DNS performance and the effectiveness of caching
IEEE/ACM Transactions on Networking (TON)
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Taming IP packet flooding attacks
ACM SIGCOMM Computer Communication Review
Availability, usage, and deployment characteristics of the domain name system
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
New client puzzle outsourcing techniques for DoS resistance
Proceedings of the 11th ACM conference on Computer and communications security
Mitigating bandwidth-exhaustion attacks using congestion puzzles
Proceedings of the 11th ACM conference on Computer and communications security
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
ConfiDNS: leveraging scale and history to improve DNS security
WORLDS'06 Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
Guaranteeing access in spite of distributed service-flooding attacks
Proceedings of the 11th international conference on Security Protocols
SNAPP: stateless network-authenticated path pinning
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Phalanx: withstanding multimillion-node botnets
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
To filter or to authorize: network-layer DoS defense against multimillion-node botnets
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Remote profiling of resource constraints of web servers using mini-flash crowds
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
A2M: Access-Assured Mobile Desktop Computing
ISC '09 Proceedings of the 12th International Conference on Information Security
Scalable network-layer defense against internet bandwidth-flooding attacks
IEEE/ACM Transactions on Networking (TON)
TrueIP: prevention of IP spoofing attacks using identity-based cryptography
Proceedings of the 2nd international conference on Security of information and networks
GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
Proactive surge protection: a defense mechanism for bandwidth-based attacks
IEEE/ACM Transactions on Networking (TON)
ACM Transactions on Computer Systems (TOCS)
Mitigating denial of capability attacks using sink tree based quota allocation
Proceedings of the 2010 ACM Symposium on Applied Computing
Secure unified cellular ad hoc network routing
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A novel DDOS attack defending framework with minimized bilateral damages
CCNC'10 Proceedings of the 7th IEEE conference on Consumer communications and networking conference
NetFence: preventing internet denial of service from inside out
Proceedings of the ACM SIGCOMM 2010 conference
Design of a secure packet processor
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
Building extensible networks with rule-based forwarding
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Reconstructing hash reversal based proof of work schemes
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
CluB: a cluster based framework for mitigating distributed denial of service attacks
Proceedings of the 2011 ACM Symposium on Applied Computing
ACM SIGCOMM Computer Communication Review
Efficient defence against misbehaving TCP receiver DoS attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Winnowing: Protecting P2P systems against pollution through cooperative index filtering
Journal of Network and Computer Applications
On building inexpensive network capabilities
ACM SIGCOMM Computer Communication Review
Reliable client accounting for P2P-infrastructure hybrids
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
SybilControl: practical sybil defense with computational puzzles
Proceedings of the seventh ACM workshop on Scalable trusted computing
STRIDE: sanctuary trail -- refuge from internet DDoS entrapment
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Collaborative approach to mitigating ARP poisoning-based Man-in-the-Middle attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
High-performance capabilities for 1-hop containment of network attacks
IEEE/ACM Transactions on Networking (TON)
Capability-Based Defenses Against DoS Attacks in Multi-path MANET Communications
Wireless Personal Communications: An International Journal
Spread Identity: A new dynamic address remapping mechanism for anonymity and DDoS defense
Journal of Computer Security
Hi-index | 0.00 |
Systems using capabilities to provide preferential service to selected flows have been proposed as a defense against large-scale network denial-of-service attacks. While these systems offer strong protection for established network flows, the Denial-of-Capability (DoC) attack, which prevents new capability-setup packets from reaching the destination, limits the value of these systems. Portcullis mitigates DoC attacks by allocating scarce link bandwidth for connection establishment packets based on per-computation fairness. We prove that a legitimate sender can establish a capability with high probability regardless of an attacker's resources or strategy and that no system can improve on our guarantee. We simulate full and partial deployments of Portcullis on an Internet-scale topology to confirm our theoretical results and demonstrate the substantial benefits of using per-computation fairness.