Project Start Date
Project End Date

Abstract

Originally, the Internet was designed to enable applications to communicate directly with one another without their data being tampered with. This is called the end-to-end principle [1]. However, network elements such as firewalls, proxies, and load balancers have violated this principle for various valid reasons such as security, performance, interoperability, and policy [2]. These elements, also known as "middleboxes" [3] have advantages, but also several problems and shortcomings. For example, they can interfere with end-to-end encryption [4], introduce new vulnerabilities [5] and limit internet’s evolution [6]. While various approaches have been created to address these middleboxes issues [7-9], many have limitations that hinder their effectiveness and adoption. For example, some methods are too complex and difficult to manage and scale [10], while others are no longer maintained for security reasons [11].
Therefore, new approaches are needed to address these challenges and provide a more efficient, scalable, secure and general solution. To this end, we are currently developing a modular, simple and scalable state machine-based language and dedicated architecture to detect, identify, locate, and pinpoint vulnerabilities in the configuration or implementation of these components [12]. However, before deploying this framework, we need to design and create various test cases that can be integrated into it.

Netalyzr [11], a Java-based network debugging tool, proved particularly useful in diagnosing problems with network middleboxes. This software provided a comprehensive suite of tests covering a wide range of network properties, including DNS resolution and HTTP connectivity. Although Netalyzr is no longer available, the tests it implemented are still relevant today. We are therefore looking for a student interested in using our proposed framework to recreate the test scenarios that were already present in Netalyzr. By creating these tests and integrating them into our framework, the student would greatly help us taking a step towards a better and more complete tool. This work would not only benefit us, as it would provide an excellent opportunity for the student to gain hands-on experience with computer networks. It would also allow them to gain knowledge and a deeper understanding of the challenges associated with the various transparent elements of computer networks that we use today.

References

  • [1] Saltzer, Jerome H., David P. Reed, and David D. Clark. "End-to-end arguments in system design." ACM Transactions on Computer Systems (TOCS) 2.4 (1984): 277-288.
  • [2] Edeline, Korian, and Benoit Donnet. "Towards a middlebox policy taxonomy: Path impairments." 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE, 2015.
  • [3] Carpenter, Brian, and Scott Brim. Middleboxes: Taxonomy and issues. No. rfc3234. 2002.
  • [4] O'Neill, Mark, et al. "TLS proxies: Friend or foe?." Proceedings of the 2016 Internet Measurement Conference. 2016.
  • [5] Jabiyev, Bahruz, et al. "T-reqs: HTTP request smuggling with differential fuzzing." Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 2021.