A Safe, Virtual Imaging Instrument for Logically Destructive Experiments (ReAssure)
Principal Investigator: Pascal Meunier
ReAssure is a testbed combining remote access with the containment of experiments. It was first publicly released in Fall 06, which involved public access to the testbed, and public access to its implementation details (source code, configuration files, and hardware specifications). All the successive improvements to the ReAssure testbed have been publicly posted under an open source license (BSD-style) and are available to the public at: http://projects.cerias.purdue.edu/reassure. ReAssure was built from the beginning to support experiments that can range from the testing and evaluation of innocuous peer-to-peer protocols, to the analysis of malware.
Besides supporting the research of faculty at Purdue, ReAssure has its own research efforts. Through a
Research Experiences for Undergraduates (REU) grant, research is being done in client honeypots hosted on bare metal in the ReAssure testbed. Information on malicious resources on the internet is crucial in making it safer and understanding the targets of attackers. However, the typical client honeypot relies on virtualization, which can be detected and therefore malicious resources may elect to behave in order to evade detection. There are also many other techniques that can be used to evade client honeypots, that we discuss in a poster at the 2009 CERIAS symposium.
Another axis of research is testbed security. The goal is to create manageable, flexible and easy-to-use access controls that can either supplement or even replace virtual machines. This approach was discussed in a poster that won first prize at the 2009 CERIAS symposium (see http://www.cerias.purdue.edu/assets/symposium/2009-posters/5CF-E41.pdf.)
Documentation and source code for the ReAssure system is available at http://projects.cerias.purdue.edu/reassure/Software/
Students: Jason Ortiz Jacques Thomas
Keywords: Malware, sandbox, testbed, virtual machines