Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
TVA: a DoS-limiting Network Architecture Xiaowei Yang, Member, David Wetherall, Member, Thomas Anderson, Member
 

Summary: 1
TVA: a DoS-limiting Network Architecture
Xiaowei Yang, Member, David Wetherall, Member, Thomas Anderson, Member
Abstract-- We motivate the capability approach to network
denial-of-service (DoS) attacks, and evaluate the TVA architecture
which builds on capabilities. With our approach, rather than
send packets to any destination at any time, senders must first
obtain "permission to send" from the receiver, which provides the
permission in the form of capabilities to those senders whose traffic
it agrees to accept. The senders then include these capabilities
in packets. This enables verification points distributed around
the network to check that traffic has been authorized by the
receiver and the path in between, and hence to cleanly discard
unauthorized traffic. To evaluate this approach, and to understand
the detailed operation of capabilities, we developed a network
architecture called TVA. TVA addresses a wide range of possible
attacks against communication between pairs of hosts, including
spoofed packet floods, network and host bottlenecks, and router
state exhaustion. We use simulations to show the effectiveness of
TVA at limiting DoS floods, and an implementation on Click router

  

Source: Anderson, Tom - Department of Computer Science and Engineering, University of Washington at Seattle
Yang, Xiaowei - Department of Computer Science, Duke University

 

Collections: Computer Technologies and Information Sciences