Sanctuary Trail: Refuge from Internet DDoS Entrapment (CMU-CyLab-12-013)
نویسندگان
چکیده
We propose STRIDE, a new Internet architecture that provides strong DDoS defense mechanisms for both public services and private end-to-end communication. This new architecture presents several novel concepts including long-term static paths, bandwidth allocation through a top-down topology discovery protocol, dynamic bandwidth allocation via network capabilities, and differentiated packet prioritization. In concert, these mechanisms provide 1) a strong staticclass bandwidth guarantee, 2) strongly guaranteed capability establishment for private end-to-end communication, and a linear waiting time guarantee in the number of malicious source domains for capability establishment for public services, and 3) globally fair bandwidth allocation for capability-protected flows. STRIDE addresses the denial-of-capability problem and defends against a Coremelt attack by preventing a botnet from crowding out other flows on bottleneck network links. We demonstrate these properties through formal analysis and simulation.
منابع مشابه
Sanctuary Trail: Refuge from Internet DDoS Entrapment
We propose STRIDE, a new Internet architecture that provides strong DDoS defense mechanisms for both public services and private end-to-end communication. This new architecture presents several novel concepts including long-term static paths, bandwidth allocation through a top-down topology discovery protocol, dynamic bandwidth allocation via network capabilities, and differentiated packet prio...
متن کاملAccess Control for Home Data Sharing: Attitudes, Needs and Practices (CMU-CyLab-09-013, CMU-PDL-09-110)
As digital content becomes more prevalent in the home, nontechnical users are increasingly interested in sharing that content with others and accessing it from multiple devices. Not much is known about how these users think about controlling access to this data. To better understand this, we conducted semi-structured, in-situ interviews with 33 users in 15 households. We found that users create...
متن کاملThe Politics of Refuge: Sanctuary Cities, Crime, and Undocumented Immigration
This paper assesses the claim that sanctuary cities – defined as cities that expressly forbid city officials or police departments from inquiring into immigration status – are associated with post-hoc increases in crime. We employ a causal inference matching strategy to compare similarly situated cities where key variables are the same across the cities except the sanctuary status of the city. ...
متن کاملWho, when, where: Obfuscation preferences in location-sharing applications (CMU-CyLab-11-013)
This paper presents a study of obfuscation practices in location-sharing systems. The study shows that users have relatively complex preferences that depend on the recipient of the location, the time of the request and location. The preferences also require multiple levels of obfuscation (ranging from disclosing no location information to disclosing the exact location) to accurately capture. Fo...
متن کامل