Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shadow: Real Applications, Simulated Networks

Published byJessie Newton Modified over 6 years ago

Similar presentations

Presentation on theme: "Shadow: Real Applications, Simulated Networks"— Presentation transcript:

1 Shadow: Real Applications, Simulated Networks
Dr. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems Cyber Modeling and Simulation Technical Working Group Mark Center, Alexandria, VA October 25th, 2017

2 What is Shadow? Open-source network simulator / emulator hybrid
Directly executes real applications like Tor and Bitcoin over a simulated network topology Efficient, scalable, deterministic, accurate, and more! U.S. Naval Research Laboratory

3 How does Shadow Work? App OS Kernel TCP IP Internet App OS Kernel
U.S. Naval Research Laboratory

4 How does Shadow Work? Shadow - OS emulation and network simulation App
OS Kernel TCP IP Internet App OS Kernel TCP IP App OS Kernel TCP IP U.S. Naval Research Laboratory

5 Why should you care? Expedite research and development
Evaluate software mods or attacks without harming real users Understand holistic effects before deployment Shadow supports simulation for general-purpose applications U.S. Naval Research Laboratory

6 Talk Outline Experimentation options and tradeoffs Shadow design
Simulation use cases – The Tor Anonymity Network Gentle Tor introduction Congestion problems Scheduling algorithms Performance enhancing algorithms Denial of service attacks Conclusion U.S. Naval Research Laboratory

7 Experimentation Options

8 Desirable Experiment Properties
Controllable Scalable Reproducible Accurate Shadow’s design goal U.S. Naval Research Laboratory

9 Live Network Experiments
Experimenting in a deployed distributed system Pros Most realistic The target environment Cons Hard to manage/debug Lengthy deployment Security risks U.S. Naval Research Laboratory

10 Testbed Network Experiments
Experimenting in a distributed testbed (e.g. PlanetLab) Pros Close to target environment Runs on the Internet or uses Internet protocols Cons Hard to manage and debug Doesn’t scale well in low-resource environs Can be hard to model network properties U.S. Naval Research Laboratory

11 Network Emulation Experimenting with network emulators (e.g. Modelnet)
Pros Runs on the target OS and uses Internet protocols Can model various network properties Cons Requires multiple machines and custom installed OS Must run in real time Per-process overhead may cause kernel issues U.S. Naval Research Laboratory

12 Network Simulation Experimenting with network simulators (e.g. NS3)
Pros Deterministic (reproducible) Can model various network properties Can scale very well Cons Application model can be too abstract Abstractions can lead to inaccurate results U.S. Naval Research Laboratory

13 Simulation vs. Emulation: Realism
Abstracts away most system components Runs the real OS, kernel, protocols, applications Simulator is generally only internally consistent Software is interoperable with external components Less resource intensive More resource intensive U.S. Naval Research Laboratory

14 Simulation vs. Emulation: Time
“As-fast-as-possible” Real time Control over clock, can pause time without issue Time must advance in synchrony with wall-clock Weak hardware extends total experiment runtime Weak hardware causes glitches that are difficult to detect and diagnose U.S. Naval Research Laboratory

15 Shadow Design

16 Shadow Overview Parallel discrete-event network simulator
Models routing, latency, bandwidth Simulates time, CPU, OS TCP/UDP, sockets, queuing, threading Emulates POSIX C API on Linux Directly executes apps as plug-ins U.S. Naval Research Laboratory

17 Initializing the Simulation
Load network model, create virtual hosts U.S. Naval Research Laboratory

18 Shadow Simulation Layout
Network model Global simulation clock Discrete event queue Shadow worker threads Virtual hosts Virtual processes (i.e. namespaces) Virtual threads Directly executed software plug-ins U.S. Naval Research Laboratory

19 App Memory Management Apps loaded in independent namespaces, copy-on-write Namespace 1 Namespace 2 Namespace 3 Library Code (read-only) Library Data 1 Library Data 2 Library Data 3 Plug-in Code (read-only) Plug-in Data 1 Plug-in Data 2 Plug-in Data 3 U.S. Naval Research Laboratory

20 Direct Execution in a Simulator
Namespace 1 Namespace 2 Namespace 3 libc libc libc Shadow – Simulated Linux Kernel Libraries and Network Transport Function Interposition Function Interposition Function Interposition libc API (send, write, etc.) libc API (send, write, etc.) libc API (send, write, etc.) Application Application Application U.S. Naval Research Laboratory

