Modular Preservation of Safety Properties by Cookie-Based DoS-Protection Wrappers
FMOODS '08 Proceedings of the 10th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol
Electronic Notes in Theoretical Computer Science (ENTCS)
Extending Anticipation Games with Location, Penalty and Timeline
Formal Aspects in Security and Trust
Towards behavioral control in multi-player network games
GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
Distributed synthesis for alternating-time logics
ATVA'07 Proceedings of the 5th international conference on Automated technology for verification and analysis
Model-checking DoS amplification for VoIP session initiation
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Using strategy objectives for network security analysis
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
The modeling and comparison of wireless network denial of service attacks
MobiHeld '11 Proceedings of the 3rd ACM SOSP Workshop on Networking, Systems, and Applications on Mobile Handhelds
Game theoretic resistance to denial of service attacks using hidden difficulty puzzles
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Selective approaches for solving weak games
ATVA'06 Proceedings of the 4th international conference on Automated Technology for Verification and Analysis
A game based model of security for key predistribution schemes in wireless sensor network
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
Stable availability under denial of service attacks through formal patterns
FASE'12 Proceedings of the 15th international conference on Fundamental Approaches to Software Engineering
Hi-index | 0.00 |
Availability is a critical issue in modern distributed systems. While many techniques and protocols for preventing denial of service (DoS) attacks have been proposed and deployed in recent years, formal methods for analyzing and proving them correct have not kept up with the state of the art in DoS prevention. This paper proposes a new protocol for preventing malicious bandwidth consumption, and demonstrates how game-based formal methods can be successfully used to verify availability-related security properties of network protocols. We describe two classes of DoS attacks aimed at bandwidth consumption and resource exhaustion, respectively. We then propose our own protocol, based on a variant of client puzzles, to defend against bandwidth consumption, and use the JFKr key exchange protocol as an example of a protocol that defends against resource exhaustion attacks. We specify both protocols as alternating transition systems (ATS), state their security properties in alternating-time temporal logic (ATL) and verify them using MOCHA, a model checker that has been previously used to analyze fair exchange protocols.