Welcome at the technical session track of SANE 2006 !

Still a surprise... We're aiming at a timely topic, that will be along the lines of professor Ed Felten's current activities with his Freedom to Tinker blog.

Unix and the corresponding philosophy continue to support a vibrant community of software, network, and scientific researchers, and is a powerful force in the commercial world. But in the area of security, despite numerous experiments, widespread deployment of better security has all but stopped.

Traditional software network interfaces in Linux do not deliver satisfactory real-time performance. Hence alternative efficient real-time interfaces are required in network monitoring, distributed systems, real-time networking and remote data acquisition applications. Designing such a software network interface is not trivial.

A PC based software network intrusion detection application is studied as an example. Poor throughput and real-time performance of traditional interfaces or their enhanced versions can cause packet skipping and other non-obvious synchronization related failures, which may make the detector ineffective. The effectiveness of the detector can be enhanced by improving its packet capturing and dispatching interface. We achieve this by using an efficient real-time software interface for a PCI Ethernet card.

This paper describes the design and implementation details of this interface and its deployment for Linux based network intrusion detection sensors. The nuances of the system design for high speed packet capturing are discussed and the advantages of the proposed design are demonstrated. This mechanism outperforms existing packet capturing solutions - NAPI, PFRING and Linux kernel under heavy network load in terms of higher load bearing capacity, packet capturing capacity and superior real-time behavior.

Spoofing of domain names and poisoning of caches continues to be a favored mode of attack in both local nets and across the global Internet. The DNS Security protocol (DNSSEC) is intended to improve protection against these attacks. The protocol was published a year ago (RFCs 4033, 4034, 4035) and deployment is in the early stages. The deployment process is rather more interesting than most deployments because its intertwined with both chicken-and-egg issues and a few political issues.

In this talk I will outline the main pieces of the road map for deployment of DNSSEC and offer an assessment of both the bottlenecks and opportunities for early deployment. One of the most important indicators of progress is the signing of the root zone and the signing of the top level domains. Sweden signed its top-level domain a few months ago. .COM, .NET and .ORG are running test beds. Signing of the root zone is getting considerable attention and I will give an update on the progress there. And tools are beginning to emerge...

These days voice over IP (VoIP) is quite popular as it is a cost effective ay to reduce telephony costs using the Internet. Although many projects are focusing on developing tools and solutions for building the voice infrastructure, there is very little available in terms of tools and metrics for measuring the impact of VoIP on a network.

This paper describes the design and implementation of open source tools for detecting and measuring VoIP traffic based on both standard and proprietary protocols.

For the past fours years (or more) I've been working on improving the state of wireless networking support in the open source community. These efforts have affected all the groups, either directly--by providing new software, or indirectly--by enabling access to new wireless technology. Along the way there have been twists and turns as some groups have leveraged this work while others have not.

This talk will describe the efforts to bring state of the art wireless networking support to the open source community and review the good, the bad, and the ugly that have happened along the way.

Westhawk has designed and implemented a Java based web-applet that acts as a soft-phone for the Asterisk Open-Source PBX. This paper describes the difficulties (many) and compromises (few) that were encountered in the development process. Most of these problems related to the security, networking or threading requirements of hosting the application in a browser.

Our aim in presenting this paper at SANE is to assist systems and network professionals in their discussions with developers about what is possible vs what is acceptable in a secure, portable, low maintenance but compelling web based application.

The Linux kernel development model is unique compared to other Open source Projects. This talk will explore how it has changed over the years, why those changes were made, and the strengths and weaknesses of our current approach. In addition, this talk will also give a broad-eyed view of recent changes to the kernel and the general direction of future development in the Linux kernel.

Universal Plug and Play (UPnP) is becoming an omnipresent technology and support for it is being added to more and more routers, gateways and DSL modems. Chat clients (MSN Messenger), networked games and gaming networks (X-Box Live and others) depend on UPnP to work correctly. Up until now, there haven't been any real problems with UPnP, except for the occasional buffer overflow. UPnP seems to be working just fine. But it's not! The protocol is unclear and flawed by design and many implementations have security holes you can drive a truck through, leaving your network open to a variety of interesting attacks.

After this lecture you will understand what's wrong with UPnP and why you want to turn it off on your networked devices.

Many countries are currently developing a biometric passport with a chip that contains fingerprints and a facial scan of the passport holder. The regulations and technology involved will be discussed and reviewed in this talk, including the relevant protocols for authentication and secure transmission.

