Introduction and Overview Socket Programming Lower-level stuff Higher-level interfaces Security. Network Programming. Samuli Sorvakko/Trusteq Oy

Similar documents
Introduction and Overview Socket Programming Lower-level stuff Higher-level interfaces Security. Network Programming. Samuli Sorvakko/Nixu Oy

Introduction and Overview Socket Programming Higher-level interfaces Final thoughts. Network Programming. Samuli Sorvakko/Nixu Oy

Introduction and Overview Socket Programming Higher-level interfaces Final thoughts. Network Programming. Samuli Sorvakko/Nixu Oy

COMMUNICATION PROTOCOLS: REMOTE PROCEDURE CALL (RPC)

Systems software design NETWORK COMMUNICATIONS & RPC SYSTEMS

Socket Programming. CSIS0234A Computer and Communication Networks. Socket Programming in C

ECE 435 Network Engineering Lecture 2

Outline. Distributed Computing Systems. Socket Basics (1 of 2) Socket Basics (2 of 2) 3/28/2014

NETWORK PROGRAMMING. Instructor: Junaid Tariq, Lecturer, Department of Computer Science

Elementary TCP Sockets

Lecture 5: Object Interaction: RMI and RPC

Randall Stewart, Cisco Systems Phill Conrad, University of Delaware

ECE 435 Network Engineering Lecture 2

Hybrid of client-server and P2P. Pure P2P Architecture. App-layer Protocols. Communicating Processes. Transport Service Requirements

Middleware. Adapted from Alonso, Casati, Kuno, Machiraju Web Services Springer 2004

Outline. Distributed Computer Systems. Socket Basics An end-point for a IP network connection. Ports. Sockets and the OS. Transport Layer.

A Client-Server Exchange

Outline. Operating Systems. Socket Basics An end-point for a IP network connection. Ports. Network Communication. Sockets and the OS

A Report on RMI and RPC Submitted by Sudharshan Reddy B

Review. Preview. Closing a TCP Connection. Closing a TCP Connection. Port Numbers 11/27/2017. Packet Exchange for TCP Connection

EECS122 Communications Networks Socket Programming. Jörn Altmann

Communication. Communication. Distributed Systems. Networks and protocols Sockets Remote Invocation Messages Streams. Fall /10/2001 DoCS

Communication. Distributed Systems Santa Clara University 2016

Fundamental Issues. System Models and Networking Chapter 2,3. System Models. Architectural Model. Middleware. Bina Ramamurthy

Ports under 1024 are often considered special, and usually require special OS privileges to use.

UNIX Sockets. Developed for the Azera Group By: Joseph D. Fournier B.Sc.E.E., M.Sc.E.E.

Distributed Objects and Remote Invocation. Programming Models for Distributed Applications

Chapter 4 Communication

Lecture 2. Outline. Layering and Protocols. Network Architecture. Layering and Protocols. Layering and Protocols. Chapter 1 - Foundation

Lecture 06: Distributed Object

RPC Paradigm. Lenuta Alboaie Andrei Panu

(9A05803) WEB SERVICES (ELECTIVE - III)

UNIT IV- SOCKETS Part A

CS153: Communication. Chengyu Song. Slides modified from Harsha Madhyvasta, Nael Abu-Ghazaleh, and Zhiyun Qian

CS321: Computer Networks Introduction to Application Layer

Introduction to Lab 2 and Socket Programming. -Vengatanathan Krishnamoorthi

Socket Programming. Dr. -Ing. Abdalkarim Awad. Informatik 7 Rechnernetze und Kommunikationssysteme

Distributed Systems 8. Remote Procedure Calls

Unix Network Programming

Cloud Computing Chapter 2

Oral. Total. Dated Sign (2) (5) (3) (2)

J2EE APIs and Emerging Web Services Standards

CS307 Operating Systems Processes

Processes. Process Concept. The Process. The Process (Cont.) Process Control Block (PCB) Process State

Outline. EEC-681/781 Distributed Computing Systems. The OSI Network Architecture. Inter-Process Communications (IPC) Lecture 4

Socket Programming. Sungkyunkwan University. Hyunseung Choo Copyright Networking Laboratory

DS 2009: middleware. David Evans

JXTA TM Technology for XML Messaging

Context. Distributed Systems: Sockets Programming. Alberto Bosio, Associate Professor UM Microelectronic Departement

1.264 Lecture 16. Legacy Middleware

Communication. Overview

Managing Remote Medical Devices Through The Cloud. Joel K Young SVP of Research and Development & CTO Digi International Friday, September 9 11:30AM

