on precise realtime software access and
play

on Precise Realtime Software Access and Control of Wired Networks - PowerPoint PPT Presentation

Mar 11, 2023 •365 likes •693 views

Forensics in the SoNIC Project on Precise Realtime Software Access and Control of Wired Networks Ki Suh Lee, Han Wang, Hakim Weatherspoon Cornell University International Workshop on Trustworthiness, Accountability, and Forensics in the Cloud

  1. Forensics in the SoNIC Project on Precise Realtime Software Access and Control of Wired Networks Ki Suh Lee, Han Wang, Hakim Weatherspoon Cornell University International Workshop on Trustworthiness, Accountability, and Forensics in the Cloud (TAFC) June 6, 2013

  2. The Rise of Cloud Computing • The promise of the Cloud – A computer utility; a commodity – Catalyst for technology economy – Revolutionizing for health care, financial systems, scientific research, and society SEATTLE

  3. The Rise of Cloud Computing • The promise of the Cloud – ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. NIST Cloud Definition SEATTLE

  4. The Rise of Cloud Computing • The promise of the Cloud – ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. NIST Cloud Definition SEATTLE

  5. The Rise of Cloud Computing • The promise of the Cloud – ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. NIST Cloud Definition • How can we exploit the network for forensics, evidence, and accountability? – Public clouds: Bandwidth, availability – Private and hybrid clouds: exfiltration of data (covert channels)

  6. Goal Understand how to use the network to forensically account for and measure service level agreements in cloud How to detect and/or prevent exfiltration of data from (private) clouds 6/14/2013 SoNIC DARPA MRC 2013 6

  7. Forensic Evidence via network interpacket delay • Interpacket delay Application IPG Transport Packet i Packet i+1 Network IPD Data Link • Important metric for network forensic evidence Physical – Can be improved with access to the PHY Increasing Detecting Packet Capture Packet Throughput timing channel Generation Estimating Characterization bandwidth 6/14/2013 SoNIC NSDI 2013 7

  8. Forensic Evidence via network interpacket delay • Valuable information: Idle characters Application IPG Transport Packet i Packet i+1 Network IPD Data Link – Can provide precise timing base for control Physical • Each bit is ~97 ps wide 6/14/2013 SoNIC NSDI 2013 8

  9. Forensic Evidence via network interpacket delay • Valuable information: Idle characters Application 12 /I/s = 100bits = 9.7ns IPG Transport Packet i Packet i+1 Network One Idle character Data Link – Can provide precise timing base for control (/I/) = 7~8 bits Physical • Each bit is ~97 ps wide Detecting Packet Capture Packet timing channel Generation Estimating Characterization bandwidth 6/14/2013 SoNIC NSDI 2013 9

  10. Forensic Evidence via network interpacket delay • Valuable information in PHY: Idle characters Application IPG Transport Packet i Packet i+1 Network • Issue1: The PHY is simply a black box Data Link – No interface from NIC or OS Physical – Valuable information is invisible (discarded) Packet i Packet i Packet i+1 Packet i+1 Packet i+2 Packet i+2 Packet i Packet i Packet i+1 Packet i+1 Packet i+2 Packet i+2 • Issue2: Limited access to hardware . 6/14/2013 SoNIC DARPA MRC 2013 10

  11. Forensic Evidence via network interpacket delay • Goal: Control every bit in software in realtime Application IPG Transport Packet i Packet i+1 Network IPD Data Link – Enable research on PHY covert challenge Physical • Challenge – Requires unprecedented software access to the PHY 6/14/2013 SoNIC DARPA MRC 2013 11

  12. SoNIC: Software-defined Network Interface Card • Implements the PHY in software Application IPG Transport Packet i Packet i+1 Network IPD Data Link – Enabling control and access to every bit in realtime Physical – With commodity components – Thus, enabling novel network research SoNIC: Precise Realtime Software Access and Control of Wired Networks, Ki Suh Lee, Han Wang and Hakim Weatherspoon, Appears in NSDI, April 2013 6/14/2013 SoNIC DARPA MRC 2013 12

