Homework #8 - Worm Detection / Defense - Due Wednesday Sep 21, 11PM
Turn in this assignment via email (firstname.lastname@example.org)
by the due date, with the term Homework in the Subject.
Read the paper
Scalability, fidelity, and containment in the Potemkin virtual honeyfarm, Michael Vrable et al, SOSP 2005
Note: the Potemkin paper is heavy on systems issues - particularly, virtual
machine technology - to a degree that is quite a bit more detailed
than what we need for the Big Picture (similar to the Bro paper, and indeed
systems papers in general).
Feel free to skip over Section 4.2, and just take in quite lightly the
corresponding elements of the evaluation in Section 5.3.
Briefly write up your views of:
- What are the main contributions of this paper?
- What parts of the paper do you find unclear? (optional)
- What parts of the paper are questionable? (That is, you think a
conclusion may be wrong, an approach or evaluation technically
flawed, or data ill-presented.)
Suppose you work for the head of national cybersecurity for DHS (US Department
of Homeland Security). You are tasked with devising a viable plan for
defending the nation against a large-scale worm outbreak. Briefly comment
on the following:
- Sketch an overall architecture for how you would go about
realizing such a defense.
- Given the technology we have discussed so far (and any additional
technology that you happen to know about, if you want),
capabilities would be needed, i.e., what areas of further
research do you need to convince your boss to fund?
- Assuming you can marshall adequate resources for the effort,
what additional challenges do you foresee? In the end,
do you think you can mount a credible defense against