Transcript Socket_handoff_DoS_a..

The Socket Handoff Defense to DoS Attacks
http://www.cs.cmu.edu/~softagents
Katia Sycara, PI
Overview
Key Benefits of Socket Handoff
A denial of service (DoS) attack is an attack by
malicious or naïve hackers on an information
networking infrastructure and the computing systems
that depend on it. Attacks may range from the
shutdown of a single computer, to the removal of an
entire network or system from the Internet.
• The termination of the DoS attack. Malicious
network connections, often partial and containing
spoofed or inaccurate IP addresses, will be dropped
and “left behind” in the “move.”
Legitimate
client outside
subnet
1. DoS
Attack
3. Loss of
access by
outside
clients
With The Socket Handoff Defense, a targeted
Organization may maintain operation of the
networked infrastructure. A lightweight socket
handoff technology allows computers on the
network to relocate out of harm’s way by
renumbering their IP network addresses.
3. Legitimate outside
client connects using
Discovery
2. Attacker loses
connection to
network host.
new IP
• Continuity of service. The relocation is
accomplished without needing to stop, disconnect,
or interrupt services and network connections that
are valid and already active. These connections will
be automatically updated with the new and
renumbered addresses.
• Application transparency. The Socket Handoff
mechanism is implemented in the operating system
kernel. Likewise, all network applications can
benefit from it without needing to be rewritten. A
wide variety of applications can benefit from this
technology, from file, database and web servers, to
specialized peer-to-peer Internet services.
• Gradual phase-in. Under normal circumstances,
applications running on operating systems not
implementing the Socket Handoff mechanism can
communicate with those running on operating
systems that do support handoff. Applications need a
Socket-Handoff-established kernel to maintain a
connection when the server relocates and hands off
its new IP address.
Discovery Features
new IP
1. Server changes IP address and notifies clients.
Subnet connections are uninterrupted.
In February 2002, the Intelligent Software Agents Lab
demonstrated an implementation of Linux kernel-level
sockets that permitted transparent Socket Handoff among
three different network test applications. To our knowledge, it
was the first such demonstration of its kind.
Relocated network service providers and requestors
find each other at their new addresses through
lightweight and fail-safe Discovery services, such
as those implemented in the Intelligent Software
Agents Lab's RETSINA agent architecture. These
RETSINA technologies have been verified to work
across multiple network topologies, managed by a
variety of network management policies.
This research has been sponsored in part by: the Office of Naval Research Grant N00014-96-16-1-1222, DARPA Grant F30602-98-20138, DARPA Grant F30602-00-2-0592, and by AFOSR Grant F49620-01-1-0542.