| Autor: |
Hsu-Chun Hsiao, Kim, Tiffany, Sangjae Yoo, Zhang, Xin, Lee, Soo Bum, Gligor, Virgil D., Perrig, Adrian |
| Rok vydání: |
2018 |
| Předmět: |
|
| DOI: |
10.1184/r1/6468038.v1 |
| Popis: |
We propose STRIDE, a new Internet architecture that provides strong DDoS defense mechanisms for both public services and private end-to-end communication. This new architecture presents several novel concepts including long-term static paths, bandwidth allocation through a top-down topology discovery protocol, dynamic bandwidth allocation via network capabilities, and differentiated packet prioritization. In concert, these mechanisms provide 1) a strong static class bandwidth guarantee, 2) strongly guaranteed capability establishment for private end-to-end communication, and a linear waiting time guarantee in the number of malicious source domains for capability establishment for public services, and 3) globally fair bandwidth allocation for capability-protected flows. STRIDE addresses the denial-of-capability problem and defends against a Coremelt attack by preventing a botnet from crowding out other flows on bottleneck network links. We demonstrate these properties through formal analysis and simulation. |
| Databáze: |
OpenAIRE |
| Externí odkaz: |
|
