Please note that GSoC 2011 has now successfully completed. This content is being retained for reference only.
This page contains a copy of the Honeynet Project's org application for Google Summer of Code 2011, which was submitted by the deadline for GSoC 2011 org applications of Friday March 11th 2011.
The Honeynet Project
Founded in 2000, the Honeynet Project is an international non-profit (US 501c3) research organization dedicated to improving the security of the Internet. For the past eleven years everything we have done and continue to do is based on the principles of opensource and volunteer efforts. Our bylaws specifically state any software or papers developed and published by the organization must be licensed as open source and made freely available to the community. Our goal is to help coordinate the development, deployment, advancement and research findings of honeypot related technologies and also provide education, awareness and mitigation approaches for emerging computer security threats. With over thirty chapters, one hundred members and twenty opensource research projects around around the world, we are a highly diverse and international organization.
Main Organization License:
Why is your organization applying to participate in GSoC 2011? What do you hope to gain by participating?
One of our greatest contributions to the security community continues to be the development of new ideas and technology. We find that students often have the most innovative ideas and the greatest motivation to see them developed quickly. They also bring great enthusiasm and different life experiences to our community. Through GSoC 2011, we hope to, once again, be able to tap into the tremendous pool of new student talent around the world and see exciting and creative open source software projects being actively supported. In addition, in the long term, we hope to be able to continue to identify and develop new members who can go on to contribute to our organization and the community at large (as has happened in previous years of GSoC, with students going on to become active Honeynet Project contributors, GSoC mentors and GSoC org admins). Finally, we hope to contribute to the student, education and open source communities by helping sponsored students improve their software development and project-related experience. We have had a positive and enjoyable experience in previous years, and gained much from the opportunity to meet many new and interesting people, so with Google's continued support we very much hope this will continue in 2011.
If accepted, would this be your first year participating in GSoC?
Did your organization participate in past GSoCs? If so, please summarize your involvement and the successes and challenges of your participation.
Yes. The Honeynet Project was a successful mentoring org in GSoC 2009 and GSoC 2010. We have publicly presented on our achievements at a number of conference events in locations such as the US, Mexico, Europe, Malaysia, China and Japan over the past year. A recent presentation, by our Chief Research Officer David Watson, summarizing our achievements during GSoC 2009 and GSoC 2010 can be found at http://www.ukhoneynet.org/GSoC-2009-2010_Honeynet_Project_David_Watson.pdf. Hopefully, this provides a good introduction to the Honeynet Project and our collective activities in recent GSoCs.
Our most significant GSoc achievements to date include:
1) Bringing together our existing members and new students to successfully deliver and release a wide range of new honeynet tools (http://www.honeynet.org/project) and techniques (http://www.honeynet.org/papers). These have significantly advanced our research fields and produced tools that have gone on to become the defacto standard for honeynet data collection Worldwide.
2) Introducing bright, motivated and dedicated students from around the World into our existing community and retaining their continued, active membership going forwards, including ongoing development of their GSoC projects over the following years, becoming actively involved in new R&D initiatives or transitioning from GSoC students to GSoC mentors and org admins.
3) Spawning a new category of Creative Commons whitepapers called the "Know Your Tools (KYT)" series (http://www.honeynet.org/papers), explaining why GSoC generated tools were significant, demonstrating how to build and deploy them and offering advice on customization and extension. We have had interest from many potential tool users about these new papers and it opened our eyes to the need to explain software, as well as research findings to the public.
Some significant challenges that we have had to work hard to overcome include:
1) Since we do not know in advance the skillsets of the students, the process of identifying, scoping, and refining an appropriate set of project ideas that represent the wide range of expertise areas of our membership is a significant undertaking. The follow-on engagement with the students to determine the best fit for their research interests and capabilities, coupled with the ultimate goal of delivering high quality usable deliverable projects, is a demanding process, but one that our membership finds exciting.
2) As a geographically distributed security-focused R&D organization with a strong trust model, much of our day to day organizational operations and data exchange occurs through private mailing lists (although we do also have the usual range of public development support mailing lists, wikis, etc). Quickly and easily engaging GSoC students with our internal community can be more difficult than for many other open source organizations where internal organization communication is more readily open and geographical distribution is not a major concern.
3) Dealing with the unfortunate situations last year, (where we had one promising student go permanently AWOL right at the start of the project despite very proactive actions on the part of the mentor team, and then the disappointment of having two mentors fail to complete their assessments on time) was an immensely frustrating situation for everyone else involved and provoked much discussion on how we would protect future students (plus GSoC and our organization) from
ever ending up in the same position again. Our process continues to improve based on evaluation of lessons learned each time we participate. This year, we have established earlier internal deadlines for mentor reports, and have created a Honeynet Project GSoC Administrative Team to oversee the projects. We have formalized processes for managing project scope and have charged a funded Honeynet Project Officer with oversight of the entire effort. We are confident that these changes will prevent these challenges from being issues in the future.
