Quantifying Network Denial of Service: A Location Service Case Study

  • Yan Chen
  • Adam Bargteil
  • David Bindel
  • Randy H. Katz
  • John Kubiatowicz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2229)

Abstract

Network Denial of Service (DoS) attacks are increasing in frequency, severity and sophistication, making it desirable to measure the resilience of systems to DoS attacks. In this paper, we propose a simulation-based methodology and apply it to attacks on object location services such as DNS. Our results allow us to contrast the DoS resilience of three distinct architectures for object location.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    V. Almeida, et al. Characterizing reference locality in the WWW. In Proceeding of the IEEE Conf. on Parallel and Distributed Information Systems, 1996.Google Scholar
  2. 2.
    J. Bayuk, Measuring Security, First workshop on information-security-system rating and ranking, 2001Google Scholar
  3. 3.
    Lee Breslau, et al. Advances in network simulation. IEEE Computer, 33(5):59–67, May 2000.Google Scholar
  4. 4.
    A. Brown and D. Patterson, Towards availability benchmarks: A case study of software RAID systems. In Proceedings of the 2000 USENIX Conference.Google Scholar
  5. 5.
    Y. Chen, A. Bargteil, R. Katz, and J. Kubiatowicz. Quantifying Network Denial of Service: A Location Service Case Study UCB Tech. Report UCB/CSD-01-1150Google Scholar
  6. 8.
    S. Czerwinski, B. Zhao, T. Hodes, A. Joseph, and R. Katz. An architecture for a secure service discovery service. In Proceedings of ACM MOBICOM, August 1999.Google Scholar
  7. 9.
    M. Delio New breed of attack zombies lurk, May 2001. http://www.wired.com/news/technology/0,1282,43697,00.html.
  8. 10.
    S. Dietrich, et al. Anaylzing distributed denial of service tools: the Shaft case. In Proceedings of the 14th Systems Administration Conference, 2000Google Scholar
  9. 11.
    V. Gligor. A note on the DoS problem. In Proceedings of the 1983 Symposium on Security and Privacy, 1983.Google Scholar
  10. 12.
    E. Guttman, C. Perkins, J. Veizades, and M. Day. Service Location Protocol, Version 2. IETF Internet Draft, November 1998. RFC 2165.Google Scholar
  11. 13.
    J. Howard. An Analysis of Security Incidents on the Internet. PhD thesis, Carnegie Mellon University, Aug. 1998.Google Scholar
  12. 14.
    T. Howes. The Lightweight Directory Access Protocol: X.500 Lite. Technical Report 95-8, Center for Information Technology Integration, U. Mich., July 1995.Google Scholar
  13. 15.
    Computer Security Institute and Federal Bureau of Investigation. CSI/FBI computer crime and security survey. In Computer Security Institute publication, 2000.Google Scholar
  14. 16.
    J. Jannotti, et al. Overcast: Reliable multicasting with an overlay network. In 4th Symposium on Operating Systems Design & Implementation, Oct. 2000.Google Scholar
  15. 17.
    C. Meadows. A formal framework and evaluation method for network denial of service. In Proc. of the IEEE Computer Security Foundations Workshop, 1999.Google Scholar
  16. 18.
    J. Millen. DoS: A perspective. In Dependable Computing for Critical Applications4, 1995.Google Scholar
  17. 19.
    G. Plaxton, et al. Accessing nearby copies of replicated objects in a distributed environment. In Proceedings of SCP Symposium on Parallel Alg. and Arch., 1997.Google Scholar
  18. 20.
    M. Rabinovich, et al. A dynamic object replication and migration protocol for an internet hosting service. In Proceedings of IEEE ICDCS, 1999.Google Scholar
  19. 21.
    S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Schenker. A scalable content-addressable network. to appear in Proceeding of ACM SIGCOMM, 2001.Google Scholar
  20. 22.
    C. Schuba, I. Krsul, M. Kuhn, and et. al. Analysis of a DoS attack on TCP. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, May 1997.Google Scholar
  21. 23.
    O. Spatscheck and L. Peterson. Defending against DoS attacks in Scout. In Proceedings of SOSP, 1999.Google Scholar
  22. 24.
    I. Stoica, et al. Chord: A scalable peer-to-peer lookup service for Internet applications. to appear in Proceedings of ACM SIGCOMM, 2001.Google Scholar
  23. 25.
    C. Yu and V. Gligor. Specification and verification method for preventing denial of service. IEEE Transactions on Software Engineering, 16(6), June 1990.Google Scholar
  24. 26.
    E. Zegura, K. Calvert, and S. Bhattacharjee. How to model an internetwork. In Proceedings of IEEE Infocom, 1996.Google Scholar
  25. 27.
    B. Zhao, J. Kubiatowicz, and A. Joseph. Tapestry: An infrastructure for faulttolerant wide-area location and routing. UCB Tech. Report UCB/CSD-01-1141.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Yan Chen
    • 1
  • Adam Bargteil
    • 1
  • David Bindel
    • 1
  • Randy H. Katz
    • 1
  • John Kubiatowicz
    • 1
  1. 1.Computer Science DivisionUniversity of CaliforniaBerkeley

Personalised recommendations