SRUTI '06 Abstract
Pp. 15–22 of the Proceedings
Cookies Along Trust-Boundaries (CAT):
Accurate and Deployable Flood Protection
Martin Casado, Stanford University; Aditya Akella, University of Wisconsin; Pei Cao, Stanford University; Niels Provos, Google; and Scott Shenker, University of California, Berkeley, and ICSI
Abstract
Packet floods targeting a victim’s incoming bandwidth are notoriously difficult to defend against. While a number of solutions have been proposed, such as network capabilities, thirdparty traffic scrubbing, and overlay-based protection, most suffer from drawbacks that limit their applicability in practice. We propose CAT, a new network-based flood protection scheme. In CAT, all flows must perform a three-way handshake with an in-network element to obtain permission to send data. The three-way handshake dissuades source spoofing and establishes a unique handle for the flow, which can then be used for revocation by the receiver. CAT offers the protection qualities of network capabilities, and yet does not require major architectural changes.
- View the full text of this paper in HTML and PDF.
The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
|
