Presentation is loading. Please wait.

Presentation is loading. Please wait.

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007.

Similar presentations


Presentation on theme: "The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007."— Presentation transcript:

1 The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June

2 Root cause of unwanted traffic Any host can send to any destination without obtaining permissions

3 Network capabilities: ask-before-send [Anderson03], TVA, SIFF 1. Source requests permission to send. 2. Destination authorizes source for a limited transfer, e.g, 32KB in 10 secs A capability is the proof of a destinations authorization. 3. Source places capabilities on packets and sends them. 4. Network filters packets based on capabilities. cap

4 But attackers can flood request packets ! Request packets do not carry capabilities

5 Protecting request channel is different Request packets can be rate limited Protect established connections cap

6 Protecting request channel is different Fair resource allocation to prevent attackers from overwhelming legitimate requests Fair queuing, puzzles [ Parno07]

7 Protecting request channel is different Reliable filters close to attack sources Cryptographic secure identifiers

8 The role of capabilities Allow comprehensive DoS protection mechanisms to be deployed on a slow channel Enable traffic authorization Protect existing connections during attack cap


Download ppt "The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007."

Similar presentations


Ads by Google