ProtoGENI, a Prototype GENI Under Security Vulnerabilities: An Experiment-Based Security Study

摘要

ProtoGENI is one of the prototype implementations of global environment for network innovations (GENI). ProtoGENI proposes and executes the GENI control framework, including resource management and allocation for authenticated and authorized experimenters. Security and inevitably are the most important concerns in the whole development process. In this paper, we study and evaluate its security vulnerabilities according to GENI's security goals. We analyze the threat model of ProtoGENI and categorize four broad classes of attacks. Based on the role of an active experimenter, we demonstrate experiments as proof of the concept that each class of attacks can be successfully launched using common open source network tools. We also present analysis and experiments that show perspectives on the potential risks from an external user. Furthermore, we discuss the feasibility and possible defense strategies on ProtoGENI security with respect to our preliminary experiments and potential future directions. Our contribution lies in examining known vulnerabilities without requiring sophisticated experiments while remaining effective. We have reported our findings to the ProtoGENI Team. Our work indicates that the solutions have been deployed. This paper validates that experiment-based vulnerability exploration is necessary.