The role of network capabilities Xiaowei Yang xwy@uci.edu UC Irvine NSF FIND PI meeting, June 28...

Preview:

Click to see full reader

Citation preview

The role of network capabilities

Xiaowei Yangxwy@uci.edu

UC Irvine

NSF FIND PI meeting, June 28 2007

Root cause of unwanted traffic

Any host can send to any destination without obtaining permissions

Network capabilities: ask-before-send

• [Anderson03], TVA, SIFF1. Source requests permission to send. 2. Destination authorizes source for a limited transfer,

e.g, 32KB in 10 secs• A capability is the proof of a destination’s

authorization.3. Source places capabilities on packets and sends

them.4. Network filters packets based on capabilities.

cap

But attackers can flood request packets !

Request packets do not carry capabilities

Protecting request channel is different

Request packets can be rate limited Protect established connections

cap capcap

Protecting request channel is different

Fair resource allocation to prevent attackers from overwhelming legitimate requests

Fair queuing, puzzles [Parno07]

Protecting request channel is different

Reliable filters close to attack sources Cryptographic secure identifiers

The role of capabilities

Allow comprehensive DoS protection mechanisms to be deployed on a slow channel

Enable traffic authorization

Protect existing connections during attack

cap

Recommended

Xiaowei Wang Work Samples
Documents
Ragan Lab Self-Organization of Nanosystems rragan@uci.edu rragan@uci.edu Ragan Lab Self-Organization
Documents
CS 356: Computer Network Architectures Lecture 10: IP … · 2018-02-15 · CS 356: Computer Network Architectures Lecture 10: IP Fragmentation, ARP, and ICMP Xiaowei Yang xwy@cs.duke.edu
Documents
Discovery of a New Galactic Center Excess Consistent with … · bCenter for Neutrino Physics, Department of Physics, Virginia Tech, Blacksburg, Virginia 24061, USA E-mail:kevork@uci.edu,ncanac@uci.edu,horiuchi@vt.edu,mkapling@uci.edu,
Documents
Creating intellectually stimulating environments in large classes 1/21/12 Diane O’Dowd UCI, dkodowd@uci.edu @uci.edu
Documents
To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets Xin Liu Xiaowei Yang Yanbin Lu UC Irvine {xinl,xwy,yanbinl}@uci.edu
Documents
Wang Lab Nanostructured Biomaterials wangsw@uci.edu Wang Lab Nanostructured Biomaterials wangsw@uci.edu
Documents
CS 356: Introduction to Computer Networks Lecture 6: Multi-access links Xiaowei Yang xwy@cs.duke.edu
Documents
Xiaowei Jiang - Global Semiconductor Alliance
Documents
CS 356: Computer Network Architectures Lecture 17: Network Resource Allocation Chapter 6.1-6.4 Xiaowei Yang xwy@cs.duke.edu
Documents
CompSci 356: Computer Network Architectures Lecture 23: Application Layer Protocols Chapter 9.1 Xiaowei Yang xwy@cs.duke.edu
Documents
CS 356: Introduction to Computer Networks Lecture 16: Transmission Control Protocol (TCP) Xiaowei Yang xwy@cs.duke.edu
Documents
Dimensional Synthesis of RPC Serial Robots Alba Perez (maperez@uci.edu), J.M. McCarthy (jmmccart@uci.edu)maperez@uci.edujmmccart@uci.edu Robotics and Automation
Documents
CS 356: Computer Network Architectures Lecture 12: Dynamic routing protocols: Link State Chapter 3.3.3 Xiaowei Yang xwy@cs.duke.edu
Documents
Research Article Shaoqiang Meng, Xiaowei Ouyang*, Jiyang
Documents
Xiaowei Yang xwy@cs.duke
Documents
Long-TUC-seq is a robust method for quantification of ... · 5/1/2020  · Sorena Rahmanian: sorenar@uci.edu Gabriela Balderrama-Gutierrez: gbalderr@uci.edu Dana Wyman: dwyman@uci.edu
Documents
CompSci514: Computer Networks Lecture 04: Evolution of the ... · Lecture 04: Evolution of the Internet Xiaowei Yang xwy@cs.duke.edu. Review of the End-to-End Arguments §Extremely
Documents
CompSci 356: Computer Network Architectures Lecture 21: Content Distribution Chapter 9.4 Xiaowei Yang xwy@cs.duke.edu
Documents
Read Lab Dynamics of Complex Biochemical Systems elread@uci.edu elread@uci.edu Read Lab Dynamics of Complex Biochemical Systems elread@uci.edu elread@uci.edu
Documents