Browse code

Adding example proposals for GSoC.

Damian Johnson authored on25/03/2011 16:53:52
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,164 @@
1
+1. What project would you like to work on? Use our ideas lists as a starting
2
+point or make up your own idea. Your proposal should include high-level
3
+descriptions of what you're going to do, with more details about the parts you
4
+expect to be tricky. Your proposal should also try to break down the project
5
+into tasks of a fairly fine granularity, and convince us you have a plan for
6
+finishing it.
7
+
8
+The Snakes on a Tor exit scanner has the potential to dramatically improve the
9
+safety of Tor users by ferreting out misconfigured and malicious exit nodes.
10
+At present it suffers from certain stability issues which prevent it from being
11
+run for long periods of time, and from an overabundance of false positives in
12
+the results it generates. While I would ideally like to work on designing new
13
+routines for detecting subtle content modifications and for better handling
14
+dynamic content -- the issues of stability and false positives need to be
15
+addressed first. I've begun looking at the SoaT source code and running some
16
+preliminary experiments, identifying several small stability issues. In the
17
+coming weeks I'll begin to collect a body of false positives which I'll study
18
+and design new filters around. The most difficult part of this project may be
19
+determining what actual positive results look like, and developing a threat
20
+model that predicts the kinds of modifications which malicious exit nodes are
21
+likely to make. I'm sure this question has been addressed by members of the Tor
22
+community, so much of my early work this summer will involve talking to
23
+community members to better understand the kinds of malicious exit nodes which
24
+have been seen in the past, and determining how well the current SoaT
25
+implementation performs against these known attacks.
26
+
27
+Timeline:
28
+   April 26 - May 24:
29
+
30
+    *  Start to get an idea of what the threat model looks like, continue
31
+       performing stability tests and gathering a diverse collection of results
32
+       to study.
33
+
34
+   May 24 - June 17:
35
+
36
+    * Throw everything I can at SoaT - make it crash and fix the bugs.
37
+    * Keep collecting data!
38
+
39
+   June 17 - July 17:
40
+
41
+    * In depth analysis of false positives. Use both false positives and real
42
+      modifications (or modifications generated by myself which emulate the
43
+      types of things predicted by the threat model) to develop a data set that
44
+      SoaT's filters can be evaluated against offline.
45
+
46
+    * Use the data set to improve existing filters and create new ones.
47
+
48
+  July 17 - August 2:
49
+     Here the timeline splits depending on progress thus far.
50
+     Case 1 - There are still too many false positives:
51
+
52
+    * Keep developing new filters and tuning old ones.
53
+
54
+      Case 2 - False positives have been reduced to an acceptable level:
55
+
56
+    * Get SoaT running full time on a dedicated machine. Improve reporting so
57
+      that SoaT can communicate its suspicions to the Tor team.
58
+    * Start drafting plans for improving the system.
59
+
60
+   August 2 - 16:
61
+
62
+    * Perform an extensive test of the system and write up a report of where it
63
+    * does well and what can be improved.
64
+
65
+
66
+2. Point us to a code sample: something good and clean to demonstrate that you
67
+know what you're doing, ideally from an existing project.
68
+
69
+I'm one of the two lead developers for the Anomos project, the code for which
70
+can be browsed here [https://git.anomos.info/?p=anomos.git;a=summary].
71
+
72
+Anomos is in Python, and I handle almost all of the network code (which makes
73
+extensive use of SSL), so this project is particularly representative of where
74
+my skill set intersects with that needed to work on SoaT.
75
+
76
+
77
+3. Why do you want to work with The Tor Project / EFF in particular?
78
+
79
+I think Tor is one of the most important free software projects in development
80
+today - I'm very interested in the political issues surrounding access to
81
+information, and have been an EFF member for several years now. Tor has also
82
+been the primary inspiration for my work on Anomos. What particularly attracts
83
+me about Tor is the sustained emphasis its developers have placed on making it
84
+a platform for research. This emphasis has attracted a large community of
85
+skilled anonymity researchers with whom I would be honored to work with and
86
+learn from as I continue my study of anonymity and begin to conduct my own
87
+research.
88
+
89
+
90
+4. Tell us about your experiences in free software development environments. We
91
+especially want to hear examples of how you have collaborated with others
92
+rather than just working on a project by yourself.
93
+
94
+I develop all of my own software under free licenses and make an effort to work
95
+in groups as often as possible. Anomos, the largest project I've worked on,
96
+would not have been possible in a non-free environment. It has received
97
+tremendous support from the community in terms of development, debugging,
98
+translation, documentation, and testing - the project simply would not have
99
+been possible without support from the free software community.  I run free
100
+software on all of my computers, and make an active effort to report or patch
101
+bugs whenever possible.
102
+
103
+
104
+5. Will you be working full-time on the project for the summer, or will you
105
+have other commitments too (a second job, classes, etc)? If you won't be
106
+available full-time, please explain, and list timing if you know them for other
107
+major deadlines (e.g. exams). Having other activities isn't a deal-breaker, but
108
+we don't want to be surprised.
109
+
110
+I will be available full-time to work on Tor. I plan on attending a couple
111
+conferences and spending a lot of time outdoors, but that won't take me away
112
+from my work for more than a few days.
113
+
114
+
115
+6. Will your project need more work and/or maintenance after the summer ends?
116
+What are the chances you will stick around and help out with that and other
117
+related projects?
118
+
119
+My project will almost certainly be completed during the summer.  That said,
120
+I'm very likely to remain active with the Tor project after the summer. I'm
121
+currently planning on conducting anonymity research as a large part of my
122
+undergraduate thesis work and would love for that work to involve Tor.
123
+
124
+
125
+7. What is your ideal approach to keeping everybody informed of your progress,
126
+problems, and questions over the course of the project? Said another way, how
127
+much of a "manager" will you need your mentor to be?
128
+
129
+Especially when it comes to a project I'm really interested in - I'm extremely
130
+self motivated and require very little management. I generally check in with a
131
+project manager once per week unless a problem or question arises. I make
132
+extensive use of version control software, commit frequently, and keep my work
133
+in a publicly accessible repositories, so my mentor will be able to monitor my
134
+progress at their leisure. I'm also happy to blog or otherwise communicate my
135
+progress on a regular basis to the project community.
136
+
137
+
138
+8. What school are you attending? What year are you, and what's your
139
+major/degree/focus? If you're part of a research group, which one?
140
+
141
+I'm in my third year at Hampshire College studying computer science with a
142
+focus on distributed and peer-to-peer systems. I occasionally work at the
143
+University of Massachusetts, Amherst conducting BitTorrent research under Arun
144
+Venkataramani.
145
+
146
+
147
+9. How can we contact you to ask you further questions? Google doesn't share
148
+your contact details with us automatically, so you should include that in your
149
+application. In addition, what's your IRC nickname? Interacting with us on IRC
150
+will help us get to know you, and help you get to know our community.
151
+
152
+   You can email me: john@anomos.info
153
+        GPG Key ID: 0xA1D39D09
154
+        GPG Fingerprint: 7131 3E78 7500 3BB2 FCDD  FA97 91ED 834D A1D3 9D09
155
+   Instant message me via XMPP: john@anomos.info
156
+   Or talk to me on IRC: susurrusus on OFTC (I idle in #tor)
157
+
158
+
159
+10. Is there anything else we should know that will make us like your project
160
+more?
161
+
162
+The project I've proposed here is just a starting point - I think I have a lot
163
+to bring to the Tor project and that this summer will just be the start of a
164
+lasting academic relationship with the community.