《国外优秀计算机类博士答辩ppt-thesis_akuzma》由会员分享,可在线阅读,更多相关《国外优秀计算机类博士答辩ppt-thesis_akuzma(44页珍藏版)》请在金锄头文库上搜索。
1、Ph.D. Thesis PresentationAleksandar Kuzmanovic,Edge-based Inference, Control, and DoS Resilience for the Internet,The Internet,1969,The system of astonishing scale and complexity,2004,Internet Design Principles,Network as a black-box,End-to-end argument Clark84The core is simpleIntelligence at the e
2、ndpoints,ImplicationsEasy to upgrade the networkEasy to incrementally deploy new services,Why End-Point Approach Today?,Scalability e2e scalabilityDeployabilityIP and network core are not extensible and are slowly evolving:IPv6 (10 years)IP Multicast (domain dependent),Goal: Improve network performa
3、nce right here right now!,Network Performance,Internet trafficHTTP (web browsing)FTP (file transfer)Fact: 95% of the traffic today is TCP-basedPerformanceQoS differentiationNet win for both HTTP and FTP flowsEnd-point-based two-level differentiation schemeDenial of ServiceDoS attacks can demolish ne
4、twork performance Prevent DoS attacks via a robust end-point protocol design,End-Point Service Differentiation,TCP-Low PriorityUtilizes only the excess network bandwidth Key mechanismEarly congestion indications: one-way packet delayPerformanceCan improve the HTTP file transfers for more than 90% wh
5、en FTP flows use TCP-LPDeployabilityno changes in the network coresender side modification of TCPHigh-speed version developed in cooperation with SLACtested over Gb/s networks in UShttp:/www.ece.rice.edu/networks/TCP-LP,Denial of Service,A malicious way to consume resources in a network, a server cl
6、uster or in an end host, thereby denying service to other legitimate usersExampleWell-known TCPs vulnerability to high-rate non-responsive flows,Design Principles - Revisited,Design PrinciplesIntelligence at the endpointsThe core is simpleTrust and cooperation among the endpoints,ImplicationsEasy to
7、 incrementally implement new services,.Easy to upgrade the network,.Large-scale system,Implement more intelligence at routers?Scalability issueDetect misbehaving flows in routers is a hard problemNeedle in a haystack,Design Principles - Revisited,Design PrinciplesIntelligence at the endpointsThe cor
8、e is simpleTrust and cooperation among the endpoints,ImplicationsMalicious clients may misuse the intelligence,.Easy to upgrade the network,.Large-scale system,Implement more intelligence at routers?Scalability issueDetect misbehaving flows in routers is a hard problemNeedle in a haystack,Design Pri
9、nciples - Revisited,Design PrinciplesIntelligence at the endpointsThe core is simpleTrust and cooperation among the endpoints,.Hard to detect endpoint misbehavior,.Large-scale system,Malicious clients may misuse the intelligence,Implications,Implement more intelligence at routers?Scalability issueDe
10、tect misbehaving flows in routers is a hard problemNeedle in a haystack,Design Principles - Revisited,Design PrinciplesIntelligence at the endpoints The core is simpleTrust and cooperation among the endpoints,.Hard to detect endpoint misbehavior,.Large-scale system,Malicious clients may misuse the i
11、ntelligence,Implications,Implement more intelligence at routers?Scalability issueDetect misbehaving flows in routers is a hard problemNeedle in a haystack,End-Point Protocol Design,Performance vs. SecurityEnd-point protocols are designed to maximize performance, but ignore security95% of the Interne
12、t traffic is TCP trafficCan have catastrophic consequencesDoS-resilient protocol designJointly optimize performance and securityOutperforms the core-based solutions,Remaining Outline,End-point protocol vulnerabilitiesLow-rate TCP-targeted DoS attacksReceiver-based TCP stacks with a misbehaving recei
13、verLimitations of network-based solutionsDoS-resilient end-point protocol design,Low-Rate Attacks,TCP is vulnerable to low-rate DoS attacks,TCP: a Dual Time-Scale Perspective,Two time-scales fundamentally requiredRTT time-scales (10-100 ms)AIMD controlRTO time-scales (RTO=SRTT+4*RTTVAR)Avoid congest
14、ion collapseLower-bounding the RTO parameter:AllPax99: minRTO = 1 secto avoid spurious retransmissionsRFC2988 recommends minRTO = 1 sec,The Low-Rate Attack,The Low-Rate Attack,At a random initial timeA short burst (RTT) sufficient to create outageOutage event of correlated packet losses that forces
15、TCP to enter RTO mechanismThe impact of outage is distributed to all TCP flows,The Low-Rate Attack,The outage synchronizes all TCP flowsAll flows react simultaneously and identically backoff for minRTOThe attacker stops transmitting to elude detection,The Low-Rate Attack,Once the TCP flows try to re
16、cover hit them againExploit protocol determinism,The Low-Rate Attack,And keep repeatingRTT-time-scale outages inter-spaced on minRTO periods can deny service to TCP traffic,Low-Rate Attacks,TCP is vulnerable to low-rate DoS attacks,Vulnerability of Receiver-Based TCP to Misbehaviors,Sender-based TCPControl functions given to the sender,
