A taxonomy for denial of service attacks in content-based publish/subscribe systems

Denial of Service (DoS) attacks continue to affect the availability of critical systems on the Internet. The existing DoS problem is enough to merit significant research dedicated to analyzing and classifying DoS attacks in the Internet context. However, no such research exists for DoS attacks in the domain of Content-based Publish/Subscribe (CPS) systems despite CPS being at the forefront of business process execution, application integration, and event processing applications. This can be attributed to the lack of structure and understanding of key issues in the area of DoS in CPS systems. In this paper, we propose to address these problems by presenting a taxonomy for classifying DoS characteristics and concerns new to CPS systems. Our taxonomy is motivated by a number of experimental results that were obtained using our CPS middleware implementation and that highlight fundamental DoS concerns in this domain. Finally, we discuss some example DoS attacks in detail with respect to our taxonomy and experimental results. We find that localization, message content complexity, and filter statefulness are the key CPS characteristics to consider when designing DoS resilient CPS systems.

[1]  Marcos K. Aguilera,et al.  Matching events in a content-based subscription system , 1999, PODC '99.

[2]  Jaswinder Pal Singh,et al.  MEDYM: match-early and dynamic multicast for content-based publish-subscribe service networks , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[3]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[4]  Luís E. T. Rodrigues,et al.  Reducing Latency in Rendezvous-Based Publish-Subscribe Systems for Wireless Ad Hoc Networks , 2006, 26th IEEE International Conference on Distributed Computing Systems Workshops (ICDCSW'06).

[5]  David S. Rosenblum,et al.  Design and evaluation of a wide-area event notification service , 2001, TOCS.

[6]  Dennis Shasha,et al.  Filtering algorithms and implementation for very fast publish/subscribe systems , 2001, SIGMOD '01.

[7]  Mira Mezini,et al.  Engineering Event-Based Systems with Scopes , 2002, ECOOP.

[8]  Guruduth Banavar,et al.  An efficient multicast protocol for content-based publish-subscribe systems , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems (Cat. No.99CB37003).

[9]  Peter R. Pietzuch,et al.  Peer-to-peer overlay broker networks in an event-based middleware , 2003, DEBS '03.

[10]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[11]  Peter Triantafillou,et al.  PastryStrings: A Comprehensive Content-Based Publish/Subscribe DHT Network , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[12]  Peter R. Pietzuch,et al.  Hermes: a distributed event-based middleware architecture , 2002, Proceedings 22nd International Conference on Distributed Computing Systems Workshops.

[13]  Alexander L. Wolf,et al.  Security issues and requirements for Internet-scale publish-subscribe systems , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[14]  Gero Mühl,et al.  Large-scale content based publish, subscribe systems , 2002 .

[15]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[16]  Mudhakar Srivatsa,et al.  Securing publish-subscribe overlay services with EventGuard , 2005, CCS '05.