Application Programming Interfaces

Lecture 8: February 19

Lecture 15: Frameworks for Application-layer Communications

Lecture 15: Frameworks for Application-layer Communications

Sockets 15H2. Inshik Song

CSMC 412. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala Set 2. September 15 CMSC417 Set 2 1

Network Programming in C. Networked Systems 3 Laboratory Sessions and Problem Sets

Distributed Systems. 02. Networking. Paul Krzyzanowski. Rutgers University. Fall 2017

Introduction to Computer Systems. Networks 2. c Theodore Norvell. The Sockets API

A short introduction to Web Services

Network Programming in C: The Berkeley Sockets API. Networked Systems 3 Laboratory Sessions

We will cover in this order: 2.1, 2.7, 2.5, 2.4, 2.2

Overview. Communication types and role of Middleware Remote Procedure Call (RPC) Message Oriented Communication Multicasting 2/36

ICT 6544 Distributed Systems Lecture 5

Piotr Mielecki Ph. D.

Sockets. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Web Services Security. Dr. Ingo Melzer, Prof. Mario Jeckle

Tutorial on Socket Programming

UNITE 2003 Technology Conference

Foundations of Python

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

CSE 333 Lecture 16 - network programming intro

CS UDP: User Datagram Protocol, Other Transports, Sockets. congestion worse);

Operating Systems. 18. Remote Procedure Calls. Paul Krzyzanowski. Rutgers University. Spring /20/ Paul Krzyzanowski

Distributed Environments. CORBA, JavaRMI and DCOM

Socket Programming TCP UDP

Integrating Legacy Assets Using J2EE Web Services

The Berkeley Sockets API. Networked Systems Architecture 3 Lecture 4

UNITE 2006 Technology Conference

Hyo-bong Son Computer Systems Laboratory Sungkyunkwan University

Networked Applications: Sockets. End System: Computer on the Net

Chapter 3: Client-Server Paradigm and Middleware

Collaboration of Tasks

Outline. Interprocess Communication. Interprocess Communication. Communication Models: Message Passing and shared Memory.

MTAT Enterprise System Integration. Lecture 2: Middleware & Web Services

Networked Applications: Sockets. Goals of Todayʼs Lecture. End System: Computer on the ʻNet. Client-server paradigm End systems Clients and servers

Implementing Remote Procedure Calls*

Apache Thrift Introduction & Tutorial

UNIX Network Programming. Overview of Socket API Network Programming Basics

Computer Networks Prof. Ashok K. Agrawala

Lecture 24. Thursday, November 19 CS 375 UNIX System Programming - Lecture 24 1

CSE 333 Lecture network programming intro

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Socket Programming. #In the name of Allah. Computer Engineering Department Sharif University of Technology CE443- Computer Networks

Remote Invocation Vladimir Vlassov and Johan Montelius

Distribution and web services

Transport Level Security

XML Web Service? A programmable component Provides a particular function for an application Can be published, located, and invoked across the Web

Transcription:

Network Programming Samuli Sorvakko/Trusteq Oy Telecommunications software and Multimedia Laboratory T-110.4100 Computer Networks January 29, 2013

Agenda 1 Introduction and Overview 2 Socket Programming 3 Lower-level stuff 4 Higher-level interfaces 5 Security

Introduction Introduction 1 Introduction and Overview 2 Socket Programming 3 Lower-level stuff 4 Higher-level interfaces 5 Security

Introduction Overview Wide-area concurrency Two or more entities Client-server, peer-to-peer, unidirectional or bidirectional multicast, broadcast,... Multiple levels of information exchange From TCP/IP point of view, HTTP is an application From SOAP or AJAX point of view, HTTP is a transport From a suitably abstracted framework s point of view, SOAP is a transport... All quite complex, eh?

Introduction Managing complexity Well-known protocols Tried and true Reference implementations and/or test frameworks exist Layering Only get to worry about a part of the communication Modularization / compartmentalization You parse these bits and I ll parse these Maybe use ready-made components for e.g. input handling even if the rest of the implementation is your own

Socket Programming 1 Introduction and Overview 2 Socket Programming 3 Lower-level stuff 4 Higher-level interfaces 5 Security

Overview Overview The UNIX way Introduced in 1983 (4.2 BSD Unix) Bind together software and the communication channels they use

Overview Overview cont d. Bind together four items: Remote host address Remote host port number Local host address Local host port number Also additional information: Socket protocol (Local, IPv4, IPv6, IPX, X25,...) Communication type (Stream, datagram, raw,...) Other options (blocking/non-blocking, keepalive,...)

