Presentation is loading. Please wait.

Presentation is loading. Please wait.

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007.

Published byColin Lawrence Modified over 11 years ago

Similar presentations

Presentation on theme: "The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007."— Presentation transcript:

1 The role of network capabilities Xiaowei Yang xwy@uci.edu UC Irvine NSF FIND PI meeting, June 28 2007

2 Root cause of unwanted traffic Any host can send to any destination without obtaining permissions

3 Network capabilities: ask-before-send [Anderson03], TVA, SIFF 1. Source requests permission to send. 2. Destination authorizes source for a limited transfer, e.g, 32KB in 10 secs A capability is the proof of a destinations authorization. 3. Source places capabilities on packets and sends them. 4. Network filters packets based on capabilities. cap

4 But attackers can flood request packets ! Request packets do not carry capabilities

5 Protecting request channel is different Request packets can be rate limited Protect established connections cap

6 Protecting request channel is different Fair resource allocation to prevent attackers from overwhelming legitimate requests Fair queuing, puzzles [ Parno07]

7 Protecting request channel is different Reliable filters close to attack sources Cryptographic secure identifiers

8 The role of capabilities Allow comprehensive DoS protection mechanisms to be deployed on a slow channel Enable traffic authorization Protect existing connections during attack cap

Download ppt "The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007."

Similar presentations

Architectural Considerations for Protecting End Hosts Vern Paxson International Computer Science Institute and Lawrence Berkeley National Laboratory

Architectural Considerations for Protecting End Hosts Vern Paxson International Computer Science Institute and Lawrence Berkeley National Laboratory
Network support for DoS Protection Stefan Savage Dept of Computer Science and Engineering UC San Diego.

Network support for DoS Protection Stefan Savage Dept of Computer Science and Engineering UC San Diego.
Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
Security implications of source- controlled routes Xiaowei Yang UC Irvine NSF FIND PI meeting, June 27 2007.

Security implications of source- controlled routes Xiaowei Yang UC Irvine NSF FIND PI meeting, June
Security Issues In Mobile IP

Security Issues In Mobile IP
A NASSCOM ® Initiative Comprehensive Computer Security Software An advanced computer security software usually have one or more of the following utilities.

A NASSCOM ® Initiative Comprehensive Computer Security Software An advanced computer security software usually have one or more of the following utilities.
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
2009-03-16 1 Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.

Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
Using Capability to prevent Internet Denial-of-Service attacks  Tom Anderson  Timothy Roscoe  David Wetherall  Offense Team –Khoa To –Amit Saha.

Using Capability to prevent Internet Denial-of-Service attacks  Tom Anderson  Timothy Roscoe  David Wetherall  Offense Team –Khoa To –Amit Saha.
Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.

Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.
FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig.

FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.

History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.
A DoS-limiting Network Architecture CSCE 715: Fall’06 Presentation by: Amit Jain Shantnu Chaturvedi.

A DoS-limiting Network Architecture CSCE 715: Fall’06 Presentation by: Amit Jain Shantnu Chaturvedi.
To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets Xin Liu Xiaowei Yang Yanbin Lu UC Irvine

To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets Xin Liu Xiaowei Yang Yanbin Lu UC Irvine
1 Controlling High Bandwidth Aggregates in the Network.

1 Controlling High Bandwidth Aggregates in the Network.
A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.

A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.
Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006.

Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006.
July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.

July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.

Similar presentations

Ads by Google