Bunker is a network tracing system that offers strong privacy while simplifying the development of network tracing software. With Bunker, network operators can perform network tracing based on the following two-step usage model:
- Pre-load Bunker with the trace collection and anonymization software.
- Start data collection with Bunker.
With Bunker, all sensitive data is stored in a buffer on disk that is “locked down” along with the tracing software. In this way, no raw data can be lost, leaked, or stolen.
The locked down buffer is encrypted with a key stored in Bunker’s RAM. Bunker uses virtualization, encryption, and restricted I/O interfaces to protect the key and the tracing software, exporting only an anonymized trace. For more information about Bunker’s architecture and a performance evaluation, please read our research papers.
To download Bunker’s source code and instructions on how to install it, please visit the Bunker project page hosted at the University of Toronto.