Upstream

Upstream is a project consisting of multiple components acting together to collect SSL (Secure Socket Layer)/TLS (Transport Layer Security) data from the wild and using the tools to identify vulnerabilities from parsing the data. Reconstructing TCP (Transmission control protocol) packets and then reconstructing/parsing SSL/TLS records can be tricky. TCP packets may not arrive in the same order or even the same format. Even when TCP packets are correctly reconstructed, SSL/TLS layer may be malformed or out of order. When I first arrived, the original implementation used a heavily modified version of TCPFlow, a project that focused TCP reconstruction, and used an ssl/tls parser and logger written in the Go language. However, there were flaws in the implementations that affected the results, so TCPFlow was abandoned in favor of Bro, an open source IDS (Intrusion Detection System). My project consisted of implementing the parser and logger as a plugin for Bro in C++. Although the project is not finished yet due to unfinished testing and performance checks, the plugin can be used to successfully extract data from pcap (data) files.

Since this project is my first big project, consisting of over five thousands line of C++, making sure most of it is stable and having the program not crash was a stepping stone for me. In addition, I learned more on how to write maintainable and readable code.

The research was not just writing C++ all day and looking through Bro source code and modifying it. I got to meet a lot of wonderful people and gained a lot of experience and valuable advice from my advisors. I learned that communication in the computer science field is key, which I had not learn through my computer science classes, where most of the work is done alone.

Upstream is a project consisting of multiple components acting together to collect SSL (Secure Socket Layer)/TLS (Transport Layer Security) data from the wild and using the tools to identify vulnerabilities from parsing the data. Reconstructing TCP (Transmission control protocol) packets and then reconstructing/parsing SSL/TLS records can be tricky. TCP packets may not arrive in the same order or even the same format. Even when TCP packets are correctly reconstructed, SSL/TLS layer may be malformed or out of order. When I first arrived, the original implementation used a heavily modified version of TCPFlow, a project that focused TCP reconstruction, and used an ssl/tls parser and logger written in the Go language. However, there were flaws in the implementations that affected the results, so TCPFlow was abandoned in favor of Bro, an open source IDS (Intrusion Detection System). My project consisted of implementing the parser and logger as a plugin for Bro in C++. Although the project is not finished yet due to unfinished testing and performance checks, the plugin can be used to successfully extract data from pcap (data) files.

Since this project is my first big project, consisting of over five thousands line of C++, making sure most of it is stable and having the program not crash was a stepping stone for me. In addition, I learned more on how to write maintainable and readable code.

The research was not just writing C++ all day and looking through Bro source code and modifying it. I got to meet a lot of wonderful people and gained a lot of experience and valuable advice from my advisors. I learned that communication in the computer science field is key, which I had not learn through my computer science classes, where most of the work is done alone.