Institute for Security Technology Studies (ISTS)
      
SEARCH: 
  Advanced Search  
Dartmouth CollegeInstitute for Security Technology Studies
Cyber Security and Trust Research & Development
Contents
ISTS Home
About
Projects
Past Projects
Library
People
People Database
Events
Newsroom
Academic Programs
Jobs & Internships
Sponsors
Links of Interest
Dartmouth College
Contact Us
Mailing List
Past Speakers - Documentation & Media
<< Back to Speakers 2006
Photo - Distinguished Speaker Dr. Azer Bestavros
"Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources"

Abstract: Over the past few years, Denial of Service (DoS) attacks have emerged as a serious vulnerability for almost every Internet service. An adversary bent on limiting access to a network resource could simply marshal enough client machines to bring down an Internet service by subjecting it to sustained levels of demand that far exceed its capacity, making that service incapable of adequately responding to legitimate requests. In this talk I will expose a different, but potentially more malignant adversarial attack that exploits the transients of a system's adaptive behavior, as opposed to its limited steady-state capacity. In particular, I will show that a determined adversary could bleed an adaptive system's capacity or significantly reduce its service quality by subjecting it to an unsuspicious, low-intensity (but well orchestrated and timed) request stream that causes the system to become very inefficient, or unstable. I will give examples of such "Reduction of Quality" (RoQ) attacks on a number of common adaptive components in modern computing and networking systems. RoQ attacks stand in sharp contrast to traditional brute-force, sustained high-rate DoS attacks, as well as recently proposed attacks that exploit specific protocol settings. I will present numerical and simulation results, which are validated with observations from real Internet experiments.

This work was done in collaboration with Mina Guirguis and Ibrahim Matta.

Bio: Azer Bestavros obtained his SM in 1988 and his PhD in 1992, both in Computer Science from Harvard University. He is currently Professor and Chairman of Computer Science at Boston University. Professor Bestavros' research interests are in the general areas of networking and real-time systems. Some of his seminal works include his generalization of classical rate-monotonic analysis to accommodate probabilistic guarantees, his pioneering of the push model for Internet content distribution adopted years later by CDNs, and his characterization of Web traffic self-similarity and reference locality. With over 2,000 citations to his publications, CiteSeer ranks him in the top 250 (2.5%) of its most cited CS authors at all times. Professor Bestavros received distinguished service awards from both the IEEE and the ACM. He served as chair, officer, or PC member of most major conferences in real-time and networking systems, including ICNP, Infocom, Sigmetrics, Sigmod, RTSS, RTAS, and ICDE. His research has been funded by government and industry grants totaling over $15M.
Copyright © 2003-2008 Trustees of Dartmouth CollegeProcess Query Systems, LLC.