Reowolf
Rip and replace for BSD socket insecurity
The Reowolf project aims to replace a decades-old application programming interface (BSD-style sockets) for communication on the Internet. In this project, a novel programming interface is implemented at the systems level that is interoperable with existing Internet applications. Currently, to increase quality of service (e.g. intrusion detection, latency and throughput) non-standard techniques are applied. Internet service providers resort to deep packet inspection to guess applications intent, and BSD-style socket programming is error-prone and tweaking is fragile. This project resolves these problems: it provides support to middleware to further improve quality of service without having to give up on privacy, and makes programming of Internet applications easier to do correctly and thus more reliable.
- The project's own website: https://reowolf.net
Why does this actually matter to end users?
Many of the underlying core technologies we use on computers, date from an era when the internet was in its infancy. Security wasn't a primary concern, and thus wasn't part of the design decisions. Sockets are such a technology, dating back to the early eighties. Sockets are a convention that used by all the software that needs to communicate across a network. A socket basically is a placeholder of the network connection inside the computer. Applications will send traffic to that placeholder - and the operating system will take care of the rest .The technical design was flexible enough to survive the intermittent decades, but offered users almost no control or insight as to what is happening. Essentially it functions as a software hose connecting the inside of the operating system with the outside world.
The key problem we face today is the fundamental security and trust issues which that design is completely ignorant of. It doesn't understand that not every application should be allowed to do the same things. In particular, as soon as a user is allowed to use a socket because of some legitimate application, all the applications that belong to the same user can use it. Multiple applications can use the same socket at the same time, and none of them would be able to see what other applications are doing. Because data is actually being sent from your computer to the outside, that can become a critical issue real fast. This design is part of pretty much every operating system currently on the market. And worse: the technology is not just present, but is actually still heavily used.
The Reowolf project is geared to providing a next generation solution to make network connections safer. Instead of a hose that bits are pumped trhough, it provides a smart connector. That connector allows to synchronise data from multiple sources from inside to outside and vice versa. The key difference between the technology developed within Reowolf and a classic socket is that Reowolf will allow to do so in a controlled way. Unlike a socket, such a connector allows for high-level verification, compilation and optimization techniques. So you can clean up, or selectively filter, the incoming and outgoing traffic. This significantly and directly improves the control the user has over the connections the computer makes across the internet, and allows for many interesting user benefits such as dynamic configuration. Reowolf thus offers a systems level solution for the next generation internet.
Run by CWI
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.