If your organization participated in past GSoCs, please let us know the ratio of students passing to students allocated, e.g. 2006: 3/6 for 3 out of 6 students passed in 2006.
2009 = 9/9 students passed (+3/3 existing member students funded internally in parallel HPSoC), 2010 = 16/17 students passed (1 AWOL)
What is the URL for your ideas page?
What is the main development mailing list for your organization? This question will be shown to students who would like to get more information about applying to your organization for GSoC 2011. If your organization uses more than one list, please make sure to include a description of the list so students know which to use.
We have a primary internal mailing list called [email protected] which is used by our members to coordinate all of our different research projects. Major research projects then get their own dedicated mail list specific to the project, which can be public or private (for example, see https://public.honeynet.org/mailman/listinfo). We also have mailing lists for some individual projects that are hosted on infrastructure outside our own (see http://www.ukhoneynet.org/GSoC-2009-2010_Honeynet_Project_David_Watson.pdf for full details).
Because we have such a wide range of sub-projects, for contact info related to GSoC we ask potential students to email us initially at [email protected], which we will then direct to the relevant list/people.
New for GSoC 2011, assuming we are accepted, we have also started a public GSoC questions mailing list for interested parties to ask general questions on: https://public.honeynet.org/mailman/listinfo/gsoc (we already use private mentors/students/org-admin mailing lists for internal communication during GSoC).
What is the main IRC channel for your organization?
irc.honeynet.org (private), although for everything GSoC we will be using #gsoc2011-honeynet on irc.freenode.net for student communications
Does your organization have an application template you would like to see students use? If so, please provide it now. Please note that it is a very good idea to ask students to provide you with their contact information as part of your template. Their contact details will not be shared with you automatically via the GSoC 2011 site.
What criteria did you use to select the individuals who will act as mentors for your organization? Please be as specific as possible.
Each mentor has been extensively reviewed and must meet the following minimum criteria:
* Ideally, over five years successful experience in opensource work.
* Proven record of leading opensource projects. Must have helped develop and test at least one new opensource technology, be passionate about their chosen field and able to encourage others to work as a team.
* Highly motivated and actively wants a mentoring position. Usually has a specific personal interest in the success of their individual project and experience of dealing with developers new to our Project.
* Must be a proven member of our organization and able to commit the necessary time to the proposed project. Honeynet Project 'Full Members' are people we have met face to face with, so we know and trust them.
* Experienced at distributed development practices and electronic team communication.
* Usually considered a subject matter expert in their chosen field and used to explaining their ideas to different groups of people from a wide variety of backgrounds. Prior experience as a successful GSoC participant is a strong positive.
* Where possible, we have selected mentors who have proven track history in successfully mentoring previous GSoC
* Where we have a choice from multiple mentors, we will try and select the mentor with the best language/timezone/experience match for individual students (i.e providing Chinese language mentors for students in China, etc).
* Our annual workshop is happening in Paris this March and we have face to face meetings arranged for all GSoC 2011
mentors and org admins, to ensure everyone is clear on the requirements and can confirm they are able to deliver.
What is your plan for dealing with disappearing students?
Unfortunately, we had this negative experience once (GSoC 2010), but our goal is to keep students highly motivated and in regular contact to minimize the risk of them disappearing in the first place. We believe the key to achieving this is great communication and support. We provide a variety of channels for our members to communicate, including IRC, mailing lists and VoIP, which will all be made available to sponsored students. Wherever possible, we also encourage face to face communication, at least at the start of a project.
However, we understand at times that situations beyond one's control can arise. If a student is not being responsive, they will get a one week warning and we will make every effort to contact them and understand how we can help them with their situation. The goal is to identify what issues the student is having and what we can do to better support and help the student. If they are still not responsive, then they will get a second and final warning. After two weeks of no response, they will be removed from the program (although we'll do everything we can to try and keep projects on track and avoid this happening, including contact by telephone and their parent institution, if appropriate). We intend this to be a firm, but fair and supportive approach.
We also make use of our org-admin support and funded CEO to ensure we always have a (hopefully impartial) escalation point in the unlikely event that the student has personal issues with their mentor.
What is your plan for dealing with disappearing mentors?
Most mentors have been a member of our organization for a number of years and are active, motivated security professionals with face to face relationships. We have the highest confidence that this will not be an issue. To help protect against this risk, most of our projects have multiple mentors identified and we will normally be able to provide an immediate backup mentor. However, in the rare case that a suitable mentor is not immediately available, a highly qualified back up that is a long standing member of our organization has been identified for each project and will step in to ensure the project remains on track. A written project plan and weekly project diary will support a smooth hand off to the back up.
