DefAT: Dependable Connection Setup for Network Capabilities (CMU-CyLab-11-018)
作者: Virgil D. Gligor , Adrian Perrig , Soo Bum Lee
DOI:
关键词: The Internet 、 Internet topology 、 Computer network 、 Flooding (computer networking) 、 Computer science
摘要: Network-layer capabilities offer strong protection against link flooding by authorizing individual flows with unforgeable credentials (i.e., capabilities). However, the capabilitysetup channel is vulnerable to attacks that prevent legitimate clients from acquiring capabilities; i.e., in Denial of Capability (DoC) attacks. Based on observation distribution attack sources current Internet highly non-uniform, we provide a router-level scheme, named DefAT (Defense via Aggregating Traffic), confines effects DoC specified locales or neighborhoods (e.g., one more administrative domains Internet). provides precise access guarantees for capability schemes, even face The effectiveness shown two ways. First, illstrate link-access provided ns2 simulations. Second, show Interent-scale simulations using real topologies and distribution.
参考文章(18)
David Dagon, Cliff Changchun Zou, Wenke Lee, Modeling Botnet Propagation Using Time Zones. network and distributed system security symposium. ,(2006)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Luis von Ahn, Manuel Blum, Nicholas J. Hopper, John Langford, CAPTCHA: using hard AI problems for security theory and application of cryptographic techniques. pp. 294- 311 ,(2003) , 10.1007/3-540-39200-9_18
D. Senie, P. Ferguson, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing RFC 2827-BCP 38. ,vol. 2267, pp. 1- 10 ,(1998)
Ahren Studer, Adrian Perrig, The Coremelt attack european symposium on research in computer security. pp. 37- 52 ,(2009) , 10.1007/978-3-642-04444-1_3
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson, Practical network support for IP traceback acm special interest group on data communication. ,vol. 30, pp. 295- 306 ,(2000) , 10.1145/347057.347560
Xiaowei Yang, David Wetherall, Thomas Anderson, A DoS-limiting network architecture acm special interest group on data communication. ,vol. 35, pp. 241- 252 ,(2005) , 10.1145/1080091.1080120
Tom Anderson, Timothy Roscoe, David Wetherall, Preventing Internet denial-of-service with capabilities acm special interest group on data communication. ,vol. 34, pp. 39- 44 ,(2004) , 10.1145/972374.972382
Soo Bum Lee, Virgil D. Gligor, FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks international conference on distributed computing systems. pp. 327- 338 ,(2010) , 10.1109/ICDCS.2010.78
Wu-Chang Feng, D.D. Kandlur, D. Saha, K.G. Shin, Stochastic fair blue: a queue management algorithm for enforcing fairness international conference on computer communications. ,vol. 3, pp. 1520- 1529 ,(2001) , 10.1109/INFCOM.2001.916648