Análise de eficiência de subsistemas de filtragem e manipulação de pacotes no kernel do Linux
| Main Author: | |
|---|---|
| Publication Date: | 2017 |
| Format: | Bachelor thesis |
| Language: | por |
| Source: | Biblioteca Digital de Teses e Dissertações da UFPB |
| Download full: | https://repositorio.ufpb.br/jspui/handle/123456789/15635 |
Summary: | SeVen, a software developed in the Networking Laboratory of the Federal University of Paraiba, proved to be suitable for application-layer ltering and low-rate attacks, although it was found that the same was not true for ooding attacks. This work aims to analyze the e ciency of subsystems in the Linux kernel for ltering and manipulation of packets and network frames in order to select future base subsystems for the expansion of the software capacity. For this, four subsystems, tc, xdp, and kernel modules were analyzed using the net lter framework and iptables. Both tc and xdp work by using a newly built kernel technology, eBPF, and uses a virtual machine for the safe and efficient execution of programs. During the tests it was observed a superior efficiency in the discarding of packages and frames of the subsystems based on eBPF, which were chosen for the next version of SeVen, while the net lter and iptables subsystems were less efficient and with limitations of complexity for the development. |
| id |
UFPB_50121c474ae2ca8e03aef59ccb9ced5c |
|---|---|
| oai_identifier_str |
oai:repositorio.ufpb.br:123456789/15635 |
| network_acronym_str |
UFPB |
| network_name_str |
Biblioteca Digital de Teses e Dissertações da UFPB |
| repository_id_str |
|
| spelling |
Análise de eficiência de subsistemas de filtragem e manipulação de pacotes no kernel do LinuxSistema operacionalKernelLinuxEBPFXDPCNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAOSeVen, a software developed in the Networking Laboratory of the Federal University of Paraiba, proved to be suitable for application-layer ltering and low-rate attacks, although it was found that the same was not true for ooding attacks. This work aims to analyze the e ciency of subsystems in the Linux kernel for ltering and manipulation of packets and network frames in order to select future base subsystems for the expansion of the software capacity. For this, four subsystems, tc, xdp, and kernel modules were analyzed using the net lter framework and iptables. Both tc and xdp work by using a newly built kernel technology, eBPF, and uses a virtual machine for the safe and efficient execution of programs. During the tests it was observed a superior efficiency in the discarding of packages and frames of the subsystems based on eBPF, which were chosen for the next version of SeVen, while the net lter and iptables subsystems were less efficient and with limitations of complexity for the development.O SeVen, ferramenta desenvolvida no Laboratório de Redes da UFPB, mostrou-se e ciente para filtragem na camada de aplicação e ataques do tipo low-rate, no entanto constatou-se que o mesmo n~ao era verdade para ataques na categoria do tipo ooding. Em busca de aperfeiçoar a ferramenta, este trabalho visa analisar a eficiência de subsistemas no kernel do linux para filtragem e manipulação de pacotes e quadros de rede com o intuito de selecionar futuros subsistemas de base para a ampliação da capacidade da ferramenta. Para isto, foram analisados quatro subsistemas, tc, xdp, módulos do kernel usando o framework net lter e o iptables. Tanto o tc quanto o xdp, funcionam usando uma tecnologia recentemente incorporada ao kernel, o eBPF, e utiliza uma maquina virtual para a execução segura e e ciente dos programas. Durante os testes foi observado uma superior e ficiência no descarte de pacotes e quadros dos subsistemas baseados em eBPF, sendo este os escolhidos para a próxima versão do SeVen, enquanto que os subsistemas net lter e iptables mostraram-se menos e cientes e com limitações de complexidade para o desenvolvimento.Universidade Federal da ParaíbaBrasilInformáticaUFPBFonseca, Iguatemi Eduardo daSampaio, Gustavo Brito2019-09-11T11:46:30Z2017-12-152019-09-11T11:46:30Z2017-12-01info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/bachelorThesishttps://repositorio.ufpb.br/jspui/handle/123456789/15635porAttribution-NoDerivs 3.0 Brazilhttp://creativecommons.org/licenses/by-nd/3.0/br/info:eu-repo/semantics/openAccessreponame:Biblioteca Digital de Teses e Dissertações da UFPBinstname:Universidade Federal da Paraíba (UFPB)instacron:UFPB2019-09-12T06:06:28Zoai:repositorio.ufpb.br:123456789/15635Biblioteca Digital de Teses e Dissertaçõeshttps://repositorio.ufpb.br/PUBhttp://tede.biblioteca.ufpb.br:8080/oai/requestdiretoria@ufpb.br|| bdtd@biblioteca.ufpb.bropendoar:2019-09-12T06:06:28Biblioteca Digital de Teses e Dissertações da UFPB - Universidade Federal da Paraíba (UFPB)false |
