Abstract - Technical Program - OSDI 99
Defending Against Denial of Service Attacks in Scout
Oliver Spatscheck, University of Arizona
Larry L. Peterson, Princeton University
We describe a two-dimensional architecture for defending against
denial of service attacks. In one dimension, the architecture accounts
for all resources consumed by each I/O path in the system; this
accounting mechanism is implemented as an extension to the path object
in the Scout operating system. In the second dimension, the various
modules that define each path can be configured in separate protection
domains; we implement hardware enforced protection domains, although
other implementations are possible. The resulting system---which we
call Escort---is the first example of a system that simultaneously
does end-to-end resource accounting (thereby protecting against
resource based denial of service attacks where principals can be
identified) and supports multiple protection domains (thereby allowing
untrusted modules to be isolated from each other). The paper describes
the Escort architecture and its implementation in Scout, and reports a
collection of experiments that measure the costs and benefits of using
Escort to protect a web server from denial of service attacks.
- View the full text of this paper in
HTML form and
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.