21 Simulation Use Cases – The Tor Anonymity Network

22 Gentle Tor Introduction

23 Estimated ~1.75 M. Users/Day (metrics.torproject.org)
Tor Overview Tor: a censorship resistant, privacy-enhancing anonymous communication system Estimated ~1.75 M. Users/Day (metrics.torproject.org) U.S. Naval Research Laboratory

24 Anonymous Communication
U.S. Naval Research Laboratory

25 Congestion Analysis

26 Multiple Hops – Tor is Slower
U.S. Naval Research Laboratory

27 Buffers in a Tor Relay Tor Input Tor Circuits Tor Output Kernel Input
Kernel Output U.S. Naval Research Laboratory

28 Tracking Congestion in Tor
Track the Unique ID Unique ID Track the Unique ID Unique ID Tor Input Tor Circuits Tor Output Kernel Input Kernel Output U.S. Naval Research Laboratory

29 Tracking Congestion in Tor
Track the Unique ID Congestion occurs almost exclusively in outbound kernel buffers Unique ID Track the Unique ID Unique ID Tor Input Tor Circuits Tor Output Kernel Input Kernel Output U.S. Naval Research Laboratory

30 Scheduling Analysis

31 Tor Circuit Priority Scenarios to understand outbound queue congestion
U.S. Naval Research Laboratory

32 Correctly differentiated
Tor Circuit Priority Scenarios to understand outbound queue congestion Correctly differentiated No differentiation U.S. Naval Research Laboratory

33 Tor Circuit Priority Scenarios to understand outbound queue congestion
Correctly differentiated No differentiation 99.775% of any two circuits are unshared U.S. Naval Research Laboratory

34 Performance Analysis

35 Kernel-Informed Socket Transport
Queuing delays in kernel output buffer Problem 1: Circuit scheduling Solution: Don’t handle sockets individually Process flush requests from all writable sockets Problem 2: Flushing to sockets – buffer bloat Don’t write if kernel can’t send Use TCP info to bound kernel writes U.S. Naval Research Laboratory

36 Network Simulation with Shadow
Enhanced Shadow with several missing TCP algorithms CUBIC congestion control Retransmission timers Selective acknowledgements (SACK) Forward acknowledgements (FACK) Fast retransmit/recovery Designed largest known private Tor network 3600 relays and simultaneously active clients Internet topology graph: ~700k vertices and 1.3m edges Analyze network-wide effects U.S. Naval Research Laboratory

37 KIST Reduces Kernel Congestion
U.S. Naval Research Laboratory

38 KIST Improves Network Latency
U.S. Naval Research Laboratory

39 Denial of Service Attacks

40 The Sniper Attack Memory-based denial of service (DoS) attack
Exploits vulnerabilities in Tor’s flow control protocol Can be used to disable arbitrary Tor relays U.S. Naval Research Laboratory

41 The Sniper Attack Start Download entry exit Request
U.S. Naval Research Laboratory

42 The Sniper Attack Package and Relay DATA DATA Reply DATA entry exit
U.S. Naval Research Laboratory

43 Stop Reading from Connection
The Sniper Attack Stop Reading from Connection DATA DATA R DATA entry exit U.S. Naval Research Laboratory

44 R The Sniper Attack Flow Window Closed DATA DATA DATA DATA entry exit
U.S. Naval Research Laboratory

45 Periodically Send SENDME
The Sniper Attack DATA DATA DATA R DATA entry exit Periodically Send SENDME SENDME U.S. Naval Research Laboratory

46 R The Sniper Attack Flow Window Opened DATA DATA DATA DATA DATA DATA
entry exit SENDME U.S. Naval Research Laboratory

47 R The Sniper Attack DATA DATA DATA DATA DATA
Out of Memory, Killed by OS DATA DATA DATA DATA DATA DATA Flow Window Opened DATA DATA DATA DATA DATA DATA DATA DATA R DATA entry exit Periodically Send SENDME SENDME SENDME U.S. Naval Research Laboratory

