Download Network Emulators

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
Document related concepts

Network science wikipedia , lookup

Types of artificial neural networks wikipedia , lookup

Transcript 
Dynamic Network Emulation
Security Analysis for Application
Layer Protocols
The Problem
There are many network simulation and
network analysis tools designed to look at
issues in Layer 2 and Layer 3 protocols
… but as the use of overlay networks grow,
large amounts of network activity occurs at the
application layer.
2
The Problem
Overlay network security can significantly
depend upon network topology and routing
In onion-routing style
anonymity networks, an
adversary who can observe
both sides of the anonymous
path can break anonymity
An adversary can position
themselves to observe Skype
calls routed through super
nodes.
…but we don’t have a good way to analyze the
feasibility and effectiveness of these attacks
3
The Problem: Extended
In onion-routing style anonymity networks, an adversary who can observe
both sides of the anonymous path can break anonymity
Good ISP
Bad ISP
Okay ISP
4
The Problem: Extended
In onion-routing style anonymity networks, an adversary who can observe
both sides of the anonymous path can break anonymity
What if the
adversary can force
a change in routing
between two
hosts?
5
What if they can
do it for N hostpairs?
Do some routing
protocols
exacerbate this
issue?
How can we answer these questions?
• Ideally, the same way we do with other
things
Hypothesize
Test
Explain
• Unfortunately these are real applications,
running in the real world, and we want to
know how that world affects them
6
How can we answer these questions?
• We can observe real-world data, but we
have:
... limited vantage points
... little ability to test hypotheses
... no way to change the environment
What we need is a application layer
network modeling environment
7
Modeling Environments Exist
• Network Testbeds:
– Clusters of isolated machines that can be reserved
and configured into network topologies
• Network Simulators:
– Tools that simulate network applications at varying
levels of fidelity
• Network Emulators:
– Tools that create a fake network on which real-world
applications can be run without modification
Each of these has downsides
8
Modeling Environments Exist
• Network testbeds can suffer from contention
and scalability
• Network simulators use an abstraction for the
application; security often depends on corner
cases
• Network emulators often prevent network
manipulation once configured and operating
…but it’s not all bad
9
Modeling Environments Exist
• Network emulators have significant
benefits
– They run actual application binaries
– They require drastically less hardware
• Unfortunately many existing emulators use
static routing and do not allow live network
manipulation
10
PROJECT PROPOSAL
11
Proposal: GUFiNE
“GU Flexible Network Emulation”
Application instances connected
in arbitrary network topologies
Contained within an
emulation host
Host Emulator
12
Or a collection of
emulation hosts
Proposal: GUFiNE
Emulation Host
Application Level
Network
Applications
Packets are delayed
and re-injected
(without ever
leaving the host).
Network Stack
Linux
13
Net Emulator Control Interface
Network Emulator
Path information is
stored in the
routing engine and
used for traffic
shaping and routing
Path characteristics
(delay, bandwidth)
and routing can be
updated on the fly
Net Emulator
Routing Engine
Proposal: GUFiNE
• GUFiNE transparently creates a network
topology for applications running on the
host
– Applications simply bind to an IP address
alias
• The control plane allows routing and
network link characteristics to be modified
on the fly
14
Proposal: GUFine
• Allows exploring questions in changing network
conditions.
– What advantage does an adversary receive if they can shift the
routing between two hosts when trying to break anonymity in an
onion routing network?
– What if they can do it for N host-pairs?
• Can explore these questions with real
application binaries
15
Proposal Requirements
Part 1
Part 2
Goal:
Goal:
• Single host dynamic
emulator module
• Control toolchain
• Multi-host distributed
emulation
• Distributed control toolchain
Costs:
Costs:
• 6 months
• $29,500
• 6 Months
• $50,000
Research proposal; costs are estimated; success is not guaranteed
16
QUESTIONS
17
Related documents
Automatic Payment/Withdrawal Switch Form (Account Number)
Automatic Payment/Withdrawal Switch Form (Account Number)
Modeling and Evaluation of Fibre Channel Storage Area Networks
Modeling and Evaluation of Fibre Channel Storage Area Networks
Link - Indico
Link - Indico
“Ethics Online” Shaping social behavior online takes more than new
“Ethics Online” Shaping social behavior online takes more than new
Syllabus - V-SECT
Syllabus - V-SECT
HW2
HW2
Network Addressing
Network Addressing
Network Emulation - School of Computer Science
Network Emulation - School of Computer Science
Economics 250 Grouped Data Sometimes data are grouped into
Economics 250 Grouped Data Sometimes data are grouped into
Lab Set Up
Lab Set Up
AI Approaches for Next Generation Telecommunication
AI Approaches for Next Generation Telecommunication
CS 381 Introduction to computer networks
CS 381 Introduction to computer networks