Game-based analysis of denial-of-service prevention protocols

Proceedings of the Computer Security Foundations Workshop

Volumn , Issue , 2005, Pages 287-301

  Mahimkar, Ajay ^a   Shmatikov, Vitaly ^b  

^a The University of Texas at Austin   (United States)

^b University of Texas at Austin   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ALTERNATING TRANSITION SYSTEM; DENIAL OF SERVICE (DOS) ATTACKS; GAME-BASED ANALYSIS; TEMPORAL LOGIC;

BANDWIDTH; COMPUTER CRIME; COMPUTER PROGRAMMING LANGUAGES; DATA PRIVACY; DISTRIBUTED COMPUTER SYSTEMS; FORMAL LOGIC; GAME THEORY; INFORMATION SCIENCE; INFORMATION SERVICES; NETWORK PROTOCOLS; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 28144444844     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSFW.2005.18     Document Type: Conference Paper

References (47)

1. M. Abadi, B. Blanchet, and C. Fournet. Just Fast Keying in the Pi calculus. In Proc. ESOP '04, pages 340-354, 2004.
2. M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately hard, memory-bound functions. In Proc. NDSS '03, pages 25-39, 2003.
3. W. Aiello, S. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. Keromytis, and O. Reingold. Just Fast Keying: key agreement in a hostile Internet. ACM Trans. Information and Systems Security, 7(2):242-273, 2004.
4. R. Alur, T. Henzinger, and O. Kupferman. Alternating-time temporal logic. J. ACM, 49(5):672-713, 2002.
5. R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: modularity in model checking. In Proc. CAV '98, pages 512-525, 1998.
6. D. Andersen. Mayday: distributed filtering for Internet services. In Proc. USENIX Internet Technologies and Systems '03, 2003.
7. T. Aura, P. Nikander, and J. Leiwo. DoS-resistant authentication with client puzzles. In Proc. 8th Security Protocols Workshop, pages 170-178, 2000.
8. B. Bloom. Space/time trade-offs in hash coding with allowable errors. CACM, 13(7):422-426, 1970.
9. R. Chadha, S. Kremer, and A. Scedrov. Formal analysis of multi-party contract signing. In Proc. CSFW '04, pages 266-219, 2004.
10. A. Datta, J. Mitchell, and D. Pavlovic. Derivation of the JFK protocol. Kestrel Institute Technical Report KES.U.02.03, July 2002.
11. D. Dean and A. Stubblefield. Using client puzzles to protect TLS. In Proc. USENIX Security '01, pages 1-8, 2001.
12. W. Feng. The case for TCP/IP puzzles. In Proc. SIGCOMM Workshop on Future Directions in Network Architecture, pages 322-327, 2003.
13. W. Feng, E. Kaiser, W. Feng, and A. Luu. The design and implementation of network puzzles. In Proc. INFOCOM '05, 2005.
14. V. Gligor. Guaranteeing access in spite of service-flooding attacks. In Proc. Security Protocols Workshop, 2003.
15. L. Gong and P. Syverson. Fail-stop protocols: an approach to designing secure protocols. In Proc. DCCA '95, pages 44-55, 1995.
16. C. Gunter, S. Khanna, K. Tan, and S. Venkatesh. DoS protection for reliably authenticated broadcast. In Proc. NDSS '04, 2004.
17. T. Henzinger, R. Majumdar, F. Mang, and J.-F. Raskin. Abstract interpretation of game properties. In Proc. SAS '00, pages 220-239, 2000.
18. A. Hussain, J. Heidemann, and C. Papadopoulos. A framework for classifying denial of service attacks. In Proc. SIGCOMM '03, pages 99-110, 2003.
19. J. Ioannidis and S. Bellovin. Pushback: router-based defense against DDos attacks. In Proc. NDSS '02, pages 79-86, 2002.
20. A. Juels and J. Brainard. Client puzzles: a cryptographic defense against connection depletion. In Proc. NDSS '99, pages 151-165, 1999.
21. S. Kandula, D. Katabi, M. Jacob, and A. Berger. Botz-4-Sale: Surviving organized DDoS attacks that mimic flash crowds. In Proc. NSDI, 2005.
