Denial of service: an example
暂无分享,去创建一个
ecurity threats are often divided into three c&go&s: breach of confidentiality, failure of authenticity and unauthorized denial ofserxice. Thr first twu have been very extensively studied; confidenti+ in particular has bear pursued to extraordinary lengths. Indeed, some publications on confidentialit) recall medieval disputes about how many angels could stand on the head of a pin. The second ha been the subject of. inquiry formany years, and is remarkable for the extent to which it is easy to d&se wrong protocols. Thr third has been much less studied, and indeed, the ttwdency has been to dis miss it as a topic for serious inquiry (I did so in [S]). The &jectiw of the pre sent article is to consider a particular instance o1.a denial of service problem and to look at engineering considerations relevant to an appropriate defensr. A major aspect is the complexity and danger that result from unthinking USC of what seem to be simple cost-saving measures. There are tax-s where the security threat that must be countered is almost exclusively one of denial of service. If there is a burglar in my v&t, I do not care who tells me (no need for authenticity), I don’t much care who else finds out (not much need for confidentiality), but I care very much that attempts to inform me are not balked (no denial of suvice). One could quil, ble with the detail of this example, in particular by discussing how one might defend against f&e alarms, but it seems incontrovcrtiblc that denial of serlice is the main threat. Much of the presmt discussion was in fact stimulated by a study of the infrastructure needed by alarm companies, undertaken for the U.K. insurance industry. The examples given do not relate to any specifl ic product or service. The context fbr discussion is more structured than (say) the Internet, which in probably helpful. In the context of an alarm system, we have three mechanical components to deal with, namely a C&W (a controller in the vault), a wtwmk, and a wrwr (on an alarm company’s premises). There are also two nonmecl~anical pa&s to the system-the customer and the contractor The contractor uses the client, the network, and the server to give a servicr to the customer. We put it this way to emphasize that the denial of .service against which we seek to protect is the denial of service to the customer, not to the client. The attack may indeed consist of disabling or destroying the client, just a it may consist of interfering with the nehvork or with the server.
[1] Don Davis,et al. Network security via private-key certificates , 1990, OPSR.
[2] Ross J. Anderson. Why cryptosystems fail , 1993, CCS '93.