| dc.title.none.fl_str_mv |
Análise de eficiência de subsistemas de filtragem e manipulação de pacotes no kernel do Linux |
| title |
Análise de eficiência de subsistemas de filtragem e manipulação de pacotes no kernel do Linux |
| spellingShingle |
Análise de eficiência de subsistemas de filtragem e manipulação de pacotes no kernel do Linux Sampaio, Gustavo Brito Sistema operacional Kernel Linux EBPF XDP CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
| title_short |
Análise de eficiência de subsistemas de filtragem e manipulação de pacotes no kernel do Linux |
| title_full |
Análise de eficiência de subsistemas de filtragem e manipulação de pacotes no kernel do Linux |
| title_fullStr |
Análise de eficiência de subsistemas de filtragem e manipulação de pacotes no kernel do Linux |
| title_full_unstemmed |
Análise de eficiência de subsistemas de filtragem e manipulação de pacotes no kernel do Linux |
| title_sort |
Análise de eficiência de subsistemas de filtragem e manipulação de pacotes no kernel do Linux |
| author |
Sampaio, Gustavo Brito |
| author_facet |
Sampaio, Gustavo Brito |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Fonseca, Iguatemi Eduardo da |
| dc.contributor.author.fl_str_mv |
Sampaio, Gustavo Brito |
| dc.subject.por.fl_str_mv |
Sistema operacional Kernel Linux EBPF XDP CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
| topic |
Sistema operacional Kernel Linux EBPF XDP CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
| description |
SeVen, a software developed in the Networking Laboratory of the Federal University of Paraiba, proved to be suitable for application-layer ltering and low-rate attacks, although it was found that the same was not true for ooding attacks. This work aims to analyze the e ciency of subsystems in the Linux kernel for ltering and manipulation of packets and network frames in order to select future base subsystems for the expansion of the software capacity. For this, four subsystems, tc, xdp, and kernel modules were analyzed using the net lter framework and iptables. Both tc and xdp work by using a newly built kernel technology, eBPF, and uses a virtual machine for the safe and efficient execution of programs. During the tests it was observed a superior efficiency in the discarding of packages and frames of the subsystems based on eBPF, which were chosen for the next version of SeVen, while the net lter and iptables subsystems were less efficient and with limitations of complexity for the development. |
| publishDate |
2017 |
| dc.date.none.fl_str_mv |
2017-12-15 2017-12-01 2019-09-11T11:46:30Z 2019-09-11T11:46:30Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/bachelorThesis |
| format |
bachelorThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
https://repositorio.ufpb.br/jspui/handle/123456789/15635 |
| url |
https://repositorio.ufpb.br/jspui/handle/123456789/15635 |
| dc.language.iso.fl_str_mv |
por |
| language |
por |
| dc.rights.driver.fl_str_mv |
Attribution-NoDerivs 3.0 Brazil http://creativecommons.org/licenses/by-nd/3.0/br/ info:eu-repo/semantics/openAccess |
| rights_invalid_str_mv |
Attribution-NoDerivs 3.0 Brazil http://creativecommons.org/licenses/by-nd/3.0/br/ |
| eu_rights_str_mv |
openAccess |
| dc.publisher.none.fl_str_mv |
Universidade Federal da Paraíba Brasil Informática UFPB |
| publisher.none.fl_str_mv |
Universidade Federal da Paraíba Brasil Informática UFPB |
| dc.source.none.fl_str_mv |
reponame:Biblioteca Digital de Teses e Dissertações da UFPB instname:Universidade Federal da Paraíba (UFPB) instacron:UFPB |
| instname_str |
Universidade Federal da Paraíba (UFPB) |
| instacron_str |
UFPB |
| institution |
UFPB |
| reponame_str |
Biblioteca Digital de Teses e Dissertações da UFPB |
| collection |
Biblioteca Digital de Teses e Dissertações da UFPB |
| repository.name.fl_str_mv |
Biblioteca Digital de Teses e Dissertações da UFPB - Universidade Federal da Paraíba (UFPB) |
| repository.mail.fl_str_mv |
diretoria@ufpb.br|| bdtd@biblioteca.ufpb.br |
| _version_ |
1831313911917314048 |