- Migration to a cloud computing environment presents advantages — and risks.
- Minority-led research group looks to the NSF-funded Chameleon cloud to develop cyber attack prevention.
- Chameleon infrastructure offers over 13,000 cores, 128 TB of storage, and data transfer speeds of 100 Gbps.
Last December, a cyber attack on Vtech Holdings, a digital toymaker, exposed the data of 6.4 million children, the largest known attack on children to date. As an increasing number of companies transition to cloud computing, the risk of data compromise continues to rise.
From government, to retailers, to the entertainment industry, no one is immune to this type of threat, signifying the need for new and creative methods to prevent attacks.
“Many organizations are now outsourcing their computing to cloud providers, because the overall cost of ownership for hardware has become considerably more expensive, in terms of skilled IT, support staff, and overall system maintenance,” says Leonardo Vieira, a graduate student at the University of Arkansas at Pine Bluff (UAPB).
Vieira is leading a group of cybersecurity researchers from UAPB, North Carolina A&T State University, and Louisiana State University. His team is developing and testing approaches on cloud computing ecosystems and modeling and visualizing security threats known as multi-stage intrusion attacks to better understand how hackers can access and steal data.
Initially, the researchers created their own cloud computing ecosystems between the two universities, but faced several limitations that slowed their progress. “We had to buy equipment, set it up, and train students which is very time consuming and tedious as far as the infrastructure requirements for our campuses,” says Jessie Walker, associate professor at UAPB and principal investigator (PI) on the project.
Because of the nature of their research, the team also encountered numerous roadblocks attaining the permissions needed to run cybersecurity attacks through their campuses' cyberinfrastructure. So Walker and co-PI Rajeev Agrawal turned to Chameleon to set up virtual machines to simulate attacks in the cloud and run intrusion detection systems.
“I estimate we save 20 to 30 hours a week using Chameleon because it's all remote. Researchers and students can access it anywhere to work on the project,” Walker says.
The Chameleon cloud, co-hosted by the University of Chicago (UC) and the Texas Advanced Computing Center (TACC), is a National Science Foundation (NSF)- funded platform designed for large-scale exploration by members of the open research community like Walker’s team.
The Chameleon architecture operates through 12 standard cloud units, with each unit housing a rack of 42 Dell R630 servers with 24 cores each and 4 storage nodes attached to 128TB of local storage. In total, Chameleon offers researchers 13,056 cores, 66 TiB of RAM, and 1.5 PB of configurable storage. Data from Chameleon is distributed between TACC and UC through 100 Gbps Internet2 links to allow users like Walker and Vieira to examine the effects of a distributed cloud.
Walker’s team simulates attacks using a main server in a research lab at the UAPB’s CyberSecurity Research, and another at North Carolina A&T State University's lab. They simultaneously run intrusion detection and prevention systems, applications that monitor the network for malicious activity, to understand how large-scale cyber attacks can be detected when an intruder is attempting to hide in everyday network traffic.
They are also using the system to visualize logs, which document the incoming and outgoing traffic on a network. Walker anticipates that visualizing traffic on the cloud will benefit those responsible for maintenance of the cloud system.
As NSF-funded ethical computer security researcher (a.k.a. white hat hackers) led by minority graduate students, the project gives other graduate and undergraduates exposure to real-world problems using cutting-edge technology.
“One of the important components of our education experience is exposing our students early on,” says Walker. “We want to show them the education they're gaining is not just theoretical, but has practical value to people's everyday lives.”