License
When quoting this document, please refer to the following
URN: urn:nbn:de:0030-drops-8492
URL: http://drops.dagstuhl.de/opus/volltexte/2007/849/
Go to the corresponding Portal


Badishi, Gal ; Keidar, Idit ; Herzberg, Amir ; Romanov, Oleg ; Yachin, Avital

Denial of Service Protection with Beaver

pdf-format:
Document 1.pdf (417 KB)


Abstract

We present Beaver, a method and architecture to ``build dams'' to protect servers from Denial of Service (DoS) attacks. Beaver allows efficient filtering of DoS traffic using low-cost, high-performance, readily-available packet filtering mechanisms. Beaver improves on previous solutions by not requiring cryptographic processing of messages, allowing the use of efficient routing (avoiding overlays), and establishing keys and state as needed. We present two prototype implementations of Beaver, one as part of IPSec in a Linux kernel, and a second as an NDIS hook driver on a Windows machine. Preliminary measurements illustrate that Beaver withstands severe DoS attacks without hampering the client-server communication. Moreover, Beaver is simple and easy to deploy.

BibTeX - Entry

@InProceedings{badishi_et_al:DSP:2007:849,
  author =	{Gal Badishi and Idit Keidar and Amir Herzberg and Oleg Romanov and Avital Yachin},
  title =	{Denial of Service Protection with Beaver},
  booktitle =	{From Security to Dependability},
  year =	{2007},
  editor =	{Christian Cachin and Felix C. Freiling and Jaap-Henk Hoepman },
  number =	{06371},
  series =	{Dagstuhl Seminar Proceedings},
  ISSN =	{1862-4405},
  publisher =	{Internationales Begegnungs- und Forschungszentrum f{\"u}r Informatik (IBFI), Schloss Dagstuhl, Germany},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2007/849},
  annote =	{Keywords: Denial of Service}
}

Keywords: Denial of Service
Seminar: 06371 - From Security to Dependability
Issue Date: 2007
Date of publication: 10.01.2007


DROPS-Home | Fulltext Search | Imprint Published by LZI