An extensible probe architecture for network protocol performance measurement
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
BLT: Bi-layer tracing of HTTP and TCP&slash;IP
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Deriving traffic demands for operational IP networks: methodology and experience
IEEE/ACM Transactions on Networking (TON)
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Charging from sampled network usage
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
On the design and performance of prefix-preserving IP traffic trace anonymization
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
The Packet Vault: Secure Storage of Network Data
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Proceedings of the workshop on virtual computer systems
A high-level programming environment for packet trace anonymization and transformation
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Sharing and caching characteristics of internet content
Sharing and caching characteristics of internet content
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Implementing an untrusted operating system on trusted hardware
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
An analysis of internet content delivery systems
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
The devil and packet trace anonymization
ACM SIGCOMM Computer Communication Review
Automatically Generating Malicious Disks using Symbolic Execution
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Virtual machines, virtual security?
Communications of the ACM
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Robust TCP stream reassembly in the presence of adversaries
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Organization-based analysis of web-object sharing and caching
USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
Reval: a tool for real-time evaluation of DDoS mitigation strategies
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Issues and etiquette concerning use of shared measurement data
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Prototyping an armored data vault rights management on Big Brother's computer
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Finding peer-to-peer file-sharing using coarse network behaviors
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
BTWorld: towards observing the global BitTorrent file-sharing network
Proceedings of the 19th ACM International Symposium on High Performance Distributed Computing
Challenges in experimenting with botnet detection systems
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Delusional boot: securing hypervisors without massive re-engineering
Proceedings of the 7th ACM european conference on Computer Systems
Policy-sealed data: a new abstraction for building trusted cloud services
Security'12 Proceedings of the 21st USENIX conference on Security symposium
NetSlices: scalable multi-core packet processing in user-space
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
Hi-index | 0.00 |
ISPs are increasingly reluctant to collect and store raw network traces because they can be used to compromise their customers' privacy. Anonymization techniques mitigate this concern by protecting sensitive information. Trace anonymization can be performed offline (at a later time) or online (at collection time). Offline anonymization suffers from privacy problems because raw traces must be stored on disk - until the traces are deleted, there is the potential for accidental leaks or exposure by subpoenas. Online anonymization drastically reduces privacy risks but complicates software engineering efforts because trace processing and anonymization must be performed at line speed. This paper presents Bunker, a network tracing system that combines the software development benefits of offline anonymization with the privacy benefits of online anonymization. Bunker uses virtualization, encryption, and restricted I/O interfaces to protect the raw network traces and the tracing software, exporting only an anonymized trace. We present the design and implementation of Bunker, evaluate its security properties, and show its ease of use for developing a complex network tracing application.