DETER stands for cyber-DEfense Technology Experimental Research. It is a computer network testbed. Think of it as a room full of computers that can be remotely wired up in ad-hoc subsets and combinations to produce arbitrary-topology networks for experimentation. Doing so is practically equivalent to assembling and wiring a network from physical components. DETER's components are physical in fact. Here they are:

They are merely rearranged to suit, in place, using software and switch technology. Once created, a DETER network can be saved and restored as often as desired. DETER manages networks like operating systems manage memory. Just as operating systems allocate, deallocate, and reallocate from a limited pool of memory to an unlimited pool of processes, so DETER combines, decombines, and recombines from a limited pool of computers (about 300) to an unlimited pool of experimental networks.

We want to employ DETER in CS530L by trying a future lab on its hardware, as opposed to our lab's. Part of our motive is to take advantage of expanded possibilities. On DETER, we can do more. Our lab has fixed wiring-- all the computers in a single LAN. We can't change it. If we wanted to split the machines into subnets for example, converting some into intermediate routers to fashion an internetwork--not an extravagant objective-- we can't. Experiments that wouldn't be possible in the lab become feasible with DETER. It's flexible. Secondly, DETER is interesting to us in its own right. It's a powerful piece of infrastructure for easy experimentation and, because also well contained and isolated from the outside world (even though remotely accessibile), it's particularly well suited for security research which often demands quarantine. Security research is what it was designed for.

If we're going to do future labs in DETER you'll need to get used to it. In this exercise you will create/use/destroy a working network solely for that reason. We don't care about the particular network itself for any further purposes.

1. visit the DETER lab home page
2. click the "Request Account" button
3. on the ensuing page click the "Join an Existing Project" link
4. fill out the resulting "Apply for Project Membership" form. At the bottom of that form,
for "Project Name," please supply "USCCSci530"
leave "Group Name" blank
5. press the "Submit" button

Thereafter, you can expect email notification that your membership in the USCCSci530S project has been approved. At that point your account is established.

1. visit the DETER lab home page
2. click the "Log in" button
3. supply your username and password
4. press the "Login" button

The raw material for creating it is the network specification file firstnet.ns. Network specification files express networks (number of computers, how they are connected and addressed, what operating systems they run). Here is a printout of firstnet.ns:

# Generated by NetlabClient

set ns [new Simulator]
source tb_compat.tcl

# Nodes
set node0 [$ns node]
tb-set-node-os $node0 FC6-STD
set node1 [$ns node]
tb-set-node-os $node1 FBSD-STD
set node2 [$ns node]
tb-set-node-os $node2 WINXP-UPDATE

# Lans
set lan0 [$ns make-lan "$node0 $node1 $node2" 100000.0kb 0.0ms]

$ns rtproto Static
$ns run

# NetlabClient generated file ends here.
# Finished at: 10/6/08 1:13 PM

1. download firstnet.ns to a local medium
2. visit the DETER lab home page
3. log in, if not logged in already
4. choose the "Experimentation" option from the horizontal menu
5. choose "Begin an Experiment" from the resulting drop-down menu
6. fill out the form
    - for "Select Project" choose USCCSci530
    - for "Name" give "firstnet-xxx" where xxx is some suffix, likely unique (eg, your initials), to avoid name conflict with other students' experiments
    - for "Your NS file" browse to firstnet.ns on your computer
    - for "Idle-Swap" change the interval from 4 hours to 1 hour
7. press the "Submit" button and wait a while for an "experiment successfully created" screen message or similar advisory email
8. choose the "My DETERlab" option from the horizontal menu
9. click on your experiment's name (EID) "firstnet" to see its page
10. explore the tabs "Settings" "Visualization" "NS File" "Details"

Your experimental network is now defined, and the webpage you are exploring is its blueprint. Beyond that, physical resources were allocated to it (it was "swapped in.") so you can currently use it. When you finish you will swap it out. But until you "terminate" it, the blueprint remains and you can swap it back in and resume usage at any time.

You can get console or graphical access to your 3 nodes. To do so you must go through a special intermediate machine that is not only remotely accessible to you and also able to access your nodes. That machine is users.isi.deternet.net. You need an ssh client. You probably have a character mode client installed if you are on a Unix platform. You probably don't if you are on Windows, for which there is a good character mode client called OpenSSH and a good GUI client called PuTTY. Get one. The instructions below assume a character client. For PuTTY, adapt command 1 below:

1. ssh <your DETER account name>@users.isi.deterlab.net
   A command prompt results. It is users.isi.deterlab.net's command prompt.
2. ssh node0.firstnet.USCCSci530S.isi.deterlab.net    <<<------ replace "firstnet" with your modified "firstnet-xxx" per step 6 above
   A command prompt results. It is node0's command prompt.
3. ping -c 1 node1 (or 10.1.1.3)
   Get a response from node1. node0 and node1 can talk.
4. ping -c 1 node2 (or 10.1.1.4)
   Get a response from node2. Same for node2. You are now operating in the experimental network you created.
5. ping 4.2.2.2
   Get a response from an internet node. You can't. Your network is isolated.
6. exit
   Exit from node1 back to users.isi.deterlab.net.
7. exit
   Exit from users.isi.deterlab.net back to your local machine.

1. click on "Swap Experiment Out" in the "Experiment Options" menu
2. wait a while for "Swap success!" screen message or advisory email
At this point you could swap in and return to your experiment tomorrow. It is stored.
3. return to firstnet's webpage ("My DETERlab", click on "firstnet" EID)
4. click on "Terminate Experiment" in the "Experiment Options" menu
5. wait a while for "Experiment... has been successfully terminated" screen message or advisory email
At this point you could no longer swap in and return to your experiment tomorrow. It is deleted.

The University of Southern California does not screen or control the content on this website and thus does not guarantee the accuracy, integrity, or quality of such content. All content on this website is provided by and is the sole responsibility of the person from which such content originated, and such content does not necessarily reflect the opinions of the University administration or the Board of Trustees