Sign In

Communications of the ACM

ACM Careers

Sandia Expands Access to Its Cyber Research Tools


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Sandia Emulytics logo

Faculty and students at Purdue University now have access to cybersecurity research software developed at Sandia National Laboratories, marking the first time Sandia has made its cyber software available at an academic institution.

Sandia has previously invited academic collaborators to use cyber research software at Sandia Labs or by connecting to its systems remotely. This is the first academic partnership in which Sandia has made the software available throughout an institution for teaching or research regardless of affiliation with the lab.

The software, called minimega, will help advance cybersecurity research to discover security threats in a variety of systems and develop new safeguards. It also will increase research opportunities at Purdue's CERIAS, the Center for Education and Research in Information Assurance and Security, based at the university. The software was installed on a server that supports SOL4CE, the center's Scalable Open Laboratory for Cyber Experimentation, which was unveiled in February.

"Minimega is an open-source emulation platform that allows users to set up a simulated, virtual network to safely explore and reason about computer networks and distributed systems. This could include looking at cybersecurity, resilience, what-if scenarios, and red-teaming assessments. Resources like this are relatively few and far between," says Sandia computer scientist Vince Urias. A red team identifies vulnerabilities for the purpose of fixing them.

A virtual testing ground like minimega is an important early step in research because it can quickly generate data on variations of experimental security protocols or simulate enterprises that are difficult to reproduce in the real world, especially large or specialized systems. Researchers use the simulated data to home in on approaches that show the most promise for use in the real world and to identify unintended effects on a system.

First Step

The program is part of Sandia's suite of cybertools, called Emulytics — a portmanteau of emulation and analytics.

"We hope more universities will follow," says Han Lin, who oversees Sandia's cyber educational outreach programs. "Cyberthreats are always changing, so it's important that researchers have easy access to tools to test new countermeasures."

"This is just a first step — we have plans in the works to release more of our Emulytics software stack to the experimental cyber-research community, working closely with our academic partners," says Zach Benz, who formerly managed Sandia's Emulytics development.

In addition to installing the software, Sandia staff developed training and "hosted outreach and support for installation and configuration, as well as led workshops with faculty to help them get up and running," Urias says.

"We want to ensure universities have tools to quantify how good a system is — actual metrics that tell you a system is safe, rather than thinking it's safe," says Kamlesh "Ken" Patel, manager of Purdue partnerships at Sandia.


 

No entries found