MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno Jacobsen Department of Electrical and Computer Engineering Department of Computer Science University of Toronto
23
Embed
MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
MIDDLEWARE SYSTEMSRESEARCH GROUP
A Taxonomy for Denial of Service Attacks in Content-based
Publish/Subscribe Systems
Alex Wun, Alex Cheung, Hans-Arno JacobsenDepartment of Electrical and Computer Engineering
Department of Computer Science
University of Toronto
Current State of Denial of Service
Prominent DoS news in 2007: 6 of 13 Root DNS servers attacked
[ICANN2007] DC++ P2P networks used in attacks
[DCPP2007] Estonian sites: government, bank, police
[Yahoo2007] Plenty more …
DoS problems are not going away
Research Goals
Stimulate discussion about DoS in CPS Avoid repeating old DoS weaknesses (e.g.,
IPv6 source routing)
Identify new DoS Concerns Will DoS attacks in CPS systems be any
different? What are the prominent issues? How can potential DoS attacks be classified?
Our Contributions
Study impact of CPS features on DoS effects Distributed event delivery Content-based processing overhead State maintenance
Classify potential DoS attack characteristics
Identify CPS concepts with DoS implications
Messaging Middleware
S SP
Publishers
P
SubscribersEnterpriseServers
EmbeddedDevices
SensorNetworks A B
C
Content-based Publish/Subscribe
DoS Taxonomy
Message Propagation Effects
Multi-hop routing Localization Transmission
Propagation
Localized
Single-Hop
Multi-Hop
Global
• Non-matching message injection• Malicious unsubscribe• Edge broker access control• Local clients• Co-operative detection not helpful• Effects may still be distributed
Fundamental to many CPS features? Highly generic subscriptions and advertisements Uncovering and Unmerging Historic data
Filter versus ID State Removal
Related Work
Mirkovic and Reiher [Mirkovic2004] DDoS taxonomy in traditional Internet domain
Srivatsa and Liu [Srivatsa2005] Authentication to limit flooding-based DoS
Wang et al. [Wang2002] Discussed DoS briefly along with other security
concerns
Conclusion
CPS characteristics with DoS implications Message propagation (remote attacks) Content complexity (highly variable performance) State maintenance (assumptions on message type
distribution)
Abusing features for DoS Stockpiling Traffic Amplification Filter Removal (Thrashing, Victims)