Denial of service attacks and defenses in decentralized trust management

International Journal of Information Security

Volumn 8, Issue 2, 2009, Pages 89-101

  Li, Jiangtao ^a   Li, Ninghui ^b   Wang, XiaoFeng ^c   Yu, Ting ^d  

^a INTEL CORPORATION   (United States)

^b Purdue University   (United States)

^c INDIANA UNIVERSITY   (United States)

^d North Carolina State University   (United States)

Author keywords

Access control; Denial of service; Game theory; Trust management; Trust negotiation

Indexed keywords

AD HOC NETWORKS; AUTHENTICATION; COMPUTER CRIME; GAME THEORY; QUERY LANGUAGES; SECURITY OF DATA; SECURITY SYSTEMS; SERVERS; TRANSMISSION CONTROL PROTOCOL;

ANALYTIC TOOLS; APPLICATION-LEVEL PROTOCOLS; AUTHENTICATION PROTOCOLS; COMPUTING RESOURCES; DECENTRALIZED SYSTEMS; DEFENSE TECHNIQUES; DENIAL OF SERVICE; DENIAL-OF-SERVICE ATTACKS; DIGITAL SIGNATURES; DOS ATTACKS; EMPIRICAL STUDIES; LOW BANDWIDTHS; SERVER RESOURCES; TRUST MANAGEMENT; TRUST MANAGEMENT SYSTEMS; TRUST NEGOTIATION;

MANAGEMENT;

EID: 60849112554     PISSN: 16155262     EISSN: 16155270     Source Type: Journal    
DOI: 10.1007/s10207-008-0068-8     Document Type: Article

References (30)

1. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote Trust-Management System, Version 2. IETF RFC 2704 (1999). www.ietf.org/ rfc/rfc2704.txt
2. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 164-173. IEEE Computer Society Press, Washington, DC (1996). www.crypto.com/papers/policymaker.pdf
3. Clarke D., Elien J.E., Ellison C., Fredette M., Morcos A., Rivest R.L.: Certificate chain discovery in SPKI/SDSI. J. Comput. Secur. 9(4), 285-322 (2001)
4. DeTreville, J.: Binder, a logic-based security language. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 105-113. IEEE Computer Society Press, Washington, DC (2002)
5. Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI certificate theory. IETF RFC 2693 (1999)
6. Gunter C.A., Jim T.: Policy-directed certificate retrieval. Softw. Pract. Exp. 30(15), 1609-1640 (2000)
7. Jim, T.: SD3: A trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 106-115. IEEE Computer Society Press, Washington, DC (2001)
8. Li N., Grosof B.N., Feigenbaum J.: Delegation Logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6(1), 128-171 (2003)
9. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114-130. IEEE Computer Society Press, Washington, DC (2002)
10. Li N., Winsborough W.H., Mitchell J.C.: Distributed credential chain discovery in trust management. J. Comput. Secur. 11(1), 35-86 (2003)
11. Rivest, R.L., Lampson, B.: SDSI - A Simple Distributed Security Infrastructure (1996). theory.lcs.mit.edu/∼rivest/sdsi11.html
12. Dean, D., Stubblefield, A.: Using client puzzles to protect tls. In: Proceedings of the 10th USENIX Security Symposium. USENIX (2001)
13. Server's benchmarks. www.sun.com/servers/coolthreads/t1000/benchmarks.jsp
14. Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition, vol. I, pp. 88-102. IEEE Press, New York (2000)
15. Winslett M., Yu T., Seamons K.E., Hess A., Jacobson J., Jarvis R., Smith B., Yu L.: Negotiating trust on the web. IEEE Internet Comput. 6(6), 30-37 (2002)
16. Yu T., Winslett M., Seamons K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6(1), 1-42 (2003)
17. Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.E.: Adaptive trust negotiation and access control. In: Proceedings of the tenth ACM symposium on Access control models and technologies (SACMT), pp. 139-146 (2005)
18. Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K.E., Smith, B.: Advanced client/server authentication in TLS. In: Network and Distributed System Security Symposium, pp. 203-214 (2002)
19. Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. USENIX Security (2003)
20. Meadows C.: A cost-based framework for analysis of denial of service networks. J. Comput. Secur. 9, 143-164 (2001)
21. Aura, T., Nikander, P., Leiwo, J.: Dos-resistant authentication with client puzzles. In: Proceedings of the Cambridge Security Protocols Workshop 2000. Lecture Notes in Computer Science, Springer, Heidelberg (2000)
22. Juels, A., Brainard, J.: Client puzzles: A cryptographic defense against connection depletion attacks. In: Proceedings of the 1999 Network and Distributed System Security Symposium (1999)
23. Wang, X., Reiter, M.: Defending against denial-of-service attacks with puzzle auction. In: IEEE Symposium on Security and Privacy (2003)
24. Wang, X., Reiter, M.: Mitigating bandwidth-exhaustion attacks using congestion puzzles. In: Proceedings of the 11th ACM conference on Computer and Communication Security (2004)
25. Keromytis, A.D.: The KeyNote trust-management system
26. Crypto benchmarks. www.eskimo.com/∼weidai/benchmarks.html
27. Gong, L., Syverson, P.: Fail-stop protocols: An approach to designing secure protocols. In: Proceedings of the 5th International Working Conference on Dependable Computing for Critical Applications (1995)
28. Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 2-14. IEEE Computer Society Press, Washington, DC (2000). www.hrl.il.ibm.com/TrustEstablishment/paper.pdf
29. Dierks, T., Allen, C.: The TLS Protocol Version 1.0 (1999). www.ietf.org/ rfc/rfc2246.txt
30. Fudenberg D., Tirole J.: Game Theory. MIT Press, Cambridge (1991)