Formal Approach for Resilient Reachability based on End-System Route Agility

Usman Rauf, F. Gillani, E. Al-Shaer, M. Halappanavar, S. Chatterjee, C. Oehmen
{"title":"Formal Approach for Resilient Reachability based on End-System Route Agility","authors":"Usman Rauf, F. Gillani, E. Al-Shaer, M. Halappanavar, S. Chatterjee, C. Oehmen","doi":"10.1145/2995272.2995275","DOIUrl":null,"url":null,"abstract":"The deterministic nature of existing routing protocols has resulted into an ossified Internet with static and predictable network routes. This gives persistent attackers (e.g. eavesdroppers and DDoS attackers) plenty of time to study the network and identify the vulnerable (critical) links to plan devastating and stealthy attacks. Recently, Moving Target Defense (MTD) based approaches have been proposed to to defend against DoS attacks. However, MTD based approaches for route mutation are oriented towards re-configuring the parameters in Local Area Networks (LANs), and do not provide any protection against infrastructure level attacks, which inherently limits their use for mission critical services over the Internet infrastructure. To cope with these issues, we extend the current routing architecture to consider end-hosts as routing elements, and present a formal method based agile defense mechanism to embed resiliency in the existing cyber infrastructure. The major contributions of this paper include: (1) formalization of efficient and resilient End to End (E2E) reachability problem as a constraint satisfaction problem, which identifies the potential end-hosts to reach a destination while satisfying resilience and QoS constraints, (2) design and implementation of a novel decentralized End Point Route Mutation (EPRM) protocol, and (3) design and implementation of planning algorithm to minimize the overlap between multiple flows, for the sake of maximizing the agility in the system. Our PlanetLab based implementation and evaluation validates the correctness, effectiveness and scalability of the proposed approach.","PeriodicalId":20539,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Moving Target Defense","volume":"45 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM Workshop on Moving Target Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2995272.2995275","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 15

Abstract

The deterministic nature of existing routing protocols has resulted into an ossified Internet with static and predictable network routes. This gives persistent attackers (e.g. eavesdroppers and DDoS attackers) plenty of time to study the network and identify the vulnerable (critical) links to plan devastating and stealthy attacks. Recently, Moving Target Defense (MTD) based approaches have been proposed to to defend against DoS attacks. However, MTD based approaches for route mutation are oriented towards re-configuring the parameters in Local Area Networks (LANs), and do not provide any protection against infrastructure level attacks, which inherently limits their use for mission critical services over the Internet infrastructure. To cope with these issues, we extend the current routing architecture to consider end-hosts as routing elements, and present a formal method based agile defense mechanism to embed resiliency in the existing cyber infrastructure. The major contributions of this paper include: (1) formalization of efficient and resilient End to End (E2E) reachability problem as a constraint satisfaction problem, which identifies the potential end-hosts to reach a destination while satisfying resilience and QoS constraints, (2) design and implementation of a novel decentralized End Point Route Mutation (EPRM) protocol, and (3) design and implementation of planning algorithm to minimize the overlap between multiple flows, for the sake of maximizing the agility in the system. Our PlanetLab based implementation and evaluation validates the correctness, effectiveness and scalability of the proposed approach.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于端系统路由敏捷性的弹性可达性形式化方法
现有路由协议的确定性导致了僵化的Internet,具有静态和可预测的网络路由。这给了持久的攻击者(例如窃听者和DDoS攻击者)足够的时间来研究网络,并确定易受攻击的(关键)链接,以计划毁灭性和隐蔽的攻击。近年来,人们提出了基于移动目标防御(MTD)的方法来防御DoS攻击。然而,基于MTD的路由突变方法面向重新配置局域网(lan)中的参数,并且不提供任何针对基础设施级攻击的保护,这本质上限制了它们在互联网基础设施上的关键任务服务的使用。为了解决这些问题,我们扩展了现有的路由架构,将终端主机作为路由元素,并提出了一种基于敏捷防御机制的形式化方法,将弹性嵌入到现有的网络基础设施中。本文的主要贡献包括:(1)将高效、弹性的端到端(E2E)可达性问题形式化为约束满足问题,识别在满足弹性和QoS约束的情况下到达目的地的潜在终端主机;(2)设计和实现一种新型的去中心化端点路由突变(EPRM)协议;(3)设计和实现规划算法,以最小化多个流之间的重叠,从而最大化系统的敏捷性。我们基于PlanetLab的实现和评估验证了所提出方法的正确性、有效性和可扩展性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Moving Target Defense: a Journey from Idea to Product Session details: Keynote Talk Automated Effectiveness Evaluation of Moving Target Defenses: Metrics for Missions and Attacks Markov Modeling of Moving Target Defense Games Session details: Invited Industry Talk
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1