  13. Outline • Introduction • Examples of Forensic Evidence – Available bandwidth estimation – PHY Covert Timing Channel • SoNIC: Software-defined Network Interface Card • Concluding Remarks 6/14/2013 SoNIC DARPA MRC 2013 13

  14. SoNIC 6/14/2013 SoNIC DARPA MRC 2013 14

  15. Forensic Evidence: Bandwidth Estimation • Estimate available bandwidth – Traffic sent, packet trains: Packet Interpacket gap – Traffic received after going through bottleneck: • Accurate available bandwidth estimation requires PHY • Inter-packet gaps are invisible to higher layers, but not SoNIC 6/14/2013 SoNIC 15

  16. Outline • Introduction • Examples of Forensic Evidence – Available bandwidth estimation – PHY Covert Timing Channel • SoNIC: Software-defined Network Interface Card • Concluding Remarks 6/14/2013 SoNIC DARPA MRC 2013 16

  17. Forensic Evidence: Covert Timing Channel • Embedding signals into interpacket gaps. – Large gap: ‘1’ Packet i Packet i+1 – Small gap: ‘0’ Packet i Packet i+1 • Covert timing channel by modulating IPGs at 100ns • Overt channel at 3 Gbps • Covert channel at 250 kbps • Over 4-hops with < 1% BER 6/14/2013 SoNIC DARPA MRC 2013 17

  18. Forensic Evidence: Covert Timing Channel • Modulating IPGs at 100ns scale (=128 /I/s), over 4 hops 3562 /I/s 1� 1� 1� 1� SoNIC� SoNIC� Kernel� 3562 - 128 /I/s 0.8� 0.8� 0.8� 0.8� 3562 + 128 /I/s BER = 0.37% CDF 0.6� 0.6� 0.6� 0.6� 0.4� 0.4� 0.4� 0.4� 0.2� 0.2� 0.2� 0.2� ‘1’ ‘0’ 0� 0� 0� 0� 500� 500� 500� 500� 1500� 1500� 1500� 1500� 2500� 2500� 2500� 2500� 3500� 3500� 3500� 3500� 4500� 4500� 4500� 4500� Interpacket delays ( ns ) ‘1’: 3562 + 128 /I/ s ‘1’: 3562 + a /I/ s ‘0’: 3562 – 128 /I/s ‘0’: 3562 – a /I/s 6/14/2013 SoNIC DARPA MRC 2013 18

  19. Forensic Evidence: Covert Timing Channel • Prevent Covert Timing Channels? 3562 /I/s 1� 0.8� CDF 0.6� 0.4� 0.2� 0� 500� 1500� 2500� 3500� 4500� Interpacket delays ( ns ) 6/14/2013 SoNIC DARPA MRC 2013 19

  20. Forensic Evidence: Covert Timing Channel • Router/ Switch Signatures • Different Routers and switches have different response function. • Improve simulation model of switches and routers. • Detect switch and router model in real network. 1 1 1 0.1 0.1 0.1 0.01 0.01 0.01 Frequency (normalized) Frequency (normalized) Frequency (normalized) 0.001 0.001 0.001 0.0001 0.0001 0.0001 1e-05 1e-05 1e-05 1e-06 1e-06 1e-06 0 5000 10000 15000 20000 0 5000 10000 15000 20000 0 5000 10000 15000 20000 Interpacket gap (bits) Interpacket gap (bits) Interpacket gap (bits) Cisco 4948 Cisco 6509 IBM BNT G8264R 1500 byte packets @ 6Gbps 6/14/2013 SoNIC DARPA MRC 2013 20

  21. Outline • Introduction • Demo: PHY Covert Timing Channel • SoNIC: Software-defined Network Interface Card • Concluding Remarks 6/14/2013 SoNIC DARPA MRC 2013 21

  22. 10GbE Network Stack Application Data Transport L3 Hdr Data Network L2 Hdr L3 Hdr Data Data Link Preamble Eth Hdr L2 Hdr L3 Hdr Data CRC Gap Physical Idle characters (/I/) 64 bit 2 bit syncheader 10.3125 Gigabits 64/66b PCS /S/ /S/ /D/ /D/ /D/ /D/ /D/ /D/ /D/ /D/ /T/ /T/ /E/ /E/ Encode Encode Decode 16 bit Scrambler Scrambler Descrambler Gearbox Gearbox Blocksync PMA PMA 011010010110100101101001011010010110100101101001011010010110100101101 PMD 6/14/2013 SoNIC DARPA MRC 2013 22

