Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno."— Presentation transcript:

1 MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno Jacobsen Department of Electrical and Computer Engineering Department of Computer Science University of Toronto

2 Current State of Denial of Service Prominent DoS news in 2007:  6 of 13 Root DNS servers attacked [ICANN2007]  DC++ P2P networks used in attacks [DCPP2007]  Estonian sites: government, bank, police [Yahoo2007]  Plenty more … DoS problems are not going away

3 Research Goals Stimulate discussion about DoS in CPS  Avoid repeating old DoS weaknesses (e.g., IPv6 source routing) Identify new DoS Concerns  Will DoS attacks in CPS systems be any different?  What are the prominent issues?  How can potential DoS attacks be classified?

4 Our Contributions Study impact of CPS features on DoS effects  Distributed event delivery  Content-based processing overhead  State maintenance Classify potential DoS attack characteristics Identify CPS concepts with DoS implications

5 Messaging Middleware SSP Publishers P Subscribers Enterprise Servers Embedded Devices Sensor Networks AB C Content-based Publish/Subscribe

6 DoS Taxonomy

7 Message Propagation Effects Multi-hop routing  Localization  Transmission

8 Propagation Localized Single-Hop Multi-Hop Global Non-matching message injection Malicious unsubscribe Edge broker access control Local clients Co-operative detection not helpful Effects may still be distributed Broker multicast Per-hop security schemes Client location Matching message injection Rendezvous routing Remote clients Transmitting DoS effects remotely Flooding Global client interest May span organizations

9 State Management Effects Assumptions on distribution message type Cumulative effects

10 Statefulness Stateless Stateful Soft-state Persistent Recovery through normal processing Unretained publication injections Connection attempts Effects continue due to state change Malicious unsubscriptions Subscription injections Publications retained for CEP Recovery through normal maintenance Expiry mechanisms Periodic optimizations Recovered state causes DoS DB-based Fault-tolerance Historic data Configuration corruptions Time Attack Effects Attack stops Time Attack Effects Attack stops Time Attack Effects Attack stops Periodic cleanup Time Effects Load from persistent storage

11 Content-based Processing Effects Low content complexity High content complexity

12 Content-based Processing Effects Performance variability highly dependent on workload complexity  Response times  System recovery

13 Content-dependence Independent Proportional Inversely proportional Severity of DoS effects are the same regardless of content complexity ID-based filter removal Higher complexity content produces more severe DoS effects Inducing matching load Lower complexity content produces more sever DoS effects Filter-based filter removal Content complexity Load # of Victims # of Targets Downtime

14 Techniques - Thrashing DoS from processing repeated state changes Subscription cover thrashing example:  Many non-covering subscriptions exist from other client(s)  Adversary issues covering subscription (triggers removal)  Adversary removes covering subscription (triggers restoration)  Repeat …

15 Techniques - Stockpiling Store malicious state for use in future attack(s) Can be low rate to avoid detection Subscription flood example:  Stockpile subscription state  Issue advertisement to attract subscriptions

16 Techniques - Traffic Amplification Malicious traffic of adversary multiplied Known to be a problem in traditional Internet  Smurf attack  Source routing  Reflection (connection retries) Fundamental to many CPS features?  Highly generic subscriptions and advertisements  Uncovering and Unmerging  Historic data

17 Filter versus ID State Removal

18 Related Work Mirkovic and Reiher [Mirkovic2004]  DDoS taxonomy in traditional Internet domain Srivatsa and Liu [Srivatsa2005]  Authentication to limit flooding-based DoS Wang et al. [Wang2002]  Discussed DoS briefly along with other security concerns

19 Conclusion CPS characteristics with DoS implications  Message propagation (remote attacks)  Content complexity (highly variable performance)  State maintenance (assumptions on message type distribution) Abusing features for DoS  Stockpiling  Traffic Amplification  Filter Removal (Thrashing, Victims)

20 References [ICANN2007]  http://icann.org/announcements/factsheet-dns-attack-08mar07_v1.1.pdf [DCPP2007]  http://dcpp.wordpress.com/2007/05/22/denying-distributed-attacks/ [Yahoo2007]  http://fe48.news.sp1.yahoo.com/s/infoworld/20070517/tc_infoworld/886 10 [Mirkovic2004]  A Taxonomy of DDoS Attack and DDoS Defense Mechanisms, ACM SIGCOMM [Srivatsa2005]  Securing Publish-Subscribe Overlay Services with EventGuard, ACM Conference on Computer and Communications Security [Wang2002]  Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems, Hawaii International Conference on System Sciences

21 MIDDLEWARE SYSTEMS RESEARCH GROUP Extra Slides

22 Messaging Middleware PublishersSubscribers Enterprise Servers Embedded Devices Sensor Networks xxxxx Distributed broker federations Subscription state management Content-based processing

23 SSP Publishers P Subscribers Content-based Publish/Subscribe

Download ppt "MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno."

