Building a Better Tor Experimentation Platform from the Magic of Dynamic ELFs
Full recordShow full item record
AbstractTor is the most popular tool for providing online anonymity. It is used by journalists, activists, and privacy-conscious individuals to provide low-latency private access to the Internet. However, Tor’s specific design and implementation is constantly changing to improve the performance and privacy properties it seeks to provide. To test these improvements, some form of experimentation is needed. Running experiments directly on the real Tor network is often not a viable option. The users of Tor are using it presumably because of its privacy protections, and caution must be taken to avoid recording or revealing information from non-consenting parties, particularly when dealing with shortcomings in Tor’s privacy protections or using new, untested versions of Tor. Because of the need for reproducible experiments and the aforementioned ethical requirements surrounding Tor experimentation, it is often necessary to use artificially constructed Tor networks.
Several tools are available to construct such networks, such as network emulators like NetMirage, and simulators like Shadow. However, these existing tools do not provide the scalability that would be desirable when running experiments on these networks — with emulators requiring hardware capable of running all hosts in real time simultaneously, and with Shadow (the only maintained network simulator capable of running Tor code) having performance constrained by early design decisions. Since the behavior of a network can change with its size, it is better to use larger networks that more closely resemble the size of the real deployed network. Additionally, the ability to test the functional correctness of a modification to the Tor source code is considerably simpler when there is a means of quickly experimenting on a virtual Tor network to run such tests.
In both of these cases, a higher-performance testing platform is needed. To address this shortcoming, for this thesis we designed and implemented a new model of Tor network simulation, centered around a modified version of the Shadow network simulator, using large numbers of dynamically loaded binaries. This is accomplished by implementing a custom dynamic loader, which we call drow-loader, that allows for dynamically loading more binaries than any other dynamic loader that we are aware of, and with better performance. By using the features of this dynamic loader, we are able to run simulated processes isolated in “namespaces”. This allows for reduced lock contention, simpler process modeling, and the ability to migrate simulated processes between worker threads. Using simulated Tor networks ranging from hundreds to tens of thousands of hosts, we then demonstrate the performance improvements our simulation technique provides over the state of the art.