2009 ACM/IEEE/SCS 23rd Workshop on Principles of Advanced and Distributed Simulation (2009)
Lake Placid, New York, USA
June 22, 2009 to June 25, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PADS.2009.12
We use a realistic interdomain routing experiment platform to conduct real-time attack and defense exercises for training purposes. Our interdomain routing experiment platform integrates open-source router software, real-time network simulation, and light-weight machine virtualization technologies, and is capable of supporting realistic large-scale routing experiments. The network model used consists of major autonomous systems connecting Swedish Internet users with realistic routing configurations derived from the routing registry. We conduct a series of real-time security exercises on this routing system to study the consequence of intentionally propagating false routing information on interdomain routing and the effectiveness of corresponding defensive measures. We describe three kinds of simplistic BGP attacks in the context of security exercises designed specifically for training purposes. While an attacker can launch attacks from a compromised router by changing its routing policies, administrators will be able to observe the adverse effect of these attacks and subsequently apply appropriate defensive measures to mitigate their impact,such as installing filtering rules. These exercises, all carried out in real time, demonstrate the feasibility of routing experiments using the real-time routing experiment platform.
J. Liu, Y. Li and M. Liljenstam, "Real-Time Security Exercises on a Realistic Interdomain Routing Experiment Platform," 2009 ACM/IEEE/SCS 23rd Workshop on Principles of Advanced and Distributed Simulation(PADS), Lake Placid, New York, USA, 2009, pp. 54-63.