Client sockets Client sockets Create a socket (binding it to a file descriptor) Connect the socket with the other party int sockfd=socket(pf_inet, SOCK_STREAM, 0); connect(sockfd, (struct sockaddr *) &remoteaddr, sizeof(struct sockaddr));

Client sockets Client sockets cont d. Of course need to verify return values The remoteaddr struct needs to be filled sin_family (AF_INET) sin_port (generally via htons()) sin_addr (from getaddrinfo() or gethostbyname())

Server sockets Server sockets A bit more complicated than the client Again, socket needs to be created Then bound to desired protocol, port and listening address After that, indicate willingness to listen to the OS Now ready to accept connections int sockfd=socket(af_inet, SOCK_STREAM, 0); bind(sockfd, (struct sockaddr *) &myaddr, sizeof(struct sockaddr)); listen(sockfd, backlog); sin_size=sizeof(struct sockaddr_in); incoming_fd=accept(sockfd, (struct sockaddr *)&remote_addr, &sin_size);

Server sockets Server sockets cont d. What is usually done here is to fork() a child process New connections can be accepted as quickly as possible Old connections are served by the children asynchronously Other keywords: select(2), poll(2)

Sockets recap Sockets recap Examples were for TCP sockets, UDP similar Very simplified examples, don t do it like this :) What is sent over the socket is decided by programmer Actual communication is handled by OS, socket operations are syscalls Several frameworks also exist to abstract handling of sockets twisted Event driven framework for Python ACE Adaptive Communication Environment, little bit of everything for C++ boost Boost library collection contains networking stuff (in addition to everything else on Earth)

Lower-level stuff 1 Introduction and Overview 2 Socket Programming 3 Lower-level stuff 4 Higher-level interfaces 5 Security

Lower-layer communication Lower-layer communication The previous example was for TCP It s also possible to communicate using lower-layer protocols Raw IP, Ethernet or other link-layer protocols,... Usually not needed but when you need it, you need it badly :) Often requires more than standard user privileges Can be used to provide userland support for protocols not supported by kernel Also possible to force interface to process all communication, not just what s intended to the interface (promiscuous mode) This is somewhat more complicated on Windows...

Lower-layer communication Sockets...again The same sockets with different options are used for this too You can also use socket options to pass information to lower layers QoS, path optimizations, power levels(!),... Basically you use sockets to build a link between the network interface and your software Remember, when using e.g. raw IP, the kernel won t help you

Higher-level interfaces 1 Introduction and Overview 2 Socket Programming 3 Lower-level stuff 4 Higher-level interfaces 5 Security

RPC Remote Procedure Call Developed by Sun Microsystems Originally for NIS and NFS Defines a data representation for binary information (byte orders!)

RPC Remote Procedure Call cont d. Uses a portmapper portmap/rpcbind instead of direct communication RPC server opens up a free UDP or TCP port and registers with portmapper RPC client contacts portmapper and gets exact location of server Also contains some options for authentication etc.

RMI Java Remote Method Invocation Also developed by Sun Microsystems Provides a way for Java object invocation from other Java VMs Supports object serialization

RMI Java Remote Method Invocation cont d Remote end: Export interfaces public interface MyInterface extends Remote{} Comms failures will be reported with RemoteException Creates instance(s) of a remote object Register the object(s) with RMI remote object registry Local end: Request the object from the remote server, which returns a Stub instance Methods invoked on the stub are run on the server, with RMI serializing and deserializing the communication

CORBA CORBA Common Object Request Broker Architecture Vendor-independent way for remote objects Specified by Object Management Group (OMG...) IDL, Interface Definition Language describes exported interfaces Similar to RMI in principle Mappings exist for C, C++, Java, COBOL, Lisp, Python...

CORBA CORBA cont d Interface is well separated from the implementation CORBA is well suited for middleware ( glue ) tasks Allows for access control on object level

DCOM Microsoft s offerings Distributed Component Object Model (DCOM) Based on local COM, with added RPC, serializing and garbage collection functionality.net Remoting Part of the.net framework Windows Communication Foundation Unifies.NET comms programming models Web services,.net Remoting, Message Queues, Distributed Transactions Can also serve AJAX web request via JSON encoder Idea here is exactly the same as in CORBA et al, remote invocation of procedures or methods in objects.

