An Extensible Platform for Evaluating Security Protocols

Seny Kamara, Darren Davis, Lucas Ballard, Ryan Caudy, and Fabian Monrose

Abstract

We present a discrete-event network simulator, called Simnet, designed specifically for analyzing network-security protocols. The design and implementation is focused on simplicity of abstraction and extensibility. Moreover, its modular architecture allows operators to dynamically customize running simulations. To demonstrate its strengths we present cases studies that focus on examining security-centric problem domains. In particular, we present an analysis of worm propagation modeling for worms with varying target selection algorithms on topologies representing a few million hosts. Additionally, we examine the use of countermeasures such as aggregate congestion control as a defense against DDoS attacks, and present analysis for a variant called direct-Pushback. Lastly, we provide an empirical analysis of the computational and bandwidth overhead induced by proposed security extensions to DNS. These experiments hopefully illustrate that Simnet is not only scalable and efficient, but provides a viable platform for prototyping and analyzing non-trivial security protocols---a task which we argue cannot be easily accomplished elsewhere.

[pdf]