Cyber Trust: Controlling Internet Denial-of-Service with Capabilities
University Of Washington, Seattle WA
Investigators
Abstract
Proposal 0430304 David Wetherall, University of Washington Abstract Over the past several years, Internet denial-of-service (DoS) flooding attacks have become more frequent, larger, and more sophisticated. The root cause of these attacks is that the existing Internet architecture allows any party to send packets to any destination at any time, regardless of the wishes of that destination. To address this problem, the investigators are experimenting with a new architecture in which destinations have control over the network resources used to reach them. Capabilities, represented by tokens carried on packets, are the mechanism that is used to affect this control. The architecture provides two key benefits. First, it aims to provide a long-term solution to the problem of DoS, rather than a further step in an arms race with attackers. Second, it controls DoS while preserving the traditional openness of the Internet architecture, lessening the need for firewalls and intrusion detection systems that hinder the growth of new kinds of applications. A prototype of the architecture is being built for trial deployment on the Internet.
View original record on NSF Award Search →