Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Lydia Sidrak A DoS-limiting Network Architecture
 

Summary: Lydia Sidrak
A DoS-limiting Network Architecture
Ziaowei Yang, David Wetherall, Thomas Anderson
Authors of this paper propose an architecture designed to limit Denial of Service attacks on open,
Internet-like networks. Traffic Validation Architecture (TVA) allows the destination to control
what traffic it receives via capabilities, which are not forgeable, are processed by the routers
(without trusting hosts), and also achieved with low processing cost.
Main points:
To ensure attacker requests don't bully legitimate request, path-identifier queueing is used.
Destination policies depend on role of host in network. Clients may accept a request if it matches
an outgoing request. Servers can "cautiously" accept all requests, but blacklist misbehaving
senders in the event of unexpected or flooded packets.
Routers compute pre-capabilities that contain source and destination IPs, a timestamp and a secret
key. This serves as a sort of "message authentication" enforcing unforgeability and "time limit"
for capabilities.
Routers that process packets only keep state for flows trying to reach N/T bandwidth
Cons
There may be reduced efficiency when there are short flows near host, like in root DNS servers,
but this can be addressed if more request bandwidth is allotted.
A minor point: though "more sophisticated" policies such as CAPTCHA and HTTP cookies are

  

Source: Akella, Aditya - Department of Computer Sciences, University of Wisconsin at Madison

 

Collections: Computer Technologies and Information Sciences