Wednesday, November 12, 2008

X-Trace

This paper describes the X-Trace network tracing framework, which operates at all protocol layers in concert to obtain comprehensive information about network activity, including causal information as well as propagation of calls from layer to layer. This is done by propagating trace information to each layer and ensuring all trace information is conveyed to some accessible location.

One major goal of the system is to ensure that each domain can control their trace data, which means that although a user may want comprehensive information for the entire life of their application, they may be limited by what each domain conveys. This makes sense from an economic and security standpoint, and I think is a good idea.

The basic way the system works is that each protocol implementation is modified to enable X-Trace tracking. This is highly invasive, but the results make the effort worthwhile in many cases. The degree of modification is different for the different layers and protocols; some become very complicated and I'm not sure they're worth modifying. Still, the information obtained is quite compelling, including causality and the ability to trace from the beginning of a call all the way to the end, through each layer.

One thing that stood out was that the modification of these protocols, basically by interfacing with libraries, does have a security impact. The libraries had better robust against all kinds of attacks; even if the infrastructure itself is safe from attack, the library implementations having a flaw could make *all* protocols vulnerable to a universal attack if a bug is found. However, it may be that the library layers are thin enough that they can be extensively security-audited and ensured to be "safe."

No comments: