An Extensible Platform for Evaluating Security Protocols
Ryan Caudy, and
We present a discrete-event network simulator, called Simnet,
designed specifically for analyzing network-security protocols. The
design and implementation is focused on simplicity of abstraction
and extensibility. Moreover, its modular architecture allows
operators to dynamically customize running simulations. To
demonstrate its strengths we present cases studies that focus on
examining security-centric problem domains. In particular, we
present an analysis of worm propagation modeling for worms with
varying target selection algorithms on topologies representing a few
million hosts. Additionally, we examine the use of countermeasures
such as aggregate congestion control
as a defense against DDoS
attacks, and present analysis for a variant called direct-Pushback.
Lastly, we provide an empirical analysis of the computational and
bandwidth overhead induced by proposed security extensions to DNS.
These experiments hopefully illustrate that Simnet is not only
scalable and efficient, but provides a viable platform for
prototyping and analyzing non-trivial security protocols---a task
which we argue cannot be easily accomplished elsewhere.