> From: Heidi Picher Dempsey <
hpd@...>
> Date: March 10, 2009 10:04:37 PM EDT
> To:
omis-wg@...
> Cc:
control-wg@...
> Subject: DRAFT GENI Recommended Use Policy
>
> As some of you will remember, the OMIS meeting at GEC3 included a
> discussion of security issues for GENI operations. One of the
> suggestions made there was to draft a GENI security policy. (You
> can listen to the discussion, or read summary notes by following the
> links at
http://groups.geni.net/geni/wiki/GeniOmis.) I've posted a
> discussion draft of a GENI Recommended Use Policy at
http://groups.geni.net/geni/wiki/RUP
> as a first step. I've tried to follow the main spirit of the
> discussion at GEC3, and include only those restrictions that seem
> absolutely necessary for GENI operations. I'm sure opinions will
> differ on this, so please reply to the mailing list with comments.
> The OMIS group will also be discussing this document at our GEC4
> meeting. The final policy will be used for Spiral 1.
>
> For those of you who'd rather avoid the wiki, I've included the core
> text from the Recommended Use policy. (Thanks to the PlanetLab
> Acceptable Use Policy authors, from whom I've borrowed much, as
> recommended by many at the OMIS meeting.
>
> -Heidi
>
> --------
> 2 GENI Use Overview
> The suite of GENI facilities coordinated by the GENI Project Office
> (GPO) is meant to support network science and engineering
> experiments, and to provide a collaborative environment in which
> participants can evaluate prototypes and gain a better understanding
> of the behavior and utility of various design alternatives. In
> addition to sponsored development projects, the GENI facilities
> suite may include resources contributed by research and commercial
> organizations and individuals. These resources are governed by
> their local policies, as well as by GENI guidelines. GENI
> facilities should be used only for research and education
> purposes. GENI does not allow illegal activities
>
> 3 Guidelines
> All GENI use should be consistent with the goals expressed in the
> use overview.
>
> All individuals contributing to the suite of GENI infrastructures
> should follow these guidelines. Individual sites that contribute
> GENI infrastructure may also have separate guidelines and Acceptable
> Use Policies (AUPs). GENI participants should not knowingly violate
> local AUPs.
>
> Many GENI resources are hosted and donated by organizations
> interested in the GENI project, and GENI work should not adversely
> affect those organizations. GENI participants should adhere to
> widely-accepted standards of network etiquette. Software and
> hardware should be debugged in a controlled environment prior to
> moving to GENI infrastructures, so that system behaviors are well
> understood before they become part of shared infrastructures.
> Participants should ensure their work does not disrupt other
> infrastructure, (for example by using more than their share of
> bandwidth or performing systematic port scans on local machines).
> If such an event is reported, the participant will be expected to
> investigate and address the issue if it appears to be related to
> their work. The GPO will provide guidance if requested for
> participants who are unsure whether their work might adversely
> affect local infrastructures.
>
> GENI participants are responsible for ensuring that their
> experiments, prototypes, or contributed infrastructure cannot be
> hijacked and used to attack or spam other infrastructure or users.
> If such an event occurs despite the participants’ best efforts, they
> are expected to investigate and remediate resultant problems.
> Although the GPO-sponsored GENI operations mailing list may receive
> initial complaints about misbehaving services or systems, staff from
> the operations list will put complainants in direct contact with the
> researcher or development project lead responsible for reported
> problems, and follow the response emails.
>
> GENI resources are accessible to various opt-in users, who may not
> be officially registered with GENI clearinghouses. Researchers who
> sponsor services that include these users are responsible for
> ensuring that their users do not violate the GENI infrastructure
> recommended use policy.
>
> GENI offers no privacy guarantees on data sent to and from the GPO-
> coordinated GENI suite of infrastructure. GENI participants should
> assume data will be monitored and logged, for example to investigate
> abuse. GENI also offers no reliability guarantees. Systems and
> services may be rebooted, briefly taken off-line, and reinstalled
> without prior warning
>
> 4 Consequences
> This is a collaborative infrastructure, and the nature of some
> violations may require immediate action to protect the rest of the
> community (for example responding to a denial-of-service attack).
> Staff on the GPO-sponsored GENI operations mailing list will strive
> to contact all parties involved in a suspected or reported
> violation, and to discuss options with those parties before taking
> action to address the violation. Staff will take action before
> reaching all parties if necessary. Local providers or project
> participants may act independently if they perceive an immediate
> threat, although GENI encourages coordination with the GENI
> operations mailing list.
>
> Violation of this Recommended Use Policy may result in any of the
> following:
> * disabling experiments, systems, or users access to GPO-
> coordinated GENI infrastructure
> * removing sites or resources from the GPO-coordinated GENI
> infrastructure
> * Informing the participant’s administrative organization of the
> violation
> * Informing the GENI community, including the National Science
> Foundation, of the violation
>
> To report a suspected violation of this policy, contact the GENI
> operations mailing list (
geni-ops@...).
>
