Program Goal:
The goal of the Cyber Attack Simulation Project is to provide an environment where end-users, developers, and researchers can test Cyber defenses against real world attacks. The facility will be operated on a cost recovery basis to ensure its ongoing success and to provide continual access to state of the art equipment.

Facilities:
The proposed facilities will consist of an attack environment and a defense environment. The attack environment will have the tools necessary to launch a wide variety of attacks against the defense environment. The defense environment will contain critical resources and equipment provided by either security vendors or by the end-user. Along with the equipment the facility will be staff with experts on both attacking systems and defending systems. The facility will be designed to provide separation between the attackers and the defenders.

Benefits:
This initiative will offer many benefits to corporations who participate. We are proposing several different methods of participation depending on the needs and the nature of the organization.

End-users of security: End users of security are often forced to deploy technology without field-testing. The proposed facility will provide a place for end-users to test out security configurations prior to deployment and to try equipment and configurations from different vendors. For an hourly fee the end-users will have access to the facility and its staff to help configure defenses and to launch attacks against the defenses.

Developers of security: The facility will provide a test environment for developers to deploy versions of their products. We envision two types of opportunities for security solution vendors; first is an independent test lab to try out new products under development, second opportunity is to donate security solutions to be used in the facility.

Security Solution providers:
The facility would benefit Security Solution providers by giving them an independent place to configure security solutions from multiple vendors. We envision the providers would also use the facility to bring in end-users to work together on testing a new solution. Access to the facility and the staff will be charged on a per hour basis to the providers.

Academic and industrial Researchers:
The facility will be designed to provide an excellent environment to conduct state of the art research in computer security and security tool development. Use of the lab by researchers will be charged back to research contracts.

Academic Courses:
A key component to the ongoing success of the facility is a well trained staff to support the activities. The facility will be made available to support the teaching of courses, like information warfare. Another benefit of using the facility in a classroom setting is the students' ability to provide feedback to vendors and to be used as attackers against security configurations.

Program opportunities:
We are creating several different opportunities for sponsorship of the initiative, which include:

• Equipment donations: Companies providing equipment will be given access to the facility and will be given feedback on the equipment. If they wish the equipment will be made available for use by the users of the facility to test out security solutions.
  
• Monetary donations: Monetary donations are welcome and proper recognition will be given to all gifts.
  
• Facility usage: Access to the facility and staff will be made available on a charge basis.
  
• Staff training: The facility can be used to provide hands-on training on specific equipment

Current Projects:

Stepping Stone:

Purpose: Attack Attribution
Room(s): 3223 & 3202
PI: Dr. Guan, Dr. Jacobson, & Dr. Davis
Goals:

1. Education- Expand the lab for educational purposes primarily for the class "Computer and Network Forensics" (Course 536x).
2. Research Projects - Use the attack attribution for other projects in which a test of a series of attacks would be necessary.

Cyber Crime-Scene Reconstruction:

Purpose: Police officers find it necessary to go to a crime scene in order to see what occurred at a particular crime. Cyber Crime-Scene Reconstruction will create a crime scene that can be used to train a cyber sleuth. Cyber Crime-Scene will help to collect and analyze evidence, as well as help to obtain a conclusion. This should help to avoid mistakes & reduce workload.
Room(s): 3223
PI: Dr. Guan

Applied Cyber-Crime Behavior Analysis:

Purpose: Interdisciplinary research between Computer Engineering, Criminalysitcs, & Psychology. Designed to profile behavior characteristics of a cyber criminal.
Room(s): 3223
PI: Dr. Guan

Imbedded Forensic Support in OS & Applications:

Purpose: Currently, there are no forensic support frameworks. As such, it is necessary to create a more forensic friendly environment. The goal of this project is to create both an OS add on and application to help keep track of what has occurred on a given system. This will help to better learn how an attacker intruded a given system.
Room(s): 3223
PI: Dr. Guan & Dr. Daniels

Wireless Security SENSOR Network Security:

Purpose: Wireless key management and dynamic quarantine schemes designed to prevent and minimalize an attacks impact on a network.
Room(s): 3223
PI: Dr. Guan, Daji Qiao, & Dr. Russell

1. Key Management
   The ability to distribute the key between the servers to encrypt the data. This will allow an encrypted network while guaranteeing the connectivity of the network.
   
2. Dynamic Quarantine Scheme
   Develop a set of schemes to contain the impact of the attack.

Privacy Protection Tactics:

Purpose: Focusing on anonymity as one of the greatest assets in a virtual community- Privacy Protection Tactics is about how to hide a user's online identity.
Room(s): 3223
PI: Dr. Yong Guan

Lab Information:

Researchers:

Currently the Cyber Forensics Lab has 3 PhD, 4 masters, and 2 undergraduate students working on the projects. The students can be seen in a list below:

Douglas C. Houghton
Alan Johnson
Anthony G. Persaud
William Sears
Yawen Wei
Zhen Yu
Linfeng Zhang
Joel Cardo

Lab Start Date:

January 2004

Hardware Information:

Twelve new PC's, 7 older PC's, 3 Network Devices

Laboratory Sponsors:

National Science Foundation

Arda

Carver

Iowa State University