Webserv Web Services Leverage the power of the Web Machine-to-machine communication SOAP: Extensible, XML-based communication over HTTP WSDL: Interface description language UDDI (Universal Description Discovery and integration): Publishing and discovery of Web services Can be used in many ways; RPC emulation, Service-oriented architecture (SOA), Representational State Transfer (REST)

Webserv Web Services AJAX (Asynchronous JavaScript and XML) could also be categorized as a web service Not strictly machine-to-machine User s browser may do operations without interaction Data exchange between server and browser Only a part of the web page is refreshed Communication with XMLHttpRequests (or IFrames) Not a standard or a technology, describes functionality

Webserv WebSockets Bidirectional direct communication HTTP handshake which is then upgraded to web sockets 2 new URI schemes, ws:// and wss:// (for SSL/TLS) Both server and client capability needed wss:// will pass through most proxies (using CONNECT)

Security 1 Introduction and Overview 2 Socket Programming 3 Lower-level stuff 4 Higher-level interfaces 5 Security

Security overview Security Cannot trust the network Client cannot trust server Server must not trust client What packets you receive is usually outside your control

Security overview Security - Input handling Being on a network means communicating with more entities than you might think What if one of the entities is malicious? What happens to a server if a client sends it e.g. \0 s, SQL statements, very large amounts of data... What if a server uses a value in a protocol field directly as an index to an internal data structure? What if a server e.g. dumps core or other internal details in a response to a client when an error occurs? What if a server only checks for authorization when initiating communication but never again?

Security overview Security - Input handling Usually there are limits for things Field length, allowed characters, timeouts etc. It is best to make the limits explicit and force validation Example: A field in a text-based protocol contains a length for the payload (e.g. HTTP Content-Length: ) Check that the length is not negative Check that the length is a number Do not trust the reported length... Example: A server-side AJAX handler will look up entries from an SQL database Check that the request is sane (e.g. discard SQL wildcards) Check that the request contains NO fragments of SQL statements Remember to check for different character encodings, character entities etc... Input handling should be handled in a consistent manner throughout the application

Security overview Security - Application logic Usually apps have different states they can be in Waiting for connection, authenticating, authorized but idle, data transfer... States can be implicit or explicit As with input handling, explicit usually better Need to verify that the state transition is proper Initiating a monetary transaction not allowed without authentication and authorization Inserting routing table entries not allowed if routing table static... States are application specific State machines will help immensely (don t we all love theoretical computer science :)

Security overview Security - Authorization In many cases there s a need to verify who is requesting an operation before performing it Clients can be authenticated in many ways Authentication is not enough, also need to grant authorization Need to verify authorization before each operation Hiding functionality is not enough

Security overview Security - Testing You need to test the aforementioned cases (among other things :) All kinds of ready-made test tools and frameworks are available Fuzz testing is an important part to ensure input coverage

Security overview Security - Data security What to do when transmitting confidential data? How to make sure communication partners are who they should be How to ensure tamper resistance?

Security overview Security - Transport Layer Security TLS (Transport Layer Security, used to be SSL - Secure Sockets Layer) Originally developed by Netscape, now in RFCs as Proposed Standard Public-key based security (PKI, subject of a further course..) Client can verify server, server can also verify client (not used often) Handshake to determine encryption parameters

Security overview Security - Transport Layer Security implementation How to use it in your own project? Implement yourself? Implementing cryptographic protocols correctly is hard. Avoid it if possible. Use ready-made implementations instead

Security overview Security - OpenSSL OpenSSL is very widely used Pretty robust and feature-rich implementation Has both libraries and tools available

Security overview OpenSSL Client example SSL_library_init(); // Initializes the library SSL_CTX *context = SSL_CTX_new(method); // SSL Context /* Read cert chain */ SSL_CTX_use_certificate_chain_file(context, chainfile); /* Load trusted CAs /* SSL_CTX_load_verify_locations(context, CA_LIST, 0);... /* Create and connect socket */ socket=socket(af_inet, SOCK_STREAM, IPPROTO_TCP); connect(sock, (struct sockaddr *) &address, sizeof(address)); SSL *ssl = SSL_new(context); // Create new SSL struct BIO *sbio = BIO_new_socket(socket, BIO_NOCLOSE); SSL_set_bio(ssl,sbio,sbio); // IO Abstraction r=ssl_write(ssl, request, strlen(request));

Security overview Security - yet again... Use ready and tested protocol implementations if possible Use well-known protocols if possible Design protocols with security on mind from the start Always test for robustness, not only compliance

Security overview Further reading Richard Stevens: UNIX Network Programming, Volume 1, Second Edition: Networking APIs: Sockets and XTI, Prentice Hall, 1998, ISBN 0-13-490012-X man 2 socket, man 2 connect, man 2 bind and other UNIX man pages Sun Java RMI guides, http://java.sun.com/j2se/1.4.2/docs/guide/rmi/ Object Management Group CORBA FAQ and other documentation, http://www.omg.org/gettingstarted/corbafaq.htm Secure Programming for Linux and Unix HOWTO, http://www.dwheeler.com/secure-programs/

Discussion Discussion Comments? Remarks? Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback