GSoC2014/Student/Daniel Csubak

= Proposal for Implementing an application-level FWaaS driver (Zorp) = Dániel Csubák

email: cyrrian@gmail.com

IRC nick: csuby

LinkedIn: http://hu.linkedin.com/pub/d%C3%A1niel-csub%C3%A1k/50/b81/222

Suggested mentors: Bálint Kovács, Szilárd Pfeiffer (I have contacted them already)

Abstract
This project is about planning and implement a new FWaaS driver for an application-level firewall, Zorp GPL. The project will consist of a planning stage, where the existing drivers will be looked through and their benefits will be selected for the Zorp GPL driver, and two implementation stages, one for OpenStack and one for Zorp GPL. After these stages a test environment will be built to do end-to-end tests. Finally the documentation will be written. At the implementation stages Clean Code principles and TDD will be applied for understandable code, and high code coverage.

About me
I am a 23 years old graduating MSc software developer student at Faculty of Informatics at Eötvös Loránd University, Budapest, Hungary. In the past year I worked as research associate on the SmartUC project, which was connected with P2P networks, streaming and network coding at the university, and in the past semester I taught Computer Networks course for BSc students.

As a beginner MSc student I participated in the KMS Lab at the university, where I worked on the Semantic Web project, which was about semantic data analysis with Hadoop. At that semester I also presented my results about Optimal data structure for RDF in MongoDB at the university round of the TDK student conference.

My BSc thesis was about the implementation of a reporting tool for the Zorp GPL firewall, and during the planning and implementation process I got familiar with networking, and security.

I am writing my MSc thesis about P2P streaming systems, but I have to finish it until 15th May. I am going to have my MSc final exam at the end of June.

I have strong skills in Ubuntu, Git, networking, and IT security.

Programming languages: Python, Bash, Java, C, C++, C#, Qt.

C and python is important, since Zorp is written in these languages.

Motivation
I'm experienced with computer networks, I know Zorp. Computer networks were the main subject of the researches I participated in. Network security, and privacy are also a very important nowadays, especially in cloud systems. This project contains all of these. Last but not least, it would be a pleasure, to use my knowledge to improve OpenStack, Zorp, and to contribute to open-source community.

The project
The project is about the implementation of a FWaaS driver for OpenStack Neutron. OpenStack FWaaS now provides similar functions as IPTables. Zorp GPL is an application-level proxy firewall. It is highly modular with various proxies (eg. HTTP, FTP, SMTP) and several rule options, but it can be used for the basic IPTables functionality as well. Zorp GPL can be a potential choice if FWaaS is decided to be functionally expanded, since the functionality of IPTables is limited.

OpenStack users could use this driver to use an application-level firewall and in the future the FWaaS functionality can be extended by using this API.

Benefits for OpenStack
As a benefit from this project the current FWaaS drivers will be reviewed, and their benefits will be summarized in the Zorp GPL driver, so OpenStack will get a fully tested application-level proxy firewall driver and by this, the security related members of the community could use a higher functionality and it could result some new users for OpenStack from IT Security community.

Furthermore suggestions for the future of the application-level firewall drivers will be made, which can be used to plan the future FWaaS drivers, or extend this one.

Last, the OpenStack community may be expanded with the Zorp GPL users, who wish to try or use the new driver.

Benefits for Zorp GPL
OpenStack will be a new field to the Zorp GPL which officially was not used in such a system before, furthermore the Zorp GPL users will get a possibility for configuration, and managing by the using of OpenStack’s other components.

As the yield this project the Zorp GPL community can be expanded, because OpenStack users could use Zorp GPL as a FWaaS.

Project timeline
The timeline is in two weeks, as it was suggested.

21st April - 19th May: Discuss further details with mentors. Build environment for development. Read through connecting documentation. Get familiar with Neutron, do some minor fixes.

19th May - 2nd June: GSoC begins. Look through, and test the existing FWaaS drivers and decide the needed parts for the Zorp GPL driver. Plan the implementation and testing. Also according to the look through the future suggestions can be planed.

2nd June - 16th June: Implement the OpenStack Neutron related part of the driver.

16th June - 30th June: Mid-term evaluation. Test the OpenStack Neutron driver. Start to implement the Zorp GPL related part of the driver.

30th June - 14th July: Finish the Zorp GPL related part of the driver implementation, and test it.

14th July - 28th July: Build a test environment, where the implementation can be functionally tested, and do some end-to-end tests.

28th July - 11th August: Documenting, code refactoring, finish open tasks.

11th August - 18th August: Pencil down. Look through everything, do fixes if needed, finalize documentation. GSoC ends.

Deliverable content

 * FWaaS driver for Zorp GPL that has the same functionality as in IPTables reference
 * Tests for ~90% code coverage
 * Documentation

Nice to have

 * Extended documentation
 * Suggestions for future API extensions for application-level firewalls

Additional information
SmartUC URL: http://people.inf.elte.hu/lukovszki/Project/SmartUC/smartuc.html