forked from noise-lab/nsf-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbroader.tex
22 lines (13 loc) · 3.6 KB
/
broader.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
\section{Broader Impacts}\label{sec:impacts}
\paragraph{Open-source, hardware agnostic tool}
We will release our system, including the dashboard [D] and the Zeek-based network measurement and anomaly detection service [G] (per Figure~\ref{fig:system}) as open-source MIT-license software, so that any institutions and networks may use our system.
Our system is designed to be hardware agnostic and generic in nature. For instance, the dashboard will interact with the control plane in a modular fashion. We will write a module that would translate dashboard-define allow lists into rules compatible with the Arista EOS API, since NYU uses Arista 7280DR3 switches in the HSRN; this allows us to test within NYU. We will also engage with the open-source community to produce modules for other switch vendors and even software-defined networking controllers. In addition, Zeek is a common network traffic measurement service; we expect it to work in generic network environments.
\paragraph{Facilitating scientific process}
Our system will benefit HSRN users, first within NYU's scientific community, and later for other institutions that adopt our software. Current HSRN users typically go through a slow process of applying for security bypasses, or they do not enjoy the full high-bandwidth low-latency benefits because their traffic is inspected by security middleboxes (such as [C] in Figure~\ref{fig:system}). Our proposed system will allow for efficient and secure scientific processes, and encourage collaboration (through large data transfers or low-latency experiments) across departments and even institutions because we reduce the performance and bureaucratic overhead while protecting the security of the network. We mean to keep our proposed system operational even beyond the timeline of this proposal, as co-PI Pahle is already a part of the NYU Research Technology and maintains the HSRN. We expect researchers to enjoy the benefits of our proposed work beyond the three years.
Our proposed work also democratizes security for non-experts. Through our traffic annotations (Task 1b), we aim to lower the barrier of security management for researchers who are not domain experts in network security. We will bring security awareness to researchers in general and hopefully lead to other collateral benefits, such as less susceptibility to phishing or social engineering attacks.
\paragraph{Workforce development}
Another benefit for our lower barrier to understanding security is that more people can be trained to manage the network. Traditional network administrators require years of training and experience. While their roles are still important, we can train more young professionals to assist in network security administration because our tool has made it easier to manage security and visualize anomalies. Effectively, more junior positions could be created, including permanent staff and part-time student workers, to help analyze the logs and alerts at [G] and maintain our proposed system.
\paragraph{Education}
The dashboard is also a good teaching tool to visualize traffic on an enterprise research network. Both PI Huang and Co-PI are a part of the NYU Center for Cyber Security. Both of them intend to incorporate this system in their network and security classes.
\paragraph{Community engagement}
Co-PI Cappos is an expert on mobilizing the open-source community. With his help, we will engage with the open-source ecosystem and create a community of enthusiasts to develop various plugins to our system, including different ways to visualize the traffic, different modules for switch vendors, and new methods to improve the anomaly detection at [G].