The speaker is member of an expert panel on biometry of the ministry of internal affairs of the Netherlands. In that context his research group at Nijmegen has received a test version of the new passport and has developed terminal-side software to communicate with the chipcard.

For general audience, no required skills.

We present the design, implementation and evaluation of a fully open-source, production-quality load-sharing and highly available system, to address the problem of offering continously available and reliable Internet services.

The proposed architecture is built on top of established open-source technologies, like the FreeBSD Operating System, the Packet Filter (PF), the Common Address Redundancy Protocol (CARP) and Python. Our solution is complemented with a comprehensive and highly configurable administration shell that coordinates the function of the underlying system.

This talk will provide a current overview and status of the $100 laptop project.
Its context, history, motivations, goals and challenges will provide a framework for better understanding the various management and engineering decisions up to the talk's point in time along with a general high level description of the laptop's technology. Although to its principals the $100 laptop is mainly an educational project, deploying millions of those will also have far reaching implications for the computing and communications industries. An attempt will be made to identify and discuss them.

This talk assumes an audience with general background - no special skills required.

As it is proven by practice, load balancing techniques are the only tool that network service provider have, in order to support and handle scalable network load. This paper presents PEGASUS, a novel framework that provides load balancing in network services transparently, using a competitive scheduling algorithm.

PEGASUS is designed upon the inetd superserver, thus providing a easy to configure, yet efficient infrastructure. Our proposed architecture is based on well known user space tools. The prototype implementation is using inetd as the basis application. Using inetd we provide a simple scheme for service categorization, using tcp/ip network ports. The scheduling algorithm that our system proposes is competitive. The paper concludes with a comparison of PEGASUS and other well known similar infrastructures.

After working in a corporate environment for many years, the one deciding factor in the survivability of text processing software appears to be whether the tool used was free open source or a closed source, binary only, commercial only product. Stuck with presentations and other documents in now unreadable or unconvertable formats, we need to look for ways to escape the trap of "closed" solutions as open solutions from the same era didn't suffer the same faith. We show how Open Source offers more than just "free software"; it offers better continuity and increased data preservation. If Darwinist evolution could be applied to software, open source software would be considered fitter and more likely to survive.

In this paper, we discuss a global name space for NFSv4 and mechanisms for transparent migration and replication. By convention, any file or directory name beginning with /nfs on an NFS client is part of this shared global name space. Our system supports file system migration and replication through DNS resolution, provides directory migration and replication using built-in NFSv4 mechanisms, and supports read/write replication with precise consistency guarantees, small performance penalty, and good scaling.

We implement these features with small extensions to the published NFSv4 protocol, and demonstrate a practical way to enhance network transparency and administerability of NFSv4 in wide area networks.

Drawing on 15 years of investment in analyzing various types of Internet data (workload, topology, routing, and performance), Dr. Claffy describes what we have learned, and what we have failed to learn from Internet measurement. She will discuss how to best apply both (the learnings and the failures) to future cyberinfrastructure research and development, and outline some assumptions about the current architecture that we still need to investigate with more rigorous underpinnings. She will cover background on the historical context of funding for Internet research and development, and articulate the set of most paramount and pervasive weaknesses in the current infrastructure. She will also argue that technological and political forces will inevitably demand a re-evaluation of the fundamental aspects of Internet architecture, engineering, and governance.

An overview of the MySQL Cluster architecture, what's different about it and what problems it can be used to solve. We'll be looking at how High Availability is achieved as well as setup considerations regarding performance. Basic use will also be covered, from setup (including schema considerations) to new (and exciting!) features in the 5.0 and 5.1 releases.

Information security threats are constantly advancing, adapting, and evolving, so to are honeypots. This technical presentation will cover the latest tools in the world of honeypots, including honeynets, client honeypots, and distributed deployments. We will not only discuss the value and concepts of these tools, but how they work at a technical level. In addition, we will cover what we have learned about threats, including trends over the past several years, some of the latest threats we have captured, and where we think the future lies.

In this paper we discuss the methods and tools used by the Systems Development and Support team at Oxford University Computing Services to manage the installation and configuration of more than 60 Debian GNU/Linux servers, ensuring that these systems are in a consistent and reproducible state. We also give a brief overview of some of the existing software for configuration management and discuss the rationale and evolution of the system currently in use at Oxford. This consists of three tiers, treating generation, distribution, and installation of configuration files as independent processes.

