The Socket Handoff Defense to DoS Attacks Katia Sycara, PI Overview Key Benefits of Socket Handoff Discovery Features.

Slides:



Advertisements
Similar presentations
Applications of Feather-Weight Virtual Machines (FVMs) Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science.
Advertisements

Agent-Oriented InfoStation Architecture Ivan Minov University of Plovdiv “Paisii Hilendarski“
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Security Issues and Challenges in Cloud Computing
WS-Denial_of_Service Dariusz Grabka M.Sc. Candidate University of Guelph February 13 th 2007.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
MIGSOCK Migratable TCP Socket in Linux Demonstration of Functionality Karthik Rajan Bryan Kuntz.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Joseph A. Giampapa Octavio H. Juarez-Espinosa Katia P. Sycara The Robotics Institute Carnegie Mellon University 5000 Forbes Avenue Pittsburgh, PA
Business Data Communications, Fourth Edition Chapter 10: Network Security.
1 Migratory TCP: Connection Migration for Service Continuity in the Internet* Florin Sultan, Kiran Srinivasan, Deepa Iyer, Liviu Iftode Department of Computer.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Web server security Dr Jim Briggs WEBP security1.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Norman SecureSurf Protect your users when surfing the Internet.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Introduction to Networking Concepts. Introducing TCP/IP Addressing Network address – common portion of the IP address shared by all hosts on a subnet/network.
Wireless Security: A Search for Public and Secure Wireless networks Kory Kirk.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Chapter 6: Packet Filtering
A Cloud is a type of parallel and distributed system consisting of a collection of inter- connected and virtualized computers that are dynamically provisioned.
 Computer Networking Computer Networking  Networking terminology Networking terminology  Client Server Model Client Server Model  Types of Networks.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Implementing Network Access Protection
Network Operating Systems versus Operating Systems Computer Networks.
IT Infrastructure for Business
--Harish Reddy Vemula Distributed Denial of Service.
How computer’s are linked together.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
CPT 123 Internet Skills Class Notes Internet Security Session A.
Module 9: Fundamentals of Securing Network Communication.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.
Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.
FailSafe SGI’s High Availability Solution Mayank Vasa MTS, Linux FailSafe Gatekeeper
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
Course ILT Basic networking concepts Unit objectives Compare various types of networks Discuss types of servers Discuss LAN topologies Discuss planning.
Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.
CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Module 11: Designing Security for Network Perimeters.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
Network protocols –Nodes of a network must obey some rules if they want to communicate with each other. The set of rules is called network protocol. –The.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Data Communications and Networks Chapter 9 – Distributed Systems ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
HIP & MIP V 6 SECURITY Research: Security Architecture IRT Lab, Columbia University.
© 2002, Cisco Systems, Inc. All rights reserved..
1 Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Architecture Technology Corporation Odyssey Research Associates DARPA OASIS PI.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
WARCS (Wide Area Remote Control for SPring-8)‏ A. Yamashita and Y.Furukawa SPring-8, Japan Control System Cyber-Security Workshop (CS)2/HEP Oct
NAT、DHCP、Firewall、FTP、Proxy
Module 8: Networking Services
Secure Software Confidentiality Integrity Data Security Authentication
Introduction to Computers
Firewalls.
Allocating IP Addressing by Using Dynamic Host Configuration Protocol
Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
Module 1: Overview of Systems Management Server 2003
Presentation transcript:

The Socket Handoff Defense to DoS Attacks Katia Sycara, PI Overview Key Benefits of Socket Handoff Discovery Features This research has been sponsored in part by: the Office of Naval Research Grant N , DARPA Grant F , DARPA Grant F , and by AFOSR Grant F The termination of the DoS attack. The termination of the DoS attack. Malicious network connections, often partial and containing spoofed or inaccurate IP addresses, will be dropped and “left behind” in the “move.” Continuity of service. Continuity of service. The relocation is accomplished without needing to stop, disconnect, or interrupt services and network connections that are valid and already active. These connections will be automatically updated with the new and renumbered addresses. Application transparency Application transparency. The Socket Handoff mechanism is implemented in the operating system kernel. Likewise, all network applications can benefit from it without needing to be rewritten. A wide variety of applications can benefit from this technology, from file, database and web servers, to specialized peer-to-peer Internet services. Gradual phase-in. Gradual phase-in. Under normal circumstances, applications running on operating systems not implementing the Socket Handoff mechanism can communicate with those running on operating systems that do support handoff. Applications need a Socket-Handoff-established kernel to maintain a connection when the server relocates and hands off its new IP address. Discovery RETSINA Relocated network service providers and requestors find each other at their new addresses through lightweight and fail-safe Discovery services, such as those implemented in the Intelligent Software Agents Lab's RETSINA agent architecture. These RETSINA technologies have been verified to work across multiple network topologies, managed by a variety of network management policies. 1. DoS Attack A denial of service (DoS) attack A denial of service (DoS) attack is an attack by malicious or naïve hackers on an information networking infrastructure and the computing systems that depend on it. Attacks may range from the shutdown of a single computer, to the removal of an entire network or system from the Internet. Socket Handoff Defense With The Socket Handoff Defense, a targeted Organization may maintain operation of the networked infrastructure. A lightweight socket handoff technology allows computers on the network to relocate out of harm’s way by renumbering their IP network addresses. Intelligent Software Agents Lab In February 2002, the Intelligent Software Agents Lab demonstrated an implementation of Linux kernel-level sockets that permitted transparent Socket Handoff among three different network test applications. To our knowledge, it was the first such demonstration of its kind. Legitimate client outside subnet. 2. Downgrade in network performance. 3. Loss of access by outside clients 1. Server changes IP address and notifies clients. Subnet connections are uninterrupted. 3. Legitimate outside client connects using Discovery 2. Attacker loses connection to network host. new IP Discovery

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.