called Simnet, designed specifically for analyzing network-security protocols. The design and implementation is focused on simplicity of abstraction and extensibility. Moreover, its modular architecture allows operators to dynamically customize running simulations. To demonstrate its strengths we present cases studies that focus on examining security-centric problem domains. In particular, we present an analysis of worm propagation modeling for worms with varying target selection algorithms on topologies representing a few million hosts. Additionally, we examine the use of countermeasures such as aggregate congestion control as a defense against DDoS attacks, and present analysis for a variant called direct-pushback. Lastly, we provide an empirical analysis of the computational and bandwidth overhead induced by proposed security extensions to DNS. These experiments hopefully illustrate that Simnet is not only scalable and efficient, but provides a viable platform for prototyping and analyzing non-trivial security protocols - a task which we argue cannot be easily accomplished elsewhere.","PeriodicalId":270527,"journal":{"name":"38th Annual Simulation Symposium","volume":"90 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"38th Annual Simulation Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ANSS.2005.11","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

We present a discrete-event network simulator, called Simnet, designed specifically for analyzing network-security protocols. The design and implementation is focused on simplicity of abstraction and extensibility. Moreover, its modular architecture allows operators to dynamically customize running simulations. To demonstrate its strengths we present cases studies that focus on examining security-centric problem domains. In particular, we present an analysis of worm propagation modeling for worms with varying target selection algorithms on topologies representing a few million hosts. Additionally, we examine the use of countermeasures such as aggregate congestion control as a defense against DDoS attacks, and present analysis for a variant called direct-pushback. Lastly, we provide an empirical analysis of the computational and bandwidth overhead induced by proposed security extensions to DNS. These experiments hopefully illustrate that Simnet is not only scalable and efficient, but provides a viable platform for prototyping and analyzing non-trivial security protocols - a task which we argue cannot be easily accomplished elsewhere.

查看原文本刊更多论文

用于评估安全协议的可扩展平台

我们提出了一个离散事件网络模拟器，称为Simnet，专门设计用于分析网络安全协议。设计和实现的重点是抽象的简单性和可扩展性。此外，其模块化架构允许操作人员动态定制运行模拟。为了展示它的优势，我们提供了一些案例研究，重点是检查以安全为中心的问题域。特别地，我们提出了蠕虫传播建模的分析，在代表几百万主机的拓扑结构上，蠕虫具有不同的目标选择算法。此外，我们研究了对策的使用，如聚合拥塞控制作为DDoS攻击的防御，并对一种称为直接推回的变体进行了分析。最后，我们对提议的DNS安全扩展引起的计算和带宽开销进行了实证分析。这些实验有望说明Simnet不仅具有可扩展性和效率，而且为原型设计和分析重要的安全协议提供了一个可行的平台——我们认为这是在其他地方不容易完成的任务。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

38th Annual Simulation Symposium

自引率

0.00%

发文量