Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection

Summary: Cookies Along Trust-Boundaries (CAT):
Accurate and Deployable Flood Protection
Martin Casado Aditya Akella Pei Cao Niels Provos Scott Shenker
niels@google.com, shenker@icsi.berkeley.edu
Packet floods targeting a victim's incoming bandwidth are no-
toriously difficult to defend against. While a number of solu-
tions have been proposed, such as network capabilities, third-
party traffic scrubbing, and overlay-based protection, most suf-
fer from drawbacks that limit their applicability in practice.
We propose CAT, a new network-based flood protection
scheme. In CAT, all flows must perform a three-way handshake
with an in-network element to obtain permission to send data.
The three-way handshake dissuades source spoofing and estab-
lishes a unique handle for the flow, which can then be used for
revocation by the receiver. CAT offers the protection qualities
of network capabilities, and yet does not require major archi-
tectural changes.
1 Background and Motivation


Source: Akella, Aditya - Department of Computer Sciences, University of Wisconsin at Madison


Collections: Computer Technologies and Information Sciences