DMCA
SOS: Secure overlay services (2002)
Cached
Download Links
- [www.cs.utexas.edu]
- [www.cs.utexas.edu]
- [www.cs.utexas.edu]
- [www.cs.utexas.edu]
- [www.cs.utexas.edu]
- [www.cs.utexas.edu]
- [www-net.cs.umass.edu]
- [www.cs.utexas.edu]
- [www.cs.utexas.edu]
- [www.cs.utexas.edu]
- [www.cs.utexas.edu]
- [www.cs.utexas.edu]
- [www.cs.utexas.edu]
- [www.cs.columbia.edu]
- [www.cs.columbia.edu]
- [www1.cs.columbia.edu]
- [cs.baylor.edu]
- [utdallas.edu]
- [www.sigcomm.org]
- [www.utdallas.edu]
- [www.acm.org]
- [www.utdallas.edu]
- [www.acm.org]
- [nms.lcs.mit.edu]
- [nsl.cs.columbia.edu]
- [www1.cs.columbia.edu]
- [conferences.sigcomm.org]
- [www.cs.columbia.edu]
- [www.utdallas.edu]
- [bourbon.usc.edu]
- [dna-pubs.cs.columbia.edu]
- [academiccommons.columbia.edu]
- [cs.ecs.baylor.edu]
- [dna-pubs.cs.columbia.edu]
- [www.cs.columbia.edu]
- [cs.ecs.baylor.edu]
- [www1.cs.columbia.edu]
- [www1.cs.columbia.edu]
- [www-csag.ucsd.edu]
- [www.ee.columbia.edu]
- [www.csd.uoc.gr]
- DBLP
Other Repositories/Bibliography
| Venue: | In Proceedings of ACM SIGCOMM |
| Citations: | 251 - 15 self |
BibTeX
@INPROCEEDINGS{Keromytis02sos:secure,
author = {Angelos D. Keromytis and Vishal Misra and Dan Rubenstein},
title = {SOS: Secure overlay services},
booktitle = {In Proceedings of ACM SIGCOMM},
year = {2002},
pages = {61--72}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
angelos,misra,danrĀ„ Denial of service (DoS) attacks continue to threaten the reliability of networking systems. Previous approaches for protecting networks from DoS attacks are reactive in that they wait for an attack to be launched before taking appropriate measures to protect the network. This leaves the door open for other attacks that use more sophisticated methods to mask their traffic. We propose an architecture called Secure Overlay Services (SOS) that proactively prevents DoS attacks, geared toward supporting Emergency Services or similar types of communication. The architecture is constructed using a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by (i) performing intensive filtering near protected network edges, pushing the attack point perimeter into the core of the network, where high-speed routers can handle the volume of attack traffic, and (ii) introducing randomness and anonymity into the architecture, making it difficult for an attacker to target nodes along the path to a specific SOS-protected destination. Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOSprotected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels.
Keyphrases
secure overlay service do attack successful attack attack point perimeter intensive filtering network edge attack traffic danr denial specific sos-protected destination sophisticated method sosprotected network minuscule level appropriate measure previous approach similar type secure overlay tunneling high-speed router simple analytical model consistent hashing emergency service