  23. 10GbE Network Stack Application Data Transport L3 Hdr Data Packet i Packet i+1 SW Network L2 Hdr L3 Hdr Data Data Link Preamble Eth Hdr L2 Hdr L3 Hdr Data CRC Gap Physical HW 64/66b PCS /S/ /D/ /D/ /D/ /D/ /T/ /E/ Encode Encode Decode Packet i Packet i+1 Scrambler Scrambler Descrambler Gearbox Gearbox Blocksync PMA PMA 011010010110100101101001011010010110100101101001011010010110100101101 PMD Commodity NIC 6/14/2013 SoNIC DARPA MRC 2013 23

  24. 10GbE Network Stack Application Application Data SW Transport Transport L3 Hdr Data Network Network L2 Hdr L3 Hdr Data HW Data Link Data Link Preamble Eth Hdr L2 Hdr L3 Hdr Data CRC Gap Physical Physical 64/66b PCS 64/66b PCS /S/ Packet i /D/ /D/ Packet i+1 /D/ /D/ /T/ /E/ Encode Encode Decode Encode Encode Decode SW Scrambler Scrambler Descrambler Scrambler Scrambler Descrambler Gearbox Gearbox Blocksync Gearbox Gearbox Blocksync HW PMA PMA PMA PMA 011010010110100101101001011010010110100101101001011010010110100101101 PMD PMD SoNIC NetFPGA 6/14/2013 SoNIC DARPA MRC 2013 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GTFS-realtime What is GTFS-realtime GTFS-realtime is an extension of the General Transit Feed

GTFS-realtime What is GTFS-realtime GTFS-realtime is an extension of the General Transit Feed

GTFS-realtime What is GTFS-realtime GTFS-realtime is an extension of the General Transit Feed Specification( GTFS ) that gives public transportation agencies the capability to provide realtime updates about their fleet. Feed Types There are

521 views • 35 slides
Precise Documentation: The Key To Better Software David Lorge Parnas Abstract The prime cause of

Precise Documentation: The Key To Better Software David Lorge Parnas Abstract The prime cause of

Middle Road Software, Inc. Precise Documentation: The Key To Better Software David Lorge Parnas Abstract The prime cause of the sorry state of the art in software development is our failure to produce good design documentation. Poor

627 views • 58 slides
aicas technology brief New Standards for Software in Aviation Realtime Java Technology in

aicas technology brief New Standards for Software in Aviation Realtime Java Technology in

aicas technology brief New Standards for Software in Aviation Realtime Java Technology in Avionics Systems Dr. James J. Hunt CEO, aicas JTRES 2010, Prague DO-178B Verification System Requirements Development High-Level Requirements

432 views • 40 slides
Generating Precise Dependencies for Large Software Pei Wang, Jinqiu Yang, Lin Tan University of

Generating Precise Dependencies for Large Software Pei Wang, Jinqiu Yang, Lin Tan University of

Generating Precise Dependencies for Large Software Generating Precise Dependencies for Large Software Pei Wang, Jinqiu Yang, Lin Tan University of Waterloo Robert Kroeger, David Morgenthaler Google Inc. P. Wang (UWaterloo) 1 / 13 Generating

318 views • 12 slides
Realtime Hair Rendering Erik Sintorn - erik.sintorn@chalmers.se State of the art (realtime) In

Realtime Hair Rendering Erik Sintorn - erik.sintorn@chalmers.se State of the art (realtime) In

Realtime Hair Rendering Erik Sintorn - erik.sintorn@chalmers.se State of the art (realtime) In recent games In recent research State of the art (realtime) A few hundred Half a million individual line textured polygons segments What makes

636 views • 51 slides
Optimal Prices in the Towards a Precise . . . Towards a Precise . . . Presence of Discounts:

Optimal Prices in the Towards a Precise . . . Towards a Precise . . . Presence of Discounts:

