Transcript Network Emulators

Dynamic Network Emulation
Security Analysis for Application
Layer Protocols
The Problem
There are many network simulation and
network analysis tools designed to look at
issues in Layer 2 and Layer 3 protocols
… but as the use of overlay networks grow,
large amounts of network activity occurs at the
application layer.
2
The Problem
Overlay network security can significantly
depend upon network topology and routing
In onion-routing style
anonymity networks, an
adversary who can observe
both sides of the anonymous
path can break anonymity
An adversary can position
themselves to observe Skype
calls routed through super
nodes.
…but we don’t have a good way to analyze the
feasibility and effectiveness of these attacks
3
The Problem: Extended
In onion-routing style anonymity networks, an adversary who can observe
both sides of the anonymous path can break anonymity
Good ISP
Bad ISP
Okay ISP
4
The Problem: Extended
In onion-routing style anonymity networks, an adversary who can observe
both sides of the anonymous path can break anonymity
What if the
adversary can force
a change in routing
between two
hosts?
5
What if they can
do it for N hostpairs?
Do some routing
protocols
exacerbate this
issue?
How can we answer these questions?
• Ideally, the same way we do with other
things
Hypothesize
Test
Explain
• Unfortunately these are real applications,
running in the real world, and we want to
know how that world affects them
6
How can we answer these questions?
• We can observe real-world data, but we
have:
... limited vantage points
... little ability to test hypotheses
... no way to change the environment
What we need is a application layer
network modeling environment
7
Modeling Environments Exist
• Network Testbeds:
– Clusters of isolated machines that can be reserved
and configured into network topologies
• Network Simulators:
– Tools that simulate network applications at varying
levels of fidelity
• Network Emulators:
– Tools that create a fake network on which real-world
applications can be run without modification
Each of these has downsides
8
Modeling Environments Exist
• Network testbeds can suffer from contention
and scalability
• Network simulators use an abstraction for the
application; security often depends on corner
cases
• Network emulators often prevent network
manipulation once configured and operating
…but it’s not all bad
9
Modeling Environments Exist
• Network emulators have significant
benefits
– They run actual application binaries
– They require drastically less hardware
• Unfortunately many existing emulators use
static routing and do not allow live network
manipulation
10
PROJECT PROPOSAL
11
Proposal: GUFiNE
“GU Flexible Network Emulation”
Application instances connected
in arbitrary network topologies
Contained within an
emulation host
Host Emulator
12
Or a collection of
emulation hosts
Proposal: GUFiNE
Emulation Host
Application Level
Network
Applications
Packets are delayed
and re-injected
(without ever
leaving the host).
Network Stack
Linux
13
Net Emulator Control Interface
Network Emulator
Path information is
stored in the
routing engine and
used for traffic
shaping and routing
Path characteristics
(delay, bandwidth)
and routing can be
updated on the fly
Net Emulator
Routing Engine
Proposal: GUFiNE
• GUFiNE transparently creates a network
topology for applications running on the
host
– Applications simply bind to an IP address
alias
• The control plane allows routing and
network link characteristics to be modified
on the fly
14
Proposal: GUFine
• Allows exploring questions in changing network
conditions.
– What advantage does an adversary receive if they can shift the
routing between two hosts when trying to break anonymity in an
onion routing network?
– What if they can do it for N host-pairs?
• Can explore these questions with real
application binaries
15
Proposal Requirements
Part 1
Part 2
Goal:
Goal:
• Single host dynamic
emulator module
• Control toolchain
• Multi-host distributed
emulation
• Distributed control toolchain
Costs:
Costs:
• 6 months
• $29,500
• 6 Months
• $50,000
Research proposal; costs are estimated; success is not guaranteed
16
QUESTIONS
17