Xiaowei Yang
University of California, Irvine
hosted by John Wroclawski
Xiaowei Yang
University of California, Irvine
hosted by John Wroclawski
Tue, Aug 16
2:00PM PDT
8th floor multipurpose conference room (849)
A DOS-Limiting Network Architecture
We present the design and evaluation of TVA, a network architecture that limits the impact of Denial of Service (DoS) floods from the outset. Our research builds on earlier work on capabilities, in which senders obtain short-term authorizations from receivers that they stamp on their packets. We address the full range of possible attacks against communication between pairs of hosts, including spoofed packet floods, network and host bottlenecks, and router state exhaustion. We use simulation to show that attack traffic can only degrade legitimate traffic to a limited extent, significantly outperforming previously proposed DoS solutions. We use a modified Linux kernel implementation to argue that our design can run on gigabit links using only inexpensive off-the-shelf hardware. Our design is also suitable for transition into practice, providing incremental benefit for incremental deployment.
This is an early version of a talk to be presented at the Sigcomm 2005 Conference. The author welcomes feedback and comments from the audience to shape the Sigcomm version of the talk.
Bio:
Xiaowei Yang is an assistant professor in the Department of Computer Science at the University of California at Irvine. She received a PhD and an MS in Computer Science from Massachusetts Institute of Technology, and a BS in Electronic Engineering from Tsinghua University, Beijing, China. Her research interests are in the area of networked and distributed systems, with an emphasis on protocol and architecture design, performance analysis, modeling, and measurement.