Needs attention:

• Policy issues needs more work

Running the malware

Infrastructure security

Revisit the firewall rules on router to prevent leakage channels. Absolute minimum set of services should be allowed from testbed -> users/boss/etc.

Isolation from other experiments

Control net separation

Storage and Leakage

Primary goals are to allow vetted users to access the malware safely and prevent unauthorized users from gaining access.

Leakage of binaries

Some belt-and-suspenders support to prevent leakage is to export NFS shares read-only:

• /proj, /groups, /share, etc.
• home directories

Storage

The archive is 60 GB (in two 30 GB archives). We will receive approximately 1 GB per day in updates. In light of the size, we will store it on scratch.

It will be exported using SMB in a password-protected share.

Policy Issues

• Do not copy it off experiment
• Do not attempt to run on non-malware experiment

Miscellaneous

Updates occur over SSH. We need to provide GA tech with a key.

How will we annotate the experiment file to let the testbed know this needs special treatment (i.e., read-only mounts, copy encryption key/token to box)?