Our toolkit is built from familiar free software components: Template Toolkit for configuration file generation; Subversion for revision control; rsync for file distribution; Perl for scripting; YAML for data serialisation. We introduce each of these technologies and describe how they fit together to provide a modular and flexible system for managing configuration files.

This talk describes a design that provides data storage with high availability, protection against unauthorized disclosure, and the ability to expunge the data in a way that makes it unrecoverable. The obvious approach, of course, is to encrypt the data on nonvolatile storage, and then destroy keys at the appropriate times. But then there is the difficulty of managing the keys. This design minimizes that difficulty, and allows minimal trust in stable storage and key management, so that these functions can be outsourced. Although parts of the talk are technically deep, anyone should be able to understand the characteristics of this system. The target audience is anyone who might use or implement such a system.

Java is a strong player in the application server market and thus the performance of its virtual machine is an important aspect of a server's performance. One of the components that affect performance of a JVM is the memory manager, which also includes the garbage collector. Modern virtual machines offer a multitude of options for tuning the memory manager, which can have a significant impact on server application performance.

This paper examines the structure and performance of garbage collector implementations for the most popular JVMs. We first provide a brief overview of how memory management works in Java and then proceed to present timing options based on the results of benchmarks, both readily available and tailor made, executed using open source server applications. We employ server-class dual-processor 64-bit hardware configured with 8GB of RAM and a switching network of workstations to perform the tests. We study the effect of garbage collection tuning and present the best configurations for common workload patterns.

We're drowning under a wave of data and don't even know it yet. With large disks being so much cheaper than time it is very tempting to buy more disk instead of cleaning up and sorting old data. As data space expands we will start losing track of - and thus losing - our data. Archival backups add complexity to this already confusing situation then toss in security and availability for some spice. Where is this going and how can we handle it in the face of millions of gigabytes of 'old cruft'?

We need to pay attention as data is generated, collected, collated and organized to make sure we can find it again. Librarians have been dealing with data classification and organization for thousands of years. We can learn a few things from them.

Despite constant advances in hardware performance, the time it takes to log in to GNOME has not improved much in recent years. This work examines the causes of slow startup time using a combination of existing and ad-hoc tools and evaluates possible solutions.

The analysis shows that GNOME startup time is I/O bound and dominated by disk seeks, and that there is much room for improvement: proof-of-concept modifications made to GNOME code and to system code resulted in a more than 30% reduction in startup time.

The work also shows how trivial modifications to the dynamic linker to load libraries from disk sequentially instead of faulting them into memory can bring a relatively large benefit in application startup time.

The GNU General Public License (GPL) invented the concept of Copyleft and is the most popular Free Software license today. After many highly successful years for version 2, the GPL is currently being overhauled to meet the needs of the next decade.

The presentation will give an introduction to version 3, the changes made, their reasoning and how to participate in the process to make sure GPLv3 will be the best GPL we can collectively create.

A spectre is haunting IT-security -- the spectre of hash function cryptanalysis. A lot of actual results show that all widely used hash functions (MD4,MD5,SHA,SHA-1) are broken in a cryptographic sense.

Even worse because of some internal design properties even practical attacks against MD*-based hash functions security systems could be shown. In this paper we discuss the cryptographic status and some first-aid workarounds. We also show the impossibility to establish a "Trusted" infrastructure based on a untrustable cryptographic function.

Radio Frequency Identification (RFID) is the latest phase in the decades-old trend of the miniaturization of computers. RFID transponders are tiny resource-limited computers that do not have a battery that needs periodic replacement. RFID tags are inductively powered by their external reading devices, called RFID readers. Once the RFID tag is activated, the tag decodes the incoming query and produces an appropriate response by using the energy of the incoming radio wave to power the chip long enough to respond. RFID tags can do a limited amount of processing, and have a small amount (<1024 bits) of storage.

Although RFID tags are useful for a huge variety of applications, this talk will focus on the security implications of RFID tags for Sysadmins.

The GNU General Public License (GPL) invented the concept of Copyleft and is the most popular Free Software license today. After many highly successful years for version 2, the GPL is currently being overhauled to meet the needs of the next decade.

The presentation will give an introduction to version 3, the changes made, their reasoning and how to participate in the process to make sure GPLv3 will be the best GPL we can collectively create.