Home

Find us on

facebook youtube flickr

Upcoming Events

faculty guide

My Computer Ate My Data, Changed My Students' Grades and Stole My Money
OR
What all faculty need to know about securing their information
Friday May 18, 2012 at 12:30-2pm
DCAL Conference Room, 102 Baker Library
Santosh Kumar

Mobile Measurement of Behavioral and Social Health at Population Scale
Santosh Kumar
University of Memphis
Wednesday May 23 at 4:15pm
Steele 006 

Past Programs

mcgraw youtube

Cyber War, Cyber Peace, Stones, and Glass Houses
Gary McGraw
Cigital, Inc.
April 26, 2012 
bigham video

Real-Time Crowd Support for People with Disabilities
Jeff Bigham
University of Rochester
November 15, 2011 
cyberops vid

Cyber Operations and National Security
A Panel Discussion
October 20, 2011
summer camp vid

CISO vs. Adversary
Healthcare Security Investment Game
July 7, 2011 

 


Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
info.ists@dartmouth.edu
HomeEvents >

Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources

Abstract

Azer BestavrosOver the past few years, Denial of Service (DoS) attacks have emerged as a serious vulnerability for almost every Internet service. An adversary bent on limiting access to a network resource could simply marshal enough client machines to bring down an Internet service by subjecting it to sustained levels of demand that far exceed its capacity, making that service incapable of adequately responding to legitimate requests. In this talk I will expose a different, but potentially more malignant adversarial attack that exploits the transients of a system's adaptive behavior, as opposed to its limited steady-state capacity. In particular, I will show that a determined adversary could bleed an adaptive system's capacity or significantly reduce its service quality by subjecting it to an unsuspicious, low-intensity (but well orchestrated and timed) request stream that causes the system to become very inefficient, or unstable. I will give examples of such "Reduction of Quality" (RoQ) attacks on a number of common adaptive components in modern computing and networking systems. RoQ attacks stand in sharp contrast to traditional brute-force, sustained high-rate DoS attacks, as well as recently proposed attacks that exploit specific protocol settings. I will present numerical and simulation results, which are validated with observations from real Internet experiments.

This work was done in collaboration with Mina Guirguis and Ibrahim Matta.

Bio

Azer Bestavros obtained his SM in 1988 and his PhD in 1992, both in Computer Science from Harvard University. He is currently Professor and Chairman of Computer Science at Boston University. Professor Bestavros' research interests are in the general areas of networking and real-time systems. Some of his seminal works include his generalization of classical rate-monotonic analysis to accommodate probabilistic guarantees, his pioneering of the push model for Internet content distribution adopted years later by CDNs, and his characterization of Web traffic self-similarity and reference locality. With over 2,000 citations to his publications, CiteSeer ranks him in the top 250 (2.5%) of its most cited CS authors at all times. Professor Bestavros received distinguished service awards from both the IEEE and the ACM. He served as chair, officer, or PC member of most major conferences in real-time and networking systems, including ICNP, Infocom, Sigmetrics, Sigmod, RTSS, RTAS, and ICDE. His research has been funded by government and industry grants totaling over $15M.