Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Slides:



Advertisements
Similar presentations
Reducing Latency in Tor Circuits with Unordered Delivery Michael F. Nowlan, David Wolinsky, and Bryan Ford Yale University Dedis Lab.
Advertisements

PlanetLab: An Overlay Testbed for Broad-Coverage Services Bavier, Bowman, Chun, Culler, Peterson, Roscoe, Wawrzoniak Presented by Jason Waddle.
Tor: The Second-Generation Onion Router
Estinet open flow network simulator and emulator. IEEE Communications Magazine 51.9 (2013): Wang, Shie-Yuan, Chih-Liang Chou, and Chun-Ming Yang.
Packet Switching COM1337/3501 Textbook: Computer Networks: A Systems Approach, L. Peterson, B. Davie, Morgan Kaufmann Chapter 3.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
PlanetLab Operating System support* *a work in progress.
Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.
Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory
Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.
Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.
Tor (Anonymity Network) Scott Pardue. Tor Network  Nodes with routers within the network (entry, middle, exit)  Directory servers  Socket Secure (SOCKS)
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.
Dynamic Network Emulation Security Analysis for Application Layer Protocols.
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
End-to-end resource management in DiffServ Networks –DiffServ focuses on singal domain –Users want end-to-end services –No consensus at this time –Two.
High Performance User-Level Sockets over Gigabit Ethernet Pavan Balaji Ohio State University Piyush Shivam Ohio State University.
1 Network Management Security Behzad Akbari Fall 2009 In the Name of the Most High.
Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS.
(c) University of Technology, Sydney Firewall Architectures.
An Architecture and Prototype Implementation for TCP/IP Hardware Support Mirko Benz Dresden University of Technology, Germany TERENA 2001.
Network Emulation for the Study and Validation of Traffic Models, Congestion and Flow Control in TCP/IP Networks Cheryl Pope Lecturer Department of Computer.
4/19/20021 TCPSplitter: A Reconfigurable Hardware Based TCP Flow Monitor David V. Schuehler.
Hot Interconnects TCP-Splitter: A Reconfigurable Hardware Based TCP/IP Flow Monitor David V. Schuehler
Latency Reduction Techniques for Remote Memory Access in ANEMONE Mark Lewandowski Department of Computer Science Florida State University.
Intel Research & Development ETA: Experience with an IA processor as a Packet Processing Engine HP Labs Computer Systems Colloquium August 2003 Greg Regnier.
A Bandwidth Estimation Method for IP Version 6 Networks Marshall Crocker Department of Electrical and Computer Engineering Mississippi State University.
Virtual Machines Created within the Virtualization layer, such as a hypervisor Shares the physical computer's CPU, hard disk, memory, and network interfaces.
Forwarding.
DoS/DDoS attack and defense
How Low Can You Go: Balancing Performance with Anonymity in Tor’ DC-Area Anonymity,Privacy, and Security Seminar May 10 th, 2013 Rob Jansen U.S. Naval.
Goals The DNP3 protocol is widely used in electrical power systems as a means of communicating observed sensor state information back to a control center.
Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.
Shadow: Scalable Simulation for Systems Security Research CrySP Speaker Series on Privacy University of Waterloo January 20 th, 2016 Rob Jansen U.S. Naval.
Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida.
3. INTERNETWORKING (PART 1) Rocky K. C. Chang Department of Computing The Hong Kong Polytechnic University 18 February
Client-server communication Prof. Wenwen Li School of Geographical Sciences and Urban Planning 5644 Coor Hall
Session 1: Technology Development August 15 NSF Workshop.
1 Scalability and Accuracy in a Large-Scale Network Emulator Nov. 12, 2003 Byung-Gon Chun.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Aaron Johnson Rob Jansen Aaron D. Jaggard Joan Feigenbaum
Computer and Information Security
Chapter 3: Packet Switching (overview)
PeerFlow: Secure Load Balancing in Tor Aaron Johnson1 Rob Jansen1 Aaron Segal2 Nicholas Hopper3 Paul Syverson1 1U.S. Naval Research Laboratory 2Yale.
Point-to-Point Network Switching
3. Internetworking (part 1)
Shadow: Real Applications, Simulated Networks
Experimental Networking (ECSE 4963)
Rob Jansen and Nick Hopper University of Minnesota
Performance Enhancements for Tor
An Overview of the ITTC Networking & Distributed Systems Laboratory
Inside Job: Applying Traffic Analysis to Measure Tor from Within
Preventing Denial of Service Attacks
Anupam Das , Nikita Borisov
Shadow: Scalable and Deterministic Network Experimentation
The Tor Network: Freedom and Privacy Online Aaron Johnson U. S
Privacy-Preserving Dynamic Learning of Tor Network Traffic
Packet Switching Outline Store-and-Forward Switches
Anonymous Communication
Network Management Security
Rob Jansen, U.S. Naval Research Laboratory
Presentation transcript:

Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – Research: the Sniper Attack Against Tor

Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – Research: the Sniper Attack Against Tor

Properties of Experimentation

Network Research

Testbed Trade-offs Controllable Reproducible Scalable Accuracy Convenient Live NetworkXX PlanetLab? SimulationXXXX EmulationXX ShadowXXX?X

Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – Research: the Sniper Attack Against Tor

What is Shadow? ● Discrete event network simulator ● Runs real applications without modification ● Simulates time, network, crypto, CPU ● Models routing, latency, bandwidth ● Single Linux box without root privileges

Shadow’s Capabilities

Bootstrapping Shadow

Virtual Network Configuration

Virtual Host Configuration

Simulation Engine

Program Layout Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper)

Plug-in Wrapper Hooks Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper)

Function Interposition LD_PRELOAD=/home/rob/libpreload.so Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper) libpreload (socket, write, …)

Function Interposition LD_PRELOAD=/home/rob/libpreload.so hooks Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper) libpreload (socket, write, …)

Function Interposition libpreload (socket, write, …) LD_PRELOAD=/home/rob/libpreload.so Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper) hooksfopen

Function Interposition libpreload (socket, write, …) LD_PRELOAD=/home/rob/libpreload.so socket Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper) hooksfopen

Function Interposition libpreload (socket, write, …) LD_PRELOAD=/home/rob/libpreload.so write Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper) hooksfopen

Clang/LLVM (custom pass) Virtual Context Switching

Shadow-Tor’s Accuracy

Shadow-Tor’s Scalability Memory: MiB per virtual Tor host

Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – Research: the Sniper Attack Against Tor

The Tor Anonymity Network torproject.org

How Tor Works

Tor protocol aware

Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – *Research: the Sniper Attack Against Tor *Joint with Aaron Johnson, Florian Tschorsch, Björn Scheuermann

Tor Flow Control exit entry

Tor Flow Control One TCP Connection Between Each Relay, Multiple Circuits exit entry

Tor Flow Control One TCP Connection Between Each Relay, Multiple Circuits Multiple Application Streams exit entry

Tor Flow Control No end-to-end TCP! exit entry

Tor Flow Control Tor protocol aware exit entry

Tor Flow Control Packaging End Delivery End exit entry

Tor Flow Control Packaging End Delivery End exit entry

Tor Flow Control 1000 Cell Limit SENDME Signal Every 100 Cells exit entry

The Sniper Attack ● Low-cost memory consumption attack ● Disables arbitrary Tor relays ● Anonymous if launched through Tor

The Sniper Attack Start Download Request exit entry

The Sniper Attack Reply DATA exit entry

The Sniper Attack Package and Relay DATA DATA exit entry

The Sniper Attack DATA Stop Reading from Connection DATA R exitentry

The Sniper Attack DATA R exit entry

The Sniper Attack DATA Periodically Send SENDME SENDME R DATA exit entry

The Sniper Attack DATA Out of Memory, Killed by OS R DATA exit entry

Memory Consumed over Time

Mean RAM Consumed, 50 Relays

Mean BW Consumed, 50 Relays

Sniper Attack Defenses ● Authenticated SENDMEs ● Queue Length Limit ● Adaptive Circuit Killer

Circuit-Killer Defense

Sniper Attack Implications ● Reduce Tor’s capacity ● Network Denial of Service ● Influence path selection (selective DoS) ● Deanonymization of hidden services

Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – Research: the Sniper Attack Against Tor

Questions? shadow.github.io github.com/shadow cs.umn.edu/~jansen think like an adversary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.