Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Published byMaryann Simon Modified over 8 years ago

Similar presentations

Presentation on theme: "Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory"— Presentation transcript:

1 Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory rob.g.jansen@nrl.navy.mil

2 Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – Research: the Sniper Attack Against Tor

3 Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – Research: the Sniper Attack Against Tor

4 Properties of Experimentation

5 Network Research

6 Testbed Trade-offs Controllable Reproducible Scalable Accuracy Convenient Live NetworkXX PlanetLab? SimulationXXXX EmulationXX ShadowXXX?X

7 Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – Research: the Sniper Attack Against Tor

8 What is Shadow? ● Discrete event network simulator ● Runs real applications without modification ● Simulates time, network, crypto, CPU ● Models routing, latency, bandwidth ● Single Linux box without root privileges

9 Shadow’s Capabilities

10 Bootstrapping Shadow

11 Virtual Network Configuration

12 Virtual Host Configuration

13 Simulation Engine

14 Program Layout Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper)

15 Plug-in Wrapper Hooks Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper)

16 Function Interposition LD_PRELOAD=/home/rob/libpreload.so Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper) libpreload (socket, write, …)

17 Function Interposition LD_PRELOAD=/home/rob/libpreload.so hooks Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper) libpreload (socket, write, …)

18 Function Interposition libpreload (socket, write, …) LD_PRELOAD=/home/rob/libpreload.so Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper) hooksfopen

19 Function Interposition libpreload (socket, write, …) LD_PRELOAD=/home/rob/libpreload.so socket Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper) hooksfopen

20 Function Interposition libpreload (socket, write, …) LD_PRELOAD=/home/rob/libpreload.so write Libraries (libc, …) Shadow Engine (shadow-bin) Shadow Plug-in (application+ wrapper) hooksfopen

21 Clang/LLVM (custom pass) Virtual Context Switching

22

23 Shadow-Tor’s Accuracy

24 Shadow-Tor’s Scalability Memory: 20- 30 MiB per virtual Tor host

25 Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – Research: the Sniper Attack Against Tor

26 The Tor Anonymity Network torproject.org

27 How Tor Works

28

29

30

31 Tor protocol aware

32 Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – *Research: the Sniper Attack Against Tor *Joint with Aaron Johnson, Florian Tschorsch, Björn Scheuermann

33 Tor Flow Control exit entry

34 Tor Flow Control One TCP Connection Between Each Relay, Multiple Circuits exit entry

35 Tor Flow Control One TCP Connection Between Each Relay, Multiple Circuits Multiple Application Streams exit entry

36 Tor Flow Control No end-to-end TCP! exit entry

37 Tor Flow Control Tor protocol aware exit entry

38 Tor Flow Control Packaging End Delivery End exit entry

39 Tor Flow Control Packaging End Delivery End exit entry

40 Tor Flow Control 1000 Cell Limit SENDME Signal Every 100 Cells exit entry

41 The Sniper Attack ● Low-cost memory consumption attack ● Disables arbitrary Tor relays ● Anonymous if launched through Tor

42 The Sniper Attack Start Download Request exit entry

43 The Sniper Attack Reply DATA exit entry

44 The Sniper Attack Package and Relay DATA DATA exit entry

45 The Sniper Attack DATA Stop Reading from Connection DATA R exitentry

46 The Sniper Attack DATA R exit entry

47 The Sniper Attack DATA Periodically Send SENDME SENDME R DATA exit entry

48 The Sniper Attack DATA Out of Memory, Killed by OS R DATA exit entry

49 Memory Consumed over Time

50 Mean RAM Consumed, 50 Relays

51 Mean BW Consumed, 50 Relays

52 Sniper Attack Defenses ● Authenticated SENDMEs ● Queue Length Limit ● Adaptive Circuit Killer

53 Circuit-Killer Defense

54 Sniper Attack Implications ● Reduce Tor’s capacity ● Network Denial of Service ● Influence path selection (selective DoS) ● Deanonymization of hidden services

55 Outline ● Experimentation Ideology ● Shadow and its Design ● Use case: – Overview: the Distributed Tor Network – Research: the Sniper Attack Against Tor

56 Questions? shadow.github.io github.com/shadow cs.umn.edu/~jansen rob.g.jansen@nrl.navy.mil think like an adversary

Download ppt "Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory"

Similar presentations

Reducing Latency in Tor Circuits with Unordered Delivery Michael F. Nowlan, David Wolinsky, and Bryan Ford Yale University Dedis Lab.

Reducing Latency in Tor Circuits with Unordered Delivery Michael F. Nowlan, David Wolinsky, and Bryan Ford Yale University Dedis Lab.
PlanetLab: An Overlay Testbed for Broad-Coverage Services Bavier, Bowman, Chun, Culler, Peterson, Roscoe, Wawrzoniak Presented by Jason Waddle.

PlanetLab: An Overlay Testbed for Broad-Coverage Services Bavier, Bowman, Chun, Culler, Peterson, Roscoe, Wawrzoniak Presented by Jason Waddle.
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
Estinet open flow network simulator and emulator. IEEE Communications Magazine 51.9 (2013): 110-117. Wang, Shie-Yuan, Chih-Liang Chou, and Chun-Ming Yang.

Estinet open flow network simulator and emulator. IEEE Communications Magazine 51.9 (2013): Wang, Shie-Yuan, Chih-Liang Chou, and Chun-Ming Yang.
Packet Switching COM1337/3501 Textbook: Computer Networks: A Systems Approach, L. Peterson, B. Davie, Morgan Kaufmann Chapter 3.

Packet Switching COM1337/3501 Textbook: Computer Networks: A Systems Approach, L. Peterson, B. Davie, Morgan Kaufmann Chapter 3.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
PlanetLab Operating System support* *a work in progress.

PlanetLab Operating System support* *a work in progress.
Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.

Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.
Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory
Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.

10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.

Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.
Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.

Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.
Tor (Anonymity Network) Scott Pardue. Tor Network  Nodes with routers within the network (entry, middle, exit)  Directory servers  Socket Secure (SOCKS)

Tor (Anonymity Network) Scott Pardue. Tor Network  Nodes with routers within the network (entry, middle, exit)  Directory servers  Socket Secure (SOCKS)
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing

Similar presentations

Ads by Google