SOS: An Architecture For Mitigating DDoS Attacks - PowerPoint PPT Presentation

About This Presentation
Title:

SOS: An Architecture For Mitigating DDoS Attacks

Description:

Notified by either Secret Servlets or Target of their role ('Hey, you're a Beacon! ... A node can simultaneously act as a SOAP, Beacon and/or Secret Servlet ... – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 18
Provided by: pli4
Learn more at: http://www.cs.ucf.edu
Category:

less

Transcript and Presenter's Notes

Title: SOS: An Architecture For Mitigating DDoS Attacks


1
SOS An Architecture For Mitigating DDoS Attacks
  • Angelos D. Keromytis, Vishal Misra, Dan
    Rubenstein
  • ACM SIGCOMM 2002
  • Presented By Tracy Wagner CDA 6938 April 12,
    2007

2
Outline
  • Introduction
  • SOS Architecture
  • Defense Against Attacks
  • Performance
  • Strength
  • Weaknesses
  • Future Work

3
Introduction
  • SOS Secure Overlay Services
  • Proactively secure communications between known
    entities against Denial of Service (DoS) Attacks
  • Assumes a pre-determined set of approved clients
    communicating with a target
  • Focus efforts on a site that stores information
    that is difficult to replace

4
SOS Architecture Diagram
5
SOS Architecture
  • Target
  • Selects some subset of nodes to act as Secret
    Servlets
  • Accepts traffic only from Secret Servlet IPs
  • Secret Servlets
  • Verifies authenticity of request to act as Secret
    Servlet
  • Identifies Beacon Nodes

6
SOS Architecture
  • Beacon Nodes
  • Notified by either Secret Servlets or Target of
    their role (Hey, youre a Beacon!)
  • Verify validity of information received
  • Forwards traffic received to particular Secret
    Servlet associated with Target

7
SOS Architecture
  • Secure Overlay Access Point (SOAP) Nodes
  • Authenticates and authorizes request from client
    to communicate with Target
  • Securely routes all traffic to Target via Beacon
    nodes

8
Protection Against DoS
  • If an SOAP node is attacked, source point can
    enter through an alternate SOAP node
  • If a node within the overlay is attacked, the
    node exits and the overlay provides new paths
    to Beacons
  • No node is more important or sensitive than any
    other
  • If Secret Servlet is compromised, new subset of
    Secret Servlets can be chosen

9
Defending Against Attack
  • Security Analysis Assumptions
  • An attacker knows and can attack overlay nodes
  • Attacker does not know functionality of any given
    node, and cannot determine it
  • Bandwidth available to launch an attack is
    limited
  • Attack packets can always be identified as
    illegitimate traffic
  • Different users access overlay via different
    SOAPs
  • A node can simultaneously act as a SOAP, Beacon
    and/or Secret Servlet

10
Defending Against Static Attacks
  • 40 of nodes must be attacked simultaneously for
    attack to succeed once out of 10,000 attempts
  • Increasing number of Beacons and Secret Servlets
    quickly drops probability of successful attack

11
Defending Against Dynamic Attacks
  • Dynamic Attack allows for SOS to self-heal
    Attacker can then alter attack in response
  • Centralized vs. Distributed Repair Process
  • Centralized vs. Distributed Attack Process

12
Defending Against Network Attacks
  • Several zombies launch attack on Target
  • Triggered immediately or at some specified time
  • Anonymizing the Attacked Node
  • When Secret Servlet Identity is unknown, attacks
    randomly launched into overlay
  • Only a fraction of attack traffic will reach
    appropriate servlet
  • Placing targeted servlet in an overlay of size 30
    reduces probability of attack by 4 orders of
    magnitude

13
Performance
  • Measurement of time-to-completion of https
    requests
  • Depending upon the number of nodes in the
    overlay, the time-to-completion increases by a
    factor of 2-10

14
Performance
  • Shortcut Implementation
  • SOAPs contact Beacon nodes to determine Secret
    Servlet cache information and route future
    traffic from source directly to Servlet
  • Latency increases by as little as a factor of 2

15
Strengths
  • Proactive approach to fighting Denial of Service
    (DoS) attacks
  • Overlay can self-heal when a participant node is
    attacked
  • Scalable access control

16
Weaknesses
  • Assumes, for security analysis, that no attack
    can come from inside the overlay
  • Assumes that an attacker cannot mask illegitimate
    traffic to appear legitimate
  • To improve scalability, the number of SOAPs,
    Beacons, and Secret Servlets are limited which
    lessens protection from DoS attacks
  • Shortcut implementation does not protect secret
    information

17
Future Work
  • More details about how repair and attack
    processes will function
  • Evaluation of damage and attack that can come
    from inside the overlay
  • Consideration of attack traffic that may be able
    to pass through overlay
  • Exploration of overlays shared by multiple
    organizations in a secure manner
  • Investigation of possible shortcuts through the
    overlay that do not compromise security
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SOS: An Architecture For Mitigating DDoS Attacks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!