a dos resilient information system for dynamic data
play

A DoS-Resilient Information System for Dynamic Data Management by - PowerPoint PPT Presentation

Oct 13, 2023 •190 likes •638 views

A DoS-Resilient Information System for Dynamic Data Management by Baumgart, M. and Scheideler, C. and Schmid, S. In SPAA 2009 Mahdi Asadpour (amahdi@student.ethz.ch) Outline Denial of Service Attacks Chameleon: System Description

  1. A DoS-Resilient Information System for Dynamic Data Management by Baumgart, M. and Scheideler, C. and Schmid, S. In SPAA 2009 Mahdi Asadpour (amahdi@student.ethz.ch)

  2. Outline  Denial of Service Attacks  Chameleon: System Description  Chameleon: Operational Details  Conclusion 2

  3. Denial of Service Attacks

  4. DoS attack  (Distributed) Denial of Service (DoS) attacks are one of the biggest problems in today’s open distributed systems.  Botnet : A set of compromised networked computers controlled through the attacker‘s program (the “bot“).  Image credit: Network Security course, Thomas Dübendorfer, ETH Zürich. 4

  5. Examples  DoS attack against the root servers of the DNS system: roots, top-level domains, ...  TCP SYN flood attack  Prevention: SYN cookies  Image credit: http://en.wikipedia.org/wiki/SYN_flood Root Domain Name Servers 5

  6. DoS prevention  Redundancy : information is replicated on multiple machines.  Storing and maintaining multiple copies have large overhead in storage and update costs.  Full replication is not feasible in large information systems.  In order to preserve scalability , the burden on the servers should be minimized.  Limited to logarithmic factor.  Challenge: how to be robust against DoS attacks? 6

  7. Therefore, a dilemma  Scalability : minimize replication of information  Robustness : maximize resources needed by attacker 7

  8. Related work  Many scalable information systems:  Chord, CAN, Pastry, Tapestry, ...  Not robust against flash crowds  Caching strategies against flash crowds:  CoopNet, Backlash, PROOFS,…  Not robust against adaptive lookup attacks 8

  9. Related work, cont.  Systems robust against DoS-attacks:  SOS, WebSOS, Mayday, III,…  Basic strategy: hiding original location of data  Not work against past insiders  Awerbuch and Scheideler (DISC 07):  DoS-resistent information system that can only handle get requests under DoS attack 9

  10. Chameleon: System Description

  11. Model  Chameleon: a distributed information system, which is provably robust against large-scale DoS attacks.  N