Shadow: Scalable and Deterministic Network Experimentation in Cybersecurity

The presentation discusses the concept of deterministic experimentation in cybersecurity, emphasizing the importance of experimental control and scalability in large distributed systems like Tor. It introduces Shadow, a network simulator designed to achieve repeatable and realistic experiments for researching cybersecurity applications such as Tor. The content delves into Tor's overview, onion routing, and various experimentation options including live network testing, simulation, and emulation, highlighting the trade-offs between realism and resource intensity. Dr. Rob Jansen from the U.S. Naval Research Laboratory shares insights at a community engagement event on the future of cybersecurity experimentation.

• Cybersecurity
• Shadow
• Network Experimentation
• Tor
• Simulation

haer447 Follow

Uploaded on Dec 07, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Shadow: Scalable and Deterministic Network Experimentation Cybersecurity Experimentation of the Future Community Engagement Event Dr. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems Marina Del Rey, CA May 15th, 2018

2. The Science of Cybersecurity The most important property of experiments: Experimental control isolate important factors Easily achievable with deterministic experimentation Determinism yields repeatable / reproducible experiments Requirements for large distributed systems (e.g., Tor) Realistic execute system software (not an abstraction) Scalable can run studied system at scale Shadow Network simulator with above design goals U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 2

3. Tor Experimentation

4. Tor Overview Tor: a censorship resistant, privacy-enhancing anonymous communication system ~6500 Relays, 100 Gbit/s Estimated ~2 M. Users/Day (metrics.torproject.org) U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 4

5. Onion Routing U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 5

6. Tor Experimentation Options Approach Live Network Notes Target environment, most realistic Lengthy deployment, security risks Target OS, uses Internet protocols Requires significant hardware investment Target OS, uses Internet protocols Large VM overhead Deterministic, scalable, decoupled from real time Abstractions reduce realism More Control, Scalable More Realistic, Costly Testbed Emulation Simulation U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 6

7. Simulation vs. Emulation: Realism Simulation Abstracts away most system components Simulator is generally only internally consistent Emulation Runs the real OS, kernel, protocols, applications Software is interoperable with external components Less resource intensive More resource intensive U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 7

8. Simulation vs. Emulation: Time Simulation As-fast-as-possible Emulation Real time Control over clock, can pause time without issue Time must advance in synchrony with wall-clock Weak hardware extends total experiment runtime Weak hardware causes glitches that are difficult to detect and diagnose U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 8

9. Shadow Design

10. What is Shadow? Deterministic, parallel discrete-event network simulator Directly executes apps as plug-ins (e.g., Tor, Bitcoin) Models routing, latency, bandwidth Simulates time, CPU, OS TCP/UDP, sockets, queuing, threading Emulates POSIX C API on Linux U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 10

11. How does Shadow Work? Shadow - OS emulation and network simulation OS Kernel TCP IP App OS Kernel TCP IP App Internet OS Kernel TCP IP App U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 11

12. App Memory Management Apps loaded in independent namespaces, copy-on-write Namespace 1 Namespace 2 Namespace 3 Library Code (read-only) Library Data 1 Library Data 2 Library Data 3 Plug-in Code (read-only) Plug-in Data 1 Plug-in Data 2 Plug-in Data 3 U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 12

13. Direct Execution in a Simulator Namespace 3 Namespace 1 Namespace 2 libc libc libc Shadow Simulated Linux Kernel Libraries and Network Transport Function Interposition Function Interposition Function Interposition libc API libc API libc API (send, write, etc.) (send, write, etc.) (send, write, etc.) Application Application Application U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 13

14. Shadow Uses Cases Tor Network and memory attacks in Bitcoin Distributed secure multiparty computation algorithms Software debugging Latency and throughput correlation attacks Denial of Service attacks (sockets, RAM, bandwidth) Changes to path selection algorithms Traffic admission control algorithms Traffic scheduling and prioritization algorithms Network load balancing algorithms Process RAM consumption and optimization U.S. Naval Research Laboratory Shadow: Real Applications, Simulated Networks | 14

15. Questions Dr. Rob Jansen Center for High Assurance Computer Systems U.S. Naval Research Laboratory rob.g.jansen@nrl.navy.mil robgjansen.com, @robgjansen The Shadow Simulator shadow.github.io github.com/shadow