When USC Viterbi Research Professor Young Cho decided to use DeterLab as part of his networking and security classes, producing the most sought-after new technology professionals was not on his mind. Cho's initial interest in DeterLab was as a major improvement over his limited lab facilities, which constrained his students' hands-on experimentation. Rather than continuing to share with others a physical lab with a modest mix of network gear, Cho and his students, both graduate and undergraduate, now use DeterLab as a virtual lab space with a large and flexible networking and testing environment, where they can observe real malicious software in a test environment specifically designed for safety and re-use. Rather than worrying about leaving a test-lab router in good working order for others to use, in DeterLab, Cho encourages students to push the test networks to their breaking points, creatively developing new approaches to reliability and security.
Dr. Young Cho, a USC Viterbi research professor at the Information Sciences Institute, uses the DeterLab in his network and security classes.
The encouraging results snowballed unexpectedly as Cho and students learned to spread their wings more to use the power of DeterLab. But another un-anticipated result started showing up as Cho's students graduated and entered the workforce. The grads' DeterLab experience was a major factor in their job-hunting success: not only do most upcoming grads have jobs lined up already, several have received multiple job offers, no small feat in the current job market. Furthermore, after starting work on the job, recent grads have been impressed by the leg-up their DeterLab experience provides them in their new job, and write back to Dr. Cho to let him know how much more they appreciate their lab experience, after starting to work in the "real world."
In some cases, students developed their own custom network router using reprogrammable network hardware in DeterLab. In other cases, students developed a new network intrusion-detection system. Most students experimented with open flow switches and content-based routing, being able to tinker with the systems and experiment with the advanced features. Experiences like these make DeterLab students among the most accomplished new grads in the job market, both in breadth and depth of hands-on experience and fundamentals.
As the students' stories themselves attest, the "secret sauce" was not just DeterLab as a bigger lab with more systems to tinker with, but rather the basic nature of DeterLab and a facility for "virtual labs". In DeterLab, students can have their own personal, separate, virtual lab composed of a complex set of resources: networks, links, nodes, hosts, software, and simulated hardware. Each student was able to select whatever resources they needed -- including both new elements like custom routers and IDS systems -- as well as pre-existing virtual systems that can be re-used. Each of these virtual labs is entirely separate from every other, walled off from the public network, and only accessible by DeterLab's experimental control system used by the students.
The benefit to the students was that they could stress-test their systems to and beyond the breaking point -- even using real malware and realistic attack techniques -- without any concern for negative consequences for others. If their testing broke something, then they could start from scratch, by deleting the experiment, and re-starting their virtual lab in the same clean initial state as before. Furthermore, experiments can continue from weeks or months, because DeterLab is virtual experimental facility that the students remotely access whenever they wish. When the student is not actively using their experiment, it is "swapped out" so that the underlying real networks and computers can be used as resources for other DeterLab users. Then, when the student comes back to the experiment, it is swapped in again, in exactly the same state as before.
As a result of these key features of DeterLab, the students' experiments could be large scale (temporarily using a significant portion of DeterLab's considerable resources), long term, and unconstrained by the need to leave shared testing facilities in a tidy state for other students. Because of this continuity and recoverability, students had the time to be creative in running the experiments, choosing stress tests and targets, trying variants with different targets, varying the tests, and so on -- in other words, getting a realistic and practical view of how real network systems do or don't respond to a variety of stresses and attacks.
The result for students has been impressive. Graduate student Wei Quan recalled the benefit of DeterLab doing the virtual-lab setup: "DeterLab has a large set of network devices and allows me to set up my ideal network topology to do the network experiment. … It frees me from troubleshooting the network devices, and lets me focus on the experiment itself."
Because of the students' ability to work with scale and realism, they are able to learn, tinker, break, and re-build systems in ways that potential employers have often never seen. Rahul Mathur, who graduates this year and has already accepted a job with CISCO, described his recent experience talking about the DeterLab with potential employers, "The interviewers were curious about the scale and experiment setup parameters, how did we perform such large scale experiments, and how did we recover from crashed states … I can proudly recall the DETER magic -- DETER had simplified and assisted fully in all our experiments with least amount of setup times for experiments and is a wonderful test bed at ISI."
And it wasn't just the scale that impressed employers, but the ability to work over months in a realistic setting, to make major accomplishments well beyond anything typical for students. "'You are telling me that in 10 weeks you designed a single core network processor, tested the design on an actual FPGA platform and also built a compiler for your processor??? That's really good.' is the reply I got … from the interviewer," said student Akshay Ravi, who has received multiple internship offers. "The course encourages creative thinking and gave me the opportunity to design, code and implement my custom Processor design on FPGA. Whereas other courses train us to use specific tools, this course helped me understand how all these tools come together. The DETER Project is an amazing effort and provided me a valuable learning experience."
As a result of the true-to-life scale, realism, danger, and variability of the lab experience, these students left Cho's classes with a degree of both scientific and practical understanding of network and security technology that is typically only available to the real large scale network operators, maintaining and protecting major networks. It's no surprise, then, that these students were uniquely qualified for jobs in the tech industry, and able to make personally satisfying career choices, including some students' starting what they described as a dream job.
What's next for Cho, students, and DeterLab? With some students departing, and a new batch starting in the fall, new groups of students will be working in a re-modeled and extended DeterLab coming online in the fall, being among the first to use new modeling and testing technology created by the DETER Project. With Cho's proven lab teaching method, and creativity shown by past students using DeterLab, the DETER team is ready for new wave of innovations by the students, perhaps even including some contributions to DeterLab itself that could benefit all its educational and scientific users.
