perfSONAR-CTSC Code Review Engagement Final Report 

Abstract

perfSONAR ("Performance focused Service Oriented Network monitoring ARchitecture") is an infrastructure for monitoring network performance. The perfSONAR software toolkit is deployed around the world, primarily at government labs and universities, to help monitor and provide network reliability information across multiple domains. Some of the virtual organizations deploying perfSONAR include ESnet, GÉANT, and Internet2.

CTSC and perfSONAR conducted an engagement in which CTSC performed a code review of perfSONAR’s Bandwidth Test Controller (BWCTL). BWCTL is essentially a daemon and framework for scheduling and executing non-overlapping performance measurement tests between sets of participating hosts (endpoints). The code review consisted of two parts: (1) a First Principles Vulnerability Assessment (FPVA) that involved a manual inspection and analysis of the code, resulting in detailed architecture and resources diagrams and (manual) detection of potential vulnerabilities, and (2) an automated/programmatic static source code analysis using the Software Assurance Marketplace (SWAMP) online service.