Quality of service and denial of service
暂无分享,去创建一个
We argue that most forms of internet QoS must provide protection against DoS attacks. To date, the most cost-effective way of improving the treatment of some traffic has been to improve the treatment of all traffic. In a well-provisioned network, protection from DoS is essentially what defines QoS. QoS is not about the typical case; it is about the worst case.Researchers have all too often assumed "normal network conditions" and developed forms of QoS that do not take into account adversarial considerations.We argue that adversarial analysis needs to be performed on any QoS technique. The questions that need to be answered include: What are the consequences of a compromise of a host? A router? If no routers are compromised in a given domain, will it be always able to fulfill its QoS promises? If this is not the case, how many neighbors (and with what peering link capacities) does an adversary need to compromise to deny service to a specific pair of communicating hosts or, for a specific host, to deny service to some or all destinations? How can the operator control the possibility of DoS? How can it react to an ongoing attack?We call for more research on the security aspects of QoS, especially the prevention of DoS.
[1] Fred Baker,et al. Assured Forwarding PHB Group , 1999, RFC.
[2] Van Jacobson,et al. An Expedited Forwarding PHB , 1999, RFC.
[3] Patrick Thiran,et al. ABE: providing a low-delay service within best effort , 2001 .
[4] Vern Paxson,et al. How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.
[5] Dan Boneh,et al. Proceedings of the 11th USENIX Security Symposium , 2002 .