| | 1 | We define as a ''risky'' experiment each experiment that either uses some type of malware such as DoS tool, a worm, an exploit, etc, even when the malware code is written by the experimenter and/or requires connectivity to the outside directly from experimental nodes. We recognize all these experiment types are interesting and important to facilitate new research in security. At the same time there is potential risk to the testbed and the Internet that must be contained. This risk includes: |
| | 2 | |
| | 3 | * Malware interfering with other experiments on DETER |
| | 4 | * Malware escaping to the outside world |
| | 5 | * Malware overwhelming critical infrastructure in DETER, such as users and boss machines and control network |
| | 6 | * Malware from the outside world infecting experimental machines and spreading in DETER or propagating back to the outside (with implications of DETER unwittingly participating in attacks). |
| | 7 | We have developed strategies to contain experiment risk while allowing users to observe phenomena of interest to them. This means that containment is customized for each experiment. This customization is performed automatically depending on information a user specifies on Begin Experiment Web page. |
