A generalized admissions control strategy for heterogeneous, distributed multimedia systems
Proceedings of the third ACM international conference on Multimedia
Web content adaptation to improve server overload behavior
WWW '99 Proceedings of the eighth international conference on World Wide Web
On choosing a task assignment policy for a distributed server system
Journal of Parallel and Distributed Computing - Special issue on software support for distributed computing
SEDA: an architecture for well-conditioned, scalable internet services
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Modern Control Engineering
An Empirical Study of Admission Control Strategies in Video Servers
ICPP '98 Proceedings of the 1998 International Conference on Parallel Processing
Handling Multiple Bottlenecks in Web Servers Using Adaptive Inbound Controls
PIHSN '02 Proceedings of the 7th IFIP/IEEE International Workshop on Protocols for High Speed Networks
Overload Behaviour and Protection of Event-driven Web Servers
Revised Papers from the NETWORKING 2002 Workshops on Web Engineering and Peer-to-Peer Computing
An Adaptive Admission Control Mechanism for a Cluster-Based Web Server System
IPDPS '02 Proceedings of the 16th International Parallel and Distributed Processing Symposium
A Formal Framework and Evaluation Method for Network Denial of Service
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Predictive Admission Control Strategy for Overloaded Commercial Web Server
MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
QoS Management in Web-based Real-Time Data Services
WECWIS '02 Proceedings of the Fourth IEEE International Workshop on Advanced Issues of E-Commerce and Web-Based Information Systems (WECWIS'02)
An Aggressive Admission Control Scheme for Multimedia Servers
ICMCS '97 Proceedings of the 1997 International Conference on Multimedia Computing and Systems
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Admission Control and Scheduling for High Performance WWW Servers
Admission Control and Scheduling for High Performance WWW Servers
Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Overload management as a fundamental service design primitive
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Adaptive overload control for busy internet servers
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Admission control for statistical QoS: theory and practice
IEEE Network: The Magazine of Global Internetworking
Could a Caveman Do It? The Surprising Potential of Simple Attacks
IEEE Security and Privacy
Defense techniques for low-rate DoS attacks against application servers
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Internet end-systems employ various adaptation mechanisms that enable them to respond adequately to legitimate requests in overload situations. Today, these mechanisms are incorporated in most scalable end-systems through the use of one or more component subsystems such as admission controllers, traffic shapers, content transcoders, QoS Controllers, and load balancers. While the design of these components has been heavily investigated and significantly fine-tuned for efficiency and scalability purposes, the security implication of the adaptation mechanisms used in these components has not been on the radar to system designers. To that end, this paper exposes adversarial exploits of the dynamics that result from the adaptive nature of these components. We show that a well orchestrated Reduction of Quality (RoQ) attack could induce significant inefficiencies or reduce the service quality of end-systems, without resorting to brute-force Denial-of-Service (DoS) exploits that target the limited steady-state capacity of these end-systems. We present a general analytical framework that captures the effect of RoQ exploits on the underlying optimization process of the adaptation mechanisms. Using detailed models, we instantiate this general framework for some of the aforementioned end-system adaptation mechanisms, focusing on admission controllers and load balancers. Our exposition is supported with numerical solutions of analytical models, which are validated using results from detailed simulations, and measurements from real Internet experiments performed in our lab.