Preventing Internet denial-of-service with capabilities-Reference-Cited by-同舟云学术

Preventing Internet denial-of-service with capabilities

Published:2004-01 Issue:1 Volume:34 Page:39-44
ISSN:0146-4833
Container-title:ACM SIGCOMM Computer Communication Review
language:en
Short-container-title:SIGCOMM Comput. Commun. Rev.

Author:

Anderson Tom¹,Roscoe Timothy²,Wetherall David¹

Affiliation:

1. University of Washington

2. Intel Research at Berkeley

Abstract

In this paper, we propose a new approach to preventing and constraining denial-of-service (DoS) attacks. Instead of being able to send anything to anyone at any time, in our architecture, nodes must first obtain "permission to send" from the destination; a receiver provides tokens, or capabilities, to those senders whose traffic it agrees to accept. The senders then include these tokens in packets. This enables verification points distributed around the network to check that traffic has been certified as legitimate by both endpoints and the path in between, and to cleanly discard unauthorized traffic. We show that our approach addresses many of the limitations of the currently popular approaches to DoS based on anomaly detection, traceback, and pushback. Further, we argue that our approach can be readily implemented in today's technology, is suitable for incremental deployment, and requires no more of a security infrastructure than that already needed to fix BGP's security weaknesses. Finally, our proposal facilitates innovation in application and networking protocols, something increasingly curtailed by existing DoS measures.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Software

Link

https://dl.acm.org/doi/pdf/10.1145/972374.972382

Reference21 articles.

1. A signal analysis of network traffic anomalies

2. S. Bellovin ICMP Traceback Messages. http://www.research.att.com/~smb/papers/draft-bellovin-itrace-00.txt Internet Draft) 2000.]] S. Bellovin ICMP Traceback Messages. http://www.research.att.com/~smb/papers/draft-bellovin-itrace-00.txt Internet Draft) 2000.]]

Cited by 82 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. DDD: A DNS-based DDoS Defense Scheme Using Puzzles;2024 33rd International Conference on Computer Communications and Networks (ICCCN);2024-07-29

2. An Empirical Study of Consensus Protocols’ DoS Resilience;Proceedings of the 19th ACM Asia Conference on Computer and Communications Security;2024-07

3. DDoS2Vec: Flow-Level Characterisation of Volumetric DDoS Attacks at Scale;Proceedings of the ACM on Networking;2023-11-27

4. A resource-based pricing collaborative approach for mitigating DDoS attack in mobile edge computing;China Communications;2022-12

5. DoCile: Taming Denial-of-Capability Attacks in Inter-Domain Communications;2022 IEEE/ACM 30th International Symposium on Quality of Service (IWQoS);2022-06-10