Cyber security experiments with potentially malicious software can possibly damage the testbed environment and "escape" into the Internet. Due to this security concern, networks used in such experiments are often totally isolated from production networks and the Internet. This choice, however, precludes remote access to testbeds used for security experiments, thus requiring costly duplication of equipment, manpower and expertise at sites that experiment with malicious software. We propose an alternative approach that is aimed at providing a degree of safety comparable to that of physically isolated testbeds while still permitting remote connectivity. Our approach relies on logical isolation of networks used in different security experiments using network virtualization at the datalink layer. We have implemented this approach into a platform (V-NetLab), and the responses from testbed users have been very positive.
Weiqing Sun, Varun Katta, Kumar Krishna, R. Sekar