Similar presentations

An Adaptable Inter-Domain Infrastructure Against DoS Attacks Georgios Koutepas National Technical University of Athens, Greece SSGRR 2003w January 10,

An Adaptable Inter-Domain Infrastructure Against DoS Attacks Georgios Koutepas National Technical University of Athens, Greece SSGRR 2003w January 10,
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Efficient Event-based Resource Discovery Wei Yan*, Songlin Hu*, Vinod Muthusamy +, Hans-Arno Jacobsen +, Li Zha* * Chinese Academy of Sciences, Beijing.

Efficient Event-based Resource Discovery Wei Yan*, Songlin Hu*, Vinod Muthusamy +, Hans-Arno Jacobsen +, Li Zha* * Chinese Academy of Sciences, Beijing.
Alex Cheung and Hans-Arno Jacobsen August, 14 th 2009 MIDDLEWARE SYSTEMS RESEARCH GROUP.

Alex Cheung and Hans-Arno Jacobsen August, 14 th 2009 MIDDLEWARE SYSTEMS RESEARCH GROUP.
Some Open Problems in Publish/Subscribe Networking David S. Rosenblum Chief Technology Officer PreCache Inc.

Some Open Problems in Publish/Subscribe Networking David S. Rosenblum Chief Technology Officer PreCache Inc.
Management of Uncertainty in Publish/Subscribe Systems Haifeng Liu Department of Computer Sceince University of Toronto.

Management of Uncertainty in Publish/Subscribe Systems Haifeng Liu Department of Computer Sceince University of Toronto.
Denial of Service in Sensor Networks Szymon Olesiak.

Denial of Service in Sensor Networks Szymon Olesiak.
1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.

1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.
Ludger Fiege, TU Darmstadt, Germany Slide 1 A Modular Approach to Build Structured Event-based Systems Ludger Fiege Dep. of Computer Science.

Ludger Fiege, TU Darmstadt, Germany Slide 1 A Modular Approach to Build Structured Event-based Systems Ludger Fiege Dep. of Computer Science.
Design and Operational Characteristics of a Distributed Cooperative Infrastructure against DDoS Attacks Georgios Koutepas, Fotis Stamatelopoulos, Vasilios.

Design and Operational Characteristics of a Distributed Cooperative Infrastructure against DDoS Attacks Georgios Koutepas, Fotis Stamatelopoulos, Vasilios.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Herald: Achieving a Global Event Notification Service Luis Felipe Cabrera, Michael B. Jones, Marvin Theimer Microsoft Research.

1 Herald: Achieving a Global Event Notification Service Luis Felipe Cabrera, Michael B. Jones, Marvin Theimer Microsoft Research.
Transactional Mobility in Distributed Content-Based Publish/Subscribe Systems Songlin Hu*, Vinod Muthusamy +, Guoli Li +, Hans-Arno Jacobsen + * Chinese.

Transactional Mobility in Distributed Content-Based Publish/Subscribe Systems Songlin Hu*, Vinod Muthusamy +, Guoli Li +, Hans-Arno Jacobsen + * Chinese.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
©NEC Laboratories America 1 Hui Zhang Samrat Ganguly Sudeept Bhatnagar Rauf Izmailov NEC Labs America Abhishek Sharma University of Southern California.

©NEC Laboratories America 1 Hui Zhang Samrat Ganguly Sudeept Bhatnagar Rauf Izmailov NEC Labs America Abhishek Sharma University of Southern California.
Criticisms of I3 Jack Lange. General Issues ► Design ► Performance ► Practicality.

Criticisms of I3 Jack Lange. General Issues ► Design ► Performance ► Practicality.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Quantitative Characterization of Denial of Service Attacks: A Case Study of Location Services Adam Bargteil David Bindel Yan Chen.

Quantitative Characterization of Denial of Service Attacks: A Case Study of Location Services Adam Bargteil David Bindel Yan Chen.

Similar presentations

Ads by Google