48 The Sniper Attack: Results
Implemented Sniper Attack Prototype Control Sybils via the Tor control protocol Tested in Shadow for safety Measured: Victim memory consumption rate Adversary bandwidth usage Developed defense, tested in Shadow, merged in Tor U.S. Naval Research Laboratory

49 RAM Consumed at Victim U.S. Naval Research Laboratory

50 Bandwidth Consumed at Adversary
U.S. Naval Research Laboratory

51 Speed of the Sniper Attack
Direct Anonymous Relay Groups Select % 1 GiB 8 GiB Top Entry 1.7 0:01 0:18 0:02 0:14 Top 5 Entries 6.5 0:08 1:03 0:12 1:37 Top 20 Entries 19 0:45 5:58 1:07 8:56 Top Exit 3.2 Top 5 Exits 13 0:05 0:37 0:07 0:57 Top 20 Exits 35 0:29 3:50 0:44 5:52 < 1 GiB RAM < 50 KiB/s Downstream BW < 100 KiB/s Upstream BW Time (hours:minutes) to Consume RAM U.S. Naval Research Laboratory

52 Conclusion

53 Other Shadow Uses Tor Network and memory attacks in Bitcoin
Latency and throughput correlation attacks Denial of Service attacks (sockets, RAM, bandwidth) Changes to path selection algorithms Traffic admission control algorithms Traffic scheduling and prioritization algorithms Network load balancing algorithms Process RAM consumption and optimization Network and memory attacks in Bitcoin Distributed secure multiparty computation algorithms Software debugging U.S. Naval Research Laboratory

54 Future Shadow Enhancements
Distribute across physical machines Support for multiple programming languages Host mobility Internet routing, network modeling User behavior modeling CPU performance modeling User interface Support additional applications (HTTP clients/server, bitcoin, etc.) Improve code stability, documentation, testing, etc. U.S. Naval Research Laboratory

55 Questions Dr. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems The Shadow Simulator shadow.github.io github.com/shadow

Download ppt "Shadow: Real Applications, Simulated Networks"

Similar presentations

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Distributed System Architectures.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Distributed System Architectures.
CS 443 Advanced OS Fabián E. Bustamante, Spring 2005 Resource Containers: A new Facility for Resource Management in Server Systems G. Banga, P. Druschel,

CS 443 Advanced OS Fabián E. Bustamante, Spring 2005 Resource Containers: A new Facility for Resource Management in Server Systems G. Banga, P. Druschel,
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.

1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.
Replay Debugging for Distributed Systems Dennis Geels, Gautam Altekar, Ion Stoica, Scott Shenker.

Replay Debugging for Distributed Systems Dennis Geels, Gautam Altekar, Ion Stoica, Scott Shenker.
Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.

Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.
Christopher Bednarz Justin Jones Prof. Xiang ECE 4986 Fall 2011 Department of Electrical and Computer Engineering University.

Christopher Bednarz Justin Jones Prof. Xiang ECE 4986 Fall Department of Electrical and Computer Engineering University.
Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
Institute of Computer and Communication Network Engineering OFC/NFOEC, 6-10 March 2011, Los Angeles, CA Lessons Learned From Implementing a Path Computation.

Institute of Computer and Communication Network Engineering OFC/NFOEC, 6-10 March 2011, Los Angeles, CA Lessons Learned From Implementing a Path Computation.
Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
Eric Keller, Evan Green Princeton University PRESTO 2008 8/22/08 Virtualizing the Data Plane Through Source Code Merging.

Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
High Performance Computing & Communication Research Laboratory 12/11/1997 [1] Hyok Kim Performance Analysis of TCP/IP Data.

High Performance Computing & Communication Research Laboratory 12/11/1997 [1] Hyok Kim Performance Analysis of TCP/IP Data.
Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS.

Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS.
Sharing Information across Congestion Windows CSE222A Project Presentation March 15, 2005 Apurva Sharma.

Sharing Information across Congestion Windows CSE222A Project Presentation March 15, 2005 Apurva Sharma.
Windows 2000 Course Summary Computing Department, Lancaster University, UK.

Windows 2000 Course Summary Computing Department, Lancaster University, UK.
4/19/20021 TCPSplitter: A Reconfigurable Hardware Based TCP Flow Monitor David V. Schuehler.

4/19/20021 TCPSplitter: A Reconfigurable Hardware Based TCP Flow Monitor David V. Schuehler.

Similar presentations

Ads by Google