Practical Situation: . . . How to Describe . . . Formulation of the . . . Optimal Prices in the Towards a Precise . . . Towards a Precise . . . Presence of Discounts: Precise Optimization . . . A New Economic Main result Proof: Part I

449 views • 12 slides
When Hard Realtime Matters: Software for Complex Mechatronic Systems Berthold Buml and Gerd

When Hard Realtime Matters: Software for Complex Mechatronic Systems Berthold Buml and Gerd

When Hard Realtime Matters: Software for Complex Mechatronic Systems Berthold Buml and Gerd Hirzinger Institute of Robotics and Mechatronics DLR German Aerospace Center berthold.baeuml@dlr.de Dokumentname &gt; 23.11.2004 Mechatronic

849 views • 25 slides
FRET: FOG COMPUTING FOR REALTIME EXOTIC TRADES 1 FRET: FOG COMPUTING FOR REALTIME EXOTIC

FRET: FOG COMPUTING FOR REALTIME EXOTIC TRADES 1 FRET: FOG COMPUTING FOR REALTIME EXOTIC

FAISAL HABIB CSC 2228 PROJECT PRESENTATION DECEMBER 4, 2019 FRET: FOG COMPUTING FOR REALTIME EXOTIC TRADES 1 FRET: FOG COMPUTING FOR REALTIME EXOTIC TRADES INTRODUCTION Quick Overview of Financial Instruments Problem Description

262 views • 12 slides
Operational Semantics This course Why semantics? y := 1; precise specification of software

Operational Semantics This course Why semantics? y := 1; precise specification of software

Operational Semantics This course Why semantics? y := 1; precise specification of software and while ( x = 1) do ( y := x y ; x := x 1) hardware First we assign 1 to y , then we test whether facilitate reasoning about systems:

355 views • 10 slides
Realtime Water Simulation Benjamin Harry CS148 Final Project Project Goal Create a realtime

Realtime Water Simulation Benjamin Harry CS148 Final Project Project Goal Create a realtime

Realtime Water Simulation Benjamin Harry CS148 Final Project Project Goal Create a realtime water simulation that exhibits characteristics of a real body of water. Generate believable waves in realtime Light reflection and transmission

179 views • 14 slides
Precise Performance LTD Jake Yarranton jake@precise-performance.co.uk 07468 465754 Precise

Precise Performance LTD Jake Yarranton jake@precise-performance.co.uk 07468 465754 Precise

Precise Performance LTD Jake Yarranton jake@precise-performance.co.uk 07468 465754 Precise Performance LTD Independent Bike fitting and coaching specialists Our main focus is to help cyclists of every ability improve Experts in

388 views • 15 slides
Realtime Data Processing at Facebook Abhay Venkatesh Actionable reports Why e.g. Chorus:

Realtime Data Processing at Facebook Abhay Venkatesh Actionable reports Why e.g. Chorus:

Realtime Data Processing at Facebook Abhay Venkatesh Actionable reports Why e.g. Chorus: what is trending right now? Realtime monitoring Streaming at e.g. dashboard queries Facebook? Hybrid realtime-batch pipelines e.g.

301 views • 18 slides
Equinox: A C++11 platform for realtime SDR applications Equinox: A C++11 platform for realtime SDR

Equinox: A C++11 platform for realtime SDR applications Equinox: A C++11 platform for realtime SDR

Equinox: A C++11 platform for realtime SDR applications Equinox: A C++11 platform for realtime SDR applications GSA 2019 Manolis Surligas surligas@csd.uoc.gr Computer Science Department, University of Crete Equinox Equinox is a C++11

422 views • 14 slides
Equinox: A C++11 platform for realtime SDR applications FOSDEM 2019 Manolis Surligas

Equinox: A C++11 platform for realtime SDR applications FOSDEM 2019 Manolis Surligas

Equinox: A C++11 platform for realtime SDR applications FOSDEM 2019 Manolis Surligas surligas@csd.uoc.gr Libre Space Foundation &amp; Computer Science Department, University of Crete Introduction Software Radio Platforms Every SDR needs a

391 views • 28 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot &amp; CNRS VTSA 2015 1 / 149 Outline Introduction 1 Formal

