[Nrg-l] Reminder: NRG Today @ 3pm - Abstract for today's talk

Nahur Fonseca nahur at cs.bu.edu
Mon Sep 24 12:46:58 EDT 2007

In this meeting to quick-off the NRG for this semester,
Nahur will describe the Denial of Capability attack and
the countermeasures proposed by Bryan Parno et. al.
Please, read the paper abstract bellow.

Portcullis: Protecting Connection Setup from
Denial-of-Capability Attacks

by Bryan Parno, Dan Wendlandt, Elaine Shi, Adrian Perrig, Bruce Maggs,
Yih-Chun Hu

in the Proceedings of SIGCOMM'07


Systems using capabilities to provide preferential service to selected
flows have been proposed as a defense against large-scale
network denial-of-service attacks. While these systems offer strong
protection for established network flows, the Denial-of-Capability
(DoC) attack, which prevents new capability-setup packets from
reaching the destination, limits the value of these systems.
Portcullis mitigates DoC attacks by allocating scarce link bandwidth
for connection establishment packets based on per-computation
fairness. We prove that a legitimate sender can establish a capability
with high probability regardless of an attacker’s resources or
strategy and that no system can improve on our guarantee. We
simulate full and partial deployments of Portcullis on an Internetscale
topology to confirm our theoretical results and demonstrate
the substantial benefits of using per-computation fairness.

We will meet at 3:00pm today, and by the end of the talk we will
agree on a definite time for the rest of the semester.


More information about the Nrg-l mailing list