1 / 23

A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems

A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems. Alex Wun, Alex Cheung, Hans-Arno Jacobsen Department of Electrical and Computer Engineering Department of Computer Science University of Toronto. Current State of Denial of Service.

clarissa-verne
Download Presentation

A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno Jacobsen Department of Electrical and Computer Engineering Department of Computer Science University of Toronto

  2. Current State of Denial of Service • Prominent DoS news in 2007: • 6 of 13 Root DNS servers attacked [ICANN2007] • DC++ P2P networks used in attacks [DCPP2007] • Estonian sites: government, bank, police [Yahoo2007] • Plenty more … • DoS problems are not going away

  3. Research Goals • Stimulate discussion about DoS in CPS • Avoid repeating old DoS weaknesses (e.g., IPv6 source routing) • Identify new DoS Concerns • Will DoS attacks in CPS systems be any different? • What are the prominent issues? • How can potential DoS attacks be classified?

  4. Our Contributions • Study impact of CPS features on DoS effects • Distributed event delivery • Content-based processing overhead • State maintenance • Classify potential DoS attack characteristics • Identify CPS concepts with DoS implications

  5. A B C Content-based Publish/Subscribe Enterprise Servers Embedded Devices Sensor Networks Publishers Subscribers P P S S Messaging Middleware

  6. DoS Taxonomy

  7. Message Propagation Effects • Multi-hop routing • Localization • Transmission

  8. Propagation • Non-matching message injection • Malicious unsubscribe • Edge broker access control • Local clients • Co-operative detection not helpful • Effects may still be distributed Localized • Broker multicast • Per-hop security schemes • Client location Single-Hop • Matching message injection • Rendezvous routing • Remote clients • Transmitting DoS effects remotely Multi-Hop • Flooding • Global client interest • May span organizations Global

  9. State Management Effects • Assumptions on distribution message type • Cumulative effects

  10. Statefulness • Recovery through normal processing • Unretained publication injections • Connection attempts Attack Attack stops Time Stateless Effects • Effects continue due to state change • Malicious unsubscriptions • Subscription injections • Publications retained for CEP Attack Attack stops Stateful Time Effects • Recovery through normal maintenance • Expiry mechanisms • Periodic optimizations Attack Attack stops Time Soft-state Periodic cleanup Effects • Recovered state causes DoS • DB-based Fault-tolerance • Historic data • Configuration corruptions Load from persistent storage Persistent Time Effects

  11. Content-based Processing Effects Low content complexity High content complexity

  12. Content-based Processing Effects • Performance variability highly dependent on workload complexity • Response times • System recovery

  13. Content-dependence Load # of Victims # of Targets Downtime • Severity of DoS effects are the same regardless of content complexity • ID-based filter removal Independent • Higher complexity content produces more severe DoS effects • Inducing matching load Proportional • Lower complexity content produces more sever DoS effects • Filter-based filter removal Inverselyproportional Content complexity

  14. Techniques - Thrashing • DoS from processing repeated state changes • Subscription cover thrashing example: • Many non-covering subscriptions exist from other client(s) • Adversary issues covering subscription (triggers removal) • Adversary removes covering subscription (triggers restoration) • Repeat …

  15. Techniques - Stockpiling • Store malicious state for use in future attack(s) • Can be low rate to avoid detection • Subscription flood example: • Stockpile subscription state • Issue advertisement to attract subscriptions

  16. Techniques - Traffic Amplification • Malicious traffic of adversary multiplied • Known to be a problem in traditional Internet • Smurf attack • Source routing • Reflection (connection retries) • Fundamental to many CPS features? • Highly generic subscriptions and advertisements • Uncovering and Unmerging • Historic data

  17. Filter versus ID State Removal

  18. Related Work • Mirkovic and Reiher [Mirkovic2004] • DDoS taxonomy in traditional Internet domain • Srivatsa and Liu [Srivatsa2005] • Authentication to limit flooding-based DoS • Wang et al. [Wang2002] • Discussed DoS briefly along with other security concerns

  19. Conclusion • CPS characteristics with DoS implications • Message propagation (remote attacks) • Content complexity (highly variable performance) • State maintenance (assumptions on message type distribution) • Abusing features for DoS • Stockpiling • Traffic Amplification • Filter Removal (Thrashing, Victims)

  20. References • [ICANN2007] • http://icann.org/announcements/factsheet-dns-attack-08mar07_v1.1.pdf • [DCPP2007] • http://dcpp.wordpress.com/2007/05/22/denying-distributed-attacks/ • [Yahoo2007] • http://fe48.news.sp1.yahoo.com/s/infoworld/20070517/tc_infoworld/88610 • [Mirkovic2004] • A Taxonomy of DDoS Attack and DDoS Defense Mechanisms, ACM SIGCOMM • [Srivatsa2005] • Securing Publish-Subscribe Overlay Services with EventGuard, ACM Conference on Computer and Communications Security • [Wang2002] • Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems, Hawaii International Conference on System Sciences

  21. Extra Slides

  22. Enterprise Servers Embedded Devices Sensor Networks Publishers Subscribers xxxxx xxxxx xxxxx xxxxx xxxxx xxxxx • Distributed broker federations • Subscription state management • Content-based processing Messaging Middleware

  23. Content-based Publish/Subscribe Publishers Subscribers P P S S

More Related