22. A. Keromytis, V. Misra, and D. Rubenstein. SOS: Secure overlay services. In Proc. SIGCOMM '02, pages 61-72, 2002.
23. S. Kremer and J.-F. Raskin. Game analysis of abuse-free contract signing. In Proc. CSFW '02, pages 206-220, 2002.
24. S. Kremer and J.-F. Raskin. A game-based verification of non-repudiation and fair exchange protocols. J. Computer Security, 11(3):399-430, 2003.
25. S. Lafrance and J. Mullins. Using admissible interference to detect denial of service vulnerabilities. In Proc. IWFM '03, 2003.
26. J. Leiwo, T. Auro, and P. Nikander. Towards network denial of service resistant protocols. In Proc. SEC '00, pages 301-310, 2000.
27. P. Liu and W. Zang. Incentive-based modeling and inference of attacker intent. In Proc. CCS '03, pages 179-189, 2003.
28. R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker. Controlling high bandwidth aggregates in the network. ACM CCR, 32(3):62-73, 2002.
29. C. Meadows. A cost-based framework for analysis of denial of service in networks. J. Computer Security, 9(1/2): 143-164, 2001.
30. J. Mirkovic, G. Prier, and P. Reiher. Attacking DDoS at the source. In Proc. ICNP '02, pages 312-321, 2002.
31. D. Moore, C. Shannon, and J. Brown. Code-Red: a case study on the spread and victims of an Internet worm. In Proc. 2nd Internet Measurement Workshop, pages 273-284, 2002.
32. D. Moore, G. Voelker, and S. Savage. Inferring Internet denial-of-service activity. In Proc. USENIX Security '01, pages 9-22, 2001.
33. W. Morein, A. Stavrou, C. Cook, A. Keromytis, V. Misra, and R. Rubenstein. Using graphic Turing tests to counter automated DDoS attacks against web servers. In Proc. CCS '03, pages 8-19, 2003.
34. K. Park and H. Lee. On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. In Proc. SIGCOMM '01, pages 15-26, 2001.
35. V. Paxson. An analysis of using reflectors for distributed denial-of-service attacks. ACM CCR, 31(3):38-47, 2001.
36. V. Ramachandran. Analyzing DoS-resistance of protocols using a cost-based framework. Yale Technical Report YALEU/DCS/TR-1239, July 2002.
37. S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Practical network support for IP traceback. In Proc. SIGCOMM '00, pages 295-306, 2000.
38. A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, S. Kent, and W. Strayer. Hash-based IP traceback. In Proc. SIGCOMM '01, pages 3-14, 2001.
39. D. Song and A. Perrig. Advanced and authenticated marking schemes for IP traceback. In Proc. INFOCOM '01, pages 878-886, 2001.
40. S. Staniford, V. Paxson, and N. Weaver. How to own the Internet in your spare time. In Proc. USENIX Security '02, pages 149-167, 2002.
41. L. von Ahn, M. Blum, N. Hopper, and J. Langford. CAPTCHA: Using hard AI problems for security. In Proc. EUROCRYPT '03, pages 294-311, 2003.
42. H. Wang, D. Zhang, and K. Shin. Detecting SYN flooding attacks. In Proc. INFOCOM '02, pages 1530-1539, 2002.
43. X. Wang and M. Reiter. Defending against denial-of-service attacks with puzzle auctions. In Proc. IEEE Security and Privacy '03, pages 78-92, 2003.
44. B. Waters, A. Juels, J. Halderman, and E. Felten. New client puzzle outsourcing techniques for DoS resistance. In Proc. CCS '04, pages 246-256, 2004.
45. J. Xu and W. Lee. Sustaining availability of Web services under distributed denial of service attacks. IEEE Trans. Computers, 52(2): 195-208, 2003.
46. A. Yaar, A. Perrig, and D. Song. Pi: A path identification mechanism to defend against DDos attacks. In Proc. IEEE Security and Privacy '03, pages 93-109, 2003.
47. A. Yaar, D. Song, and A. Perrig. SIFF: A stateless Internet flow filter to mitigate DDos flooding attacks. In Proc. IEEE Security and Privacy '04, pages 130-146, 2004.