Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sandia Studies Botnets In 1M OS Digital Petri Dish

Posted by kdawson on from the million-bottles-of-wine-on-the-wall dept.

Ponca City, We love you writes "The NY Times has the story of researchers at Sandia National Laboratories creating what is in effect a vast digital petri dish able to hold one million operating systems at once in an effort to study the behavior of botnets. Sandia scientist Ron Minnich, the inventor of LinuxBIOS, and his colleague Don Rudish have converted a Dell supercomputer to simulate a mini-Internet of one million computers. The researchers say they hope to be able to infect their digital petri dish with a botnet and then gather data on how the system behaves. 'When a forest is on fire you can fly over it, but with a cyber-attack you have no clear idea of what it looks like,' says Minnich. 'It's an extremely difficult task to get a global picture.' The Dell Thunderbird supercomputer, named MegaTux, has 4,480 Intel microprocessors running Linux virtual machines with Wine, making it possible to run 1 million copies of a Windows environment without paying licensing fees to Microsoft. MegaTux is an example of a new kind of computational science, in which computers are used to simulate scientific instruments that were once used in physical world laboratories. In the past, the researchers said, no one has tried to program a computer to simulate more than tens of thousands of operating systems."

11 of 161 comments (clear)

  1. Life imitates XKCD by Tackhead · · Score: 5, Interesting

    Once again, life imitates XKCD: Network.

    1. Re:Life imitates XKCD by Anonymous Coward · · Score: 1, Interesting

      Which is why patents are stupid.

    2. Re:Life imitates XKCD by Ambvai · · Score: 2, Interesting

      Is there any serious implementation of that XKCD comic, or even just in an imitation of what looks like computers fighting for control of a network?

  2. Is that really a windows environment? by damn_registrars · · Score: 5, Interesting

    I understand not wanting to buy 1M windows licenses; I am of the persuasion that is not inclined to buy 1 license.

    However, the summary seems to claim that Wine == Windows environment. I don't see how they are analogous in this sense. In particular, if you are trying to understand botnet behavior, you need infected botnet systems. Is there a way to make Wine vulnerable to the infections that frequently hit Windows systems?

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:Is that really a windows environment? by Anonymous Coward · · Score: 1, Interesting

      Modifying Wine to emulate a Windows machine which is vulnerable to viruses does not result in a Windows machine. You still just have Linux running Wine. The very idea behind these tests is already critically flawed.

      A previous poster already got it right. The researchers should just buy a MSDN Universal license and legally run 1M instances of actual Windows. Otherwise, their findings will have little to no real value (IMO).

    2. Re:Is that really a windows environment? by vux984 · · Score: 2, Interesting

      I think you're misunderstanding what they are doing.

      I think you are correct. However, that raises the question: why use WINE?

      Since they aren't relying on 'real in the wild exploits' they could model botnets and how they proagate through networks on linux or freebsd just as easily. Its really just specialized p2p and client server software to simulate botnet behaviour and spread.

  3. I would guess it wouldnt' be a problem at all by Sycraft-fu · · Score: 5, Interesting

    I work for a university and MS is extremely generous with academic licensing. When it is for academics, like education or research, it is actually no cost. For infrastructure it does cost, but not very much. I bet if they asked MS, MS would give them all the licenses they needed for little or no cost.

    For that matter, they might be eligible for volume licensing. That is where you pay a fixed yearly fee and get an unlimited use of the software it is for. Often that is based on total academic headcount, which might not be very much.

    Regardless, if they asked I'd give good odds MS would figure out a way to offer them a good deal.

    I'm also with you that if you want to study something, you need to run it on the actual environment. Wine is a neat idea and a neat goal, but anyone who has made use of it for more than simple testing well tell you that it has some serious issues. Not only do things not run, worse is that they'll run but not completely correct. For a user this might be fine, something works in a bit of an unexpected way, you just work around it. For research though, it could mean your conclusion is invalid.

  4. Re:A few notes from Ron Minnich by PCM2 · · Score: 3, Interesting

    Well Ron, since you're here, I'm curious whether you had in fact tried to approach Microsoft for a free site license. You could explain to them that you're doing security research in a unique environment and that you'd be willing to share your results with them, etc. I could even imagine a distorted PR spin where the fact that all this major security research is being done on Windows shows that Windows is clearly the dominant operating system, blah blah...

    Or if Microsoft doesn't see the value of the kind of information your research could yield, maybe someone like Symantec would be willing to buy a license and donate it to you (if that's even possible, given EULAs etc.)?

    --
    Breakfast served all day!
  5. Re:Wine on Linux? by geegel · · Score: 3, Interesting

    Not necessarily.

    You might want indeed at some point to emulate an internet choke full of unpatched machines, but other times you will probably want only a percentage of them to be this way, or you might want to study a particular vector of infection, or concurrent vectors of infection to see how they interact. The combinations are endless and so will probably be the number of WINE flavors used.

    --
    right...
  6. What about Norton Antivirus? by node+3 · · Score: 5, Interesting

    What about Norton Antivirus? Specifically they should run a second experiment with a simulation of 1 million systems running Norton Antivirus, and compare the results of the first test to see which has the greatest adverse effect...

    1. Re:What about Norton Antivirus? by Anonymous Coward · · Score: 1, Interesting

      I thought nobody would talk about this. It was the first thing that came to my mind. I don't know if you meant that as a joke, but antivirus software has been, recently, the most annoying thing to remove a virus.

      These subsystems are the first to get disabled, and sometimes even help the virus to spread around the computer.

      The least suspect to a regular user would be an antivirus, because the user would think it's helping. Users are used to their machines slowed down by antivirus subsystems (on-access scans, etc), and the run one or more services under windows. If a virus would attack something is the antivirus itself, which increases its longevity.

      However, how much would it cost to get the million mcafee or norton licenses?