Homework #8 - Worm Detection / Defense - Due Wednesday Sep 21, 11PM


Turn in this assignment via email (vern@berkeley.edu) by the due date, with the term Homework in the Subject.

Read the paper Scalability, fidelity, and containment in the Potemkin virtual honeyfarm, Michael Vrable et al, SOSP 2005

Note: the Potemkin paper is heavy on systems issues - particularly, virtual machine technology - to a degree that is quite a bit more detailed than what we need for the Big Picture (similar to the Bro paper, and indeed systems papers in general). Feel free to skip over Section 4.2, and just take in quite lightly the corresponding elements of the evaluation in Section 5.3.

Briefly write up your views of:

  1. What are the main contributions of this paper?

  2. What parts of the paper do you find unclear? (optional)

  3. What parts of the paper are questionable? (That is, you think a conclusion may be wrong, an approach or evaluation technically flawed, or data ill-presented.)

  4. Suppose you work for the head of national cybersecurity for DHS (US Department of Homeland Security). You are tasked with devising a viable plan for defending the nation against a large-scale worm outbreak. Briefly comment on the following:

    1. Sketch an overall architecture for how you would go about realizing such a defense.

    2. Given the technology we have discussed so far (and any additional technology that you happen to know about, if you want), what further capabilities would be needed, i.e., what areas of further research do you need to convince your boss to fund?

    3. Assuming you can marshall adequate resources for the effort, what additional challenges do you foresee? In the end, do you think you can mount a credible defense against the threat?