Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Preventing Internet Denial-of-Service with Capabilities Tom Anderson

Summary: Preventing Internet Denial-of-Service with Capabilities
Tom Anderson
University of Washington
Timothy Roscoe
Intel Research at Berkeley
David Wetherall
University of Washington
In this paper, we propose a new approach to preventing and
constraining denial-of-service (DoS) attacks. Instead of be-
ing able to send anything to anyone at any time, in our
architecture, nodes must first obtain "permission to send"
from the destination; a receiver provides tokens, or capa-
bilities, to those senders whose traffic it agrees to accept.
The senders then include these tokens in packets. This en-
ables verification points distributed around the network to
check that traffic has been certified as legitimate by both
endpoints and the path in between, and to cleanly discard
unauthorized traffic. We show that our approach addresses
many of the limitations of the currently popular approaches


Source: Anderson, Tom - Department of Computer Science and Engineering, University of Washington at Seattle


Collections: Computer Technologies and Information Sciences