After our extremely frustrating experience with a mentor missing the student mid-term assessment deadline and then another mentor missing a final student assessment deadline in GSoC 2010, we will be establishing a parallel internal GSoC timeline (via a shared Google Calendar) for GSoC 2011 which builds in a 24-48 hour buffer between our internal deadlines and the official GSoC deadlines. We will also have a weekly project diary by both mentors and students. With an increased number of org admins for GSoC 2011, we will have primary org admins associated with each student project directly monitoring each student's project progress to ensure that even if a mentor or student is unavailable to complete their assessment to our internal deadline, the org admin will always have access to sufficient, quality information to enable them to complete a thorough assessment by the official deadline.
What steps will you take to encourage students to interact with your project's community before, during and after the program?
We have kept our #gsoc-honeynet channel on irc.freenode.net active all year since GSoC 2009 and regularly get students dropping in to see what is happening (although we will be directing traffic to #gsoc2011-honeynet this year (if we are accepted) to better differentiate activity). We have also been fielding emails for a couple of months as the buzz around GSoC 2011 has started to build.
This year for the first time at our annual workshop we are holding a public day, to which we are inviting past/potential future GSoC students and members of the international student community (with subsidized costs). We are also launching a new public email list (https://public.honeynet.org/mailman/listinfo/gsoc) for potentially interested students to subscribe to and ask general questions, which will have students and mentors from previous years on it. We will also invite students who previously applied unsuccessfully or expressed a prior interest too.
We try to encourage students to get involved now, read papers, try our forensic challenges (https://www.honeynet.org/challenges), submit code for existing project, discuss potential project ideas on IRC, etc before official student applications begin.
We regularly blogged throughout GSoC 2009 and GSoC 2010 about our projects (both mentors and students) and followed up on some projects with whitepapers or conference presentations over the past year, as described above. Plus, we released various summary reports (all available from our public web site). We have kept in touch with our past students, encouraging our members to test their tools and provide feedback before seeking an official v1.0 release to the public.
Again for GSoC 2011, each student will be added to our internal communications mailing list and IRC channel. Here, they will be introduced to our members and given access to a great deal of communication and coding resources. In addition, the Honeynet Project has a variety of mechanisms for interaction with the community, including:
* Public mailing lists for active public projects
* Specialist internal mailing lists for R&D activity on particular topics
* Sub-version and trac server for project hosting and collaborative development
* A public website allowing dynamic content, including blogging and projects
* Connections to major academic institutions in almost every country
* Regular face to face meetings at major conferences, workshops and other public or private events
* An invite to our Annual Workshop, which is held in an international location and has 60+ members from all over the world are in attendance. This is an opportunity to engage in intensive R&D, attend presentations, take part in knowledge sharing and social activities. This year's workshop in Paris in April, where a number of GSoC 2009 and GSoC 2010 students will present or attend.
We aim to bring successful students in to our community, get them involved with other projects and continue to grow our volunteer organization after the program officially ends. Hopefully, a number of this year's GSoC students applications will have been introduced to us by last year's successful students, and we will have repeat students or students from last year as project mentors/technical advisors/org admins. This should help to provide new students with a wealth of information and experience from old hands.
If you are a small or new organization applying to GSoC, please list a larger, established GSoC organization or a Googler that can vouch for you here.
If you are a large organization who is vouching for a small organization applying to GSoC for their first time this year, please list their name and why you think they'd be good candidates for GSoC here:
Anything else you'd like to tell us?
Hopefully, our application will make clear our extreme disappointment that our many successful projects last year were overshadowed by the unfortunate failure of two of our previously reliable mentors to meet their student assessment deadlines. We understand the pain the manual fixes to Melange caused and can only apologize for the disruption and impact to the students/GSoC programme. At the time, this caused a lot of internal discomfort and debate, and we discussed the situation at length with Carol to try and learn what lessons we could from the experience. We also debated whether to raise these internal failings publicly in our GSoC 2011 application. We strongly believe that we hav put in place the necessary controls to avoid students, Google or the Honeynet Project from being put in the same position again.
The Honeynet Project is committed to continuing with GSoC, as we have seen first-hand the valuable contributions that it makes to students, our organization, and the community as a whole. We hope that these isolated incidents last year are outweighed by our many successful projects. We also hope that our continued enthusiasm and commitment to the GSoC cause will encourage Google to once again accept the Honeynet Project as a mentoring organization and allow us to continue to contribute to this important effort.
Backup Admin (Link ID):