INRIA's LHS NGE



Functional Components Description

The High-Security Laboratory (HSL) is designed to host decisive research activities in order to make networks, Internet exchanges and associated telecommunications equipment safer. It allows to collect and store data while ensuring their confidentiality and integrity, both logically and physically, while offering a safe environment for researchers to work.

The HSL relies on “trust zones”, dedicated and isolated environments with limited and controlled interactions with the Internet. Such an environment benefits from all the services offered by the HSL (network and data protection, automatic backup, local services – APT, DNS, LDAP, NTP…) while been always separated from the outside world by two levels of security from different constructors/technologies (two firewalls from different constructors for the logical aspects, two different biometric authentication mechanisms for the physical ones)., as shown in Figure 1.

Such trust zones are deployed for each hosted project, including its own network and VLAN to ensure it is isolated from other hosted projects, but also user accounts and groups dedicated to the project in the HSL LDAP directory, associated firewalling and users/groups access lists policies (ACLs).

These zones are fully integrated to the automatic configuration and software management solution (puppet). The access to such a trust zone is possible through a dedicated Virtual Private Network (VPN), deployed exclusively for each project, and only limited to the user accounts linked to the project’s LDAP groups.


Services provided

Secure hosting

Allow secure hosting and analysis of sensitive data via dedicated trust zones

Data collection and analysis via security sensors for a long term perspective

Place distributed data sensors and probes on the Internet, collect and enrich data automatically, and allow researchers to work on these datasets in the HSL

Large scale experiments

Allow researchers to run Internet-wide experiments such as port scanning

Dissemination and communication

Allow researchers to deploy public services or disseminate results regarding their activities in the HSL


Keywords

Data collection, securing hosting/storage, collaborative platform, large scale experimentation


Services

  • Secure hosting

  • Data collection and analysis via security sensors for a long term perspective: Place distributed data sensors and probes on the Internet, collect and enrich data automatically, and allow researchers to work on these datasets in the HSL

  • Large scale experiments: run Internet-wide experiments such as port scanning

  • Dissemination and communication: deploy public services or disseminate results regarding their activities in the HSL


Technical equipment

  • Cyber security oriented datacenter. Around 95 servers, organized in per-project clusters and trust zones:

    • 8 to 40 cores per server

    • 32 to 128 GB memory per server

    • 1 to 20 TB disk space per server

  • Network Telescope (darknet + honeypots). Possibility to access live data streams via message queueing (RabbitMQ) and perform near realtime analysis of these events. Datasets:

    • Darknet data: passively collecting unsollicited traffic towards unused IP addess space (4K addressess), 370GB compressed PCAP since nov. 2014

    • Honeypot data: various honeypots attack logs and traces (mainly NetFlow data) collected sinde 2008

    • Malwares collected through the honeypots

  • Blacklist aggregator

    • Aggregate, centralize and preprocess (refinement and enrichment) relevant publicly available blacklists (IP, domain, URL) for further use (datasets annotation for example), available via MongoDB or RESTful API

  • Security Knowledge Base

    • Knowledge Base containing various security related standars (CPE, CVE, CWE, CAPEC) and their relationships, available through MongoDB or RESTful API


Use request

Non profit (NDA and/or acknowledgement required)