Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamic Network Emulation Security Analysis for Application Layer Protocols.

Published byMaximilian Bridges Modified over 9 years ago

Similar presentations

Presentation on theme: "Dynamic Network Emulation Security Analysis for Application Layer Protocols."— Presentation transcript:

1 Dynamic Network Emulation Security Analysis for Application Layer Protocols

2 There are many network simulation and network analysis tools designed to look at issues in Layer 2 and Layer 3 protocols The Problem … but as the use of overlay networks grow, large amounts of network activity occurs at the application layer. 2

3 Overlay network security can significantly depend upon network topology and routing The Problem In onion-routing style anonymity networks, an adversary who can observe both sides of the anonymous path can break anonymity An adversary can position themselves to observe Skype calls routed through super nodes. …but we don’t have a good way to analyze the feasibility and effectiveness of these attacks 3

4 Good ISP Okay ISP Bad ISP In onion-routing style anonymity networks, an adversary who can observe both sides of the anonymous path can break anonymity 4 The Problem: Extended

5 In onion-routing style anonymity networks, an adversary who can observe both sides of the anonymous path can break anonymity What if the adversary can force a change in routing between two hosts? What if they can do it for N host- pairs? Do some routing protocols exacerbate this issue? 5

6 Ideally, the same way we do with other things Unfortunately these are real applications, running in the real world, and we want to know how that world affects them How can we answer these questions? Hypothesize Test Explain 6

7 We can observe real-world data, but we have:... limited vantage points... little ability to test hypotheses... no way to change the environment How can we answer these questions? What we need is a application layer network modeling environment 7

8 Network Testbeds: –Clusters of isolated machines that can be reserved and configured into network topologies Network Simulators: –Tools that simulate network applications at varying levels of fidelity Network Emulators: –Tools that create a fake network on which real-world applications can be run without modification Modeling Environments Exist Each of these has downsides 8

9 Network testbeds can suffer from contention and scalability Network simulators use an abstraction for the application; security often depends on corner cases Network emulators often prevent network manipulation once configured and operating Modeling Environments Exist 9 …but it’s not all bad

10 Network emulators have significant benefits –They run actual application binaries –They require drastically less hardware Unfortunately many existing emulators use static routing and do not allow live network manipulation Modeling Environments Exist 10

11 PROJECT PROPOSAL 11

12 Proposal: GUFiNE “GU Flexible Network Emulation” Application instances connected in arbitrary network topologies Host Emulator Contained within an emulation host Host Emulator Or a collection of emulation hosts 12

13 Emulation Host Proposal: GUFiNE Linux Application Level Net Emulator Routing Engine Network Stack Net Emulator Control Interface Network Emulator Network Applications Network Applications Path information is stored in the routing engine and used for traffic shaping and routing Packets are delayed and re-injected (without ever leaving the host). Path characteristics (delay, bandwidth) and routing can be updated on the fly 13

14 GUFiNE transparently creates a network topology for applications running on the host –Applications simply bind to an IP address alias The control plane allows routing and network link characteristics to be modified on the fly Proposal: GUFiNE 14

15 Allows exploring questions in changing network conditions. –What advantage does an adversary receive if they can shift the routing between two hosts when trying to break anonymity in an onion routing network? –What if they can do it for N host-pairs? Can explore these questions with real application binaries Proposal: GUFine 15

16 Goal: Single host dynamic emulator module Control toolchain Costs: 6 months $29,500 Goal: Multi-host distributed emulation Distributed control toolchain Costs: 6 Months $50,000 16 Proposal Requirements Part 2Part 1 Research proposal; costs are estimated; success is not guaranteed

17 QUESTIONS 17

Download ppt "Dynamic Network Emulation Security Analysis for Application Layer Protocols."

Similar presentations

Path Splicing with Network Slicing

Path Splicing with Network Slicing
1 ISP-Aided Neighbor Selection for P2P Systems Vinay Aggarwal Anja Feldmann, Obi Akonjang,

1 ISP-Aided Neighbor Selection for P2P Systems Vinay Aggarwal Anja Feldmann, Obi Akonjang,
Network Layer – Routing 2 Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Network Layer – Routing 2 Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
Application of GMPLS technology to traffic engineering Shinya Tanaka, Hirokazu Ishimatsu, Takeshi Hashimoto, Shiro Ryu (1), and Shoichiro Asano (2) 1:

Application of GMPLS technology to traffic engineering Shinya Tanaka, Hirokazu Ishimatsu, Takeshi Hashimoto, Shiro Ryu (1), and Shoichiro Asano (2) 1:
DOT – Distributed OpenFlow Testbed

DOT – Distributed OpenFlow Testbed
Chapter 22 Network Layer: Delivery, Forwarding, and Routing.

Chapter 22 Network Layer: Delivery, Forwarding, and Routing.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Network Virtualization COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Network Virtualization COS 597E: Software Defined Networking.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Estinet open flow network simulator and emulator. IEEE Communications Magazine 51.9 (2013): 110-117. Wang, Shie-Yuan, Chih-Liang Chou, and Chun-Ming Yang.

Estinet open flow network simulator and emulator. IEEE Communications Magazine 51.9 (2013): Wang, Shie-Yuan, Chih-Liang Chou, and Chun-Ming Yang.
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
MPLS: The Magic Behind the Myths Grenville Armitage Lucent Technologies.

MPLS: The Magic Behind the Myths Grenville Armitage Lucent Technologies.
Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute 2008. 10. 22.

Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute
A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.

A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
CSC 450/550 Part 3: The Medium Access Control Sublayer More Contents on the Engineering Side of Ethernet.

CSC 450/550 Part 3: The Medium Access Control Sublayer More Contents on the Engineering Side of Ethernet.
Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.

Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.
ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
Routing and Routing Protocols

Routing and Routing Protocols
ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
Internetworking Devices that connect networks are called Internetworking devices. A segment is a network which does not contain Internetworking devices.

Internetworking Devices that connect networks are called Internetworking devices. A segment is a network which does not contain Internetworking devices.

Similar presentations

Ads by Google