Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories

Existing models for analyzing the integrity and confidentia lity of protocols need to be extended to enable the analysis of availability. Prior work on such extensions shows promising applications to the development of new DoS countermeasures. Ideally it should be possible to apply these countermeasures systematically in a way that preserves desirable properties already establis hed. This paper investigates a step toward achieving this ideal by describing a way to expand term rewriting theories to include probabilitic aspects that can show the effectiveness of DoS countermeasures. In particular, we consider the shared channel model, in which adversaries and valid participants share communication bandwidth according to a probabilistic interleaving model, and a countermeasure known as selective verification applied to the handshake steps of the TCP reliable transport protocol. These concepts are formulated in a probabilistic extension of the Maude term rewriting sytem and automated techniques are used to demonstrate the effectiveness of the countermeasures.

[1]  José Meseguer,et al.  Rewriting logic: roadmap and bibliography , 2002, Theor. Comput. Sci..

[2]  José Meseguer,et al.  Conditioned Rewriting Logic as a United Model of Concurrency , 1992, Theor. Comput. Sci..

[3]  José Meseguer,et al.  A Rewriting Based Model for Probabilistic Distributed Object Systems , 2003, FMOODS.

[4]  Gul Agha,et al.  Probabilistic Rewrite Theories: Unifying Models, Logics and Tools , 2003 .

[5]  Bengt Jonsson,et al.  A logic for reasoning about time and reliability , 1990, Formal Aspects of Computing.

[6]  José Meseguer,et al.  PMaude: Rewrite-based Specification Language for Probabilistic Object Systems , 2006, QAPL.

[7]  Gul A. Agha,et al.  ACTORS - a model of concurrent computation in distributed systems , 1985, MIT Press series in artificial intelligence.

[8]  Robert K. Brayton,et al.  Verifying Continuous Time Markov Chains , 1996, CAV.

[9]  Mahesh Viswanathan,et al.  Statistical Model Checking of Black-Box Probabilistic Systems , 2004, CAV.

[10]  Koushik Sen,et al.  Rule-Based Runtime Verification , 2004, VMCAI.

[11]  José Meseguer,et al.  A logical theory of concurrent objects , 1990, OOPSLA/ECOOP '90.

[12]  José Meseguer,et al.  A logical theory of concurrent objects and its realization in the Maude language , 1993 .

[13]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[14]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[15]  Mahesh Viswanathan,et al.  On Statistical Model Checking of Stochastic Systems , 2005, CAV.

[16]  MeseguerJosé Conditional rewriting logic as a unified model of concurrency , 1992 .

[17]  Sanjeev Khanna,et al.  DoS Protection for Reliably Authenticated Broadcast , 2004, NDSS.