|Ph.D Student||Badishi Gal|
|Subject||Defending Systems against Application-Level Denial of|
|Department||Department of Electrical Engineering||Supervisor||Professor Idit Keidar|
|Full Thesis text|
Many systems today operate over the Internet, which is a hostile environment where many attacks are common, e.g., penetration, forgery, and denial of service (DoS) attacks. Thus, security measures should be taken in order to ensure the survivability of a system even when facing failures or attacks. One of the most devastating attacks is an application-level DoS attack, which aims to deplete the resources of end hosts by abusing application traffic. Dealing with such an attack is a challenge that concerns both the industry and the academic community.
Our research begins by presenting Drum - a gossip-based application-level multicast protocol that is resistant to application-level DoS attacks. Drum ensures correct delivery of multicast messages to all nodes in a timely fashion, w.h.p., even when a large percentage of the nodes is under DoS attacks. Drum is analyzed, simulated, and implemented, and all results show its good traits.
Our research on Drum continues by allowing each node to locally adapt its behavior to the locally-perceived state of the system. We show that even though nodes adapt their behavior using local knowledge only, the total expected propagation time of messages in an attacked system is improved.
Having found a DoS solution for application-level multicast, we turn to protect other applications. We start by developing a simple and general building block - DoS-resistant two-party communication. We define a formal model of a realistic port-based rationing channel, and based on that model we develop a protocol, j-Hopper, that is resilient to DoS attacks. We prove the protocol's resilience by rigorously analyzing its success rate, i.e., the number of valid messages that are sent and are correctly received at the other end. We show that existing
protocols that validate communication using an unchanged secret payload are bound to eventually fail, while j-Hopper uses packet fields, e.g. ports, to store its random payload, and proactively hops between field values.
Finally, we use j-Hopper as one component of Beaver - a multi-party solution that allows a server to communicate with many clients, even in the face of application-level DoS attacks. We design a complete system to protect legacy servers from DoS attacks, with minimal alterations to the communicating parties. Our design provides mechanisms for registration, admission, and DoS-resistant communication between the parties involved. We show that the system is robust
even when DoS attacks and compromised clients are present.