A Specification and Verification Method for Preventing Denial of Service
IEEE Transactions on Software Engineering
Conditional rewriting logic as a unified model of concurrency
Selected papers of the Second Workshop on Concurrency and compositionality
Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Semantic Models for Distributed Object Reflection
ECOOP '02 Proceedings of the 16th European Conference on Object-Oriented Programming
A Formal Framework and Evaluation Method for Network Denial of Service
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Game-Based Analysis of Denial-of-Service Prevention Protocols
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Statistical probabilistic model checking with a focus on time-bounded properties
Information and Computation
Semantics and pragmatics of Real-Time Maude
Higher-Order and Symbolic Computation
Composing pattern-based components and verifying correctness
Journal of Systems and Software
Modular Preservation of Safety Properties by Cookie-Based DoS-Protection Wrappers
FMOODS '08 Proceedings of the 10th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol
Electronic Notes in Theoretical Computer Science (ENTCS)
SOA Design Patterns
PMaude: Rewrite-based Specification Language for Probabilistic Object Systems
Electronic Notes in Theoretical Computer Science (ENTCS)
All about maude - a high-performance logical framework: how to specify, program and verify systems in rewriting logic
PVESTA: a parallel statistical model checking and quantitative analysis tool
CALCO'11 Proceedings of the 4th international conference on Algebra and coalgebra in computer science
On statistical model checking of stochastic systems
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Design and analysis of cloud-based architectures with KLAIM and maude
WRLA'12 Proceedings of the 9th international conference on Rewriting Logic and Its Applications
The rewriting logic semantics project: A progress report
Information and Computation
Taming distributed system complexity through formal patterns
Science of Computer Programming
Hi-index | 0.00 |
Availability is an important security property for Internet services and a key ingredient of most service level agreements. It can be compromised by distributed Denial of Service (DoS) attacks. In this work we propose a formal pattern-based approach to study defense mechanisms against DoS attacks. We enhance pattern descriptions with formal models that allow the designer to give guarantees on the behavior of the proposed solution. The underlying executable specification formalism we use is the rewriting logic language Maude and its real-time and probabilistic extensions. We introduce the notion of stable availability, which means that with very high probability service quality remains very close to a threshold, regardless of how bad the DoS attack can get. Then we present two formal patterns which can serve as defenses against DoS attacks: the Adaptive Selective Verification (ASV) pattern, which enhances a communication protocol with a defense mechanism, and the Server Replicator (SR) pattern, which provisions additional resources on demand. However, ASV achieves availability without stability, and SR cannot achieve stable availability at a reasonable cost. As a main result we show, by statistical model checking with the PVeStA tool, that the composition of both patterns yields a new improved pattern which guarantees stable availability at a reasonable cost.