861 views • 68 slides
CONFIDENTIAL Precise approximation of Floating-Point Computations for C/C++ Software Using the

CONFIDENTIAL Precise approximation of Floating-Point Computations for C/C++ Software Using the

CONFIDENTIAL Precise approximation of Floating-Point Computations for C/C++ Software Using the Mathematical Libraries Roberto Bagnara (BUGSENG, UNIPR) Michele Chiari (UNIPR, BUGSENG, POLIMI) Roberta Gori (UNIPI), Abramo Bagnara (BUGSENG)

842 views • 37 slides
COMPGA11: Research in Information Security Steven Murdoch University College London based

COMPGA11: Research in Information Security Steven Murdoch University College London based

COMPGA11: Research in Information Security Steven Murdoch University College London based on a course by Tony Morton Term 2 2014/15 Course summary To develop an understanding of what research in information security is about,

460 views • 24 slides
ARM Platform NAIWEI LIU, WANYU ZANG, MENG YU, RAVI SANDHU UTSA ICS LAB; ROOSEVELT UNIVERSITY

ARM Platform NAIWEI LIU, WANYU ZANG, MENG YU, RAVI SANDHU UTSA ICS LAB; ROOSEVELT UNIVERSITY

On the Cost-Effectiveness of TrustZone Defense on ARM Platform NAIWEI LIU, WANYU ZANG, MENG YU, RAVI SANDHU UTSA ICS LAB; ROOSEVELT UNIVERSITY Contents Abstract and Introduction Related Work Cache-Based Security Threats and Attack

618 views • 25 slides
New methods for controlling timing channels Andrew Myers Cornell University (with Danfeng

New methods for controlling timing channels Andrew Myers Cornell University (with Danfeng

New methods for controlling timing channels Andrew Myers Cornell University (with Danfeng Zhang, Aslan Askarov) Timing channels e adversary can learn (a lot) from timing measurements. Known to exist Hard to detect Hard to prevent

639 views • 40 slides
A new categorization system for side-channel attacks on mobile devices &amp; more Veelasha

A new categorization system for side-channel attacks on mobile devices &amp; more Veelasha

A new categorization system for side-channel attacks on mobile devices &amp; more Veelasha Moonsamy Radboud University, The Netherlands 06 February 2017 University of Adelaide, Australia Radboud University, Nijmegen, NL 2 Digital Security

759 views • 55 slides
Wi-Fi Advanced Stealth Laurent BUTTI and Franck VEYSSET hack.lu, Luxembourg October 19-21,

Wi-Fi Advanced Stealth Laurent BUTTI and Franck VEYSSET hack.lu, Luxembourg October 19-21,

Wi-Fi Advanced Stealth Laurent BUTTI and Franck VEYSSET hack.lu, Luxembourg October 19-21, 2006 firstname[dot]lastname[AT]francetelecom[dot]com Who Are We? Network security geeks (?) in R&amp;D labs Working for France Telecom -

610 views • 35 slides
Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure,

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure,

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure, quipe Abstraction Mehdi Bouaziz Friday, May 11 2012 Static Analysis of Security Properties by Abstract Interpretation Mehdi Bouaziz, cole normale

839 views • 29 slides
Comprehensive Primary Care Program Participation in Oregon August 25, 2020 Lisa Miller, MPH,

Comprehensive Primary Care Program Participation in Oregon August 25, 2020 Lisa Miller, MPH,

Analyzing the Impact of Comprehensive Primary Care Program Participation in Oregon August 25, 2020 Lisa Miller, MPH, CPH, CPHQ LMiller@Comagine.org Comagine Health, formerly Oregon Health Care Quality Corporation, Qualis Health and

393 views • 15 slides
Crime, Policing and Citizenship (CPC) - Space-Time Interactions of Dynamic Network Tao

Crime, Policing and Citizenship (CPC) - Space-Time Interactions of Dynamic Network Tao

Crime, Policing and Citizenship (CPC) - Space-Time Interactions of Dynamic Network Tao Cheng + CPC Team {tao.cheng@ucl.ac.uk} Department of Civil, Environmental &amp; Geoma@c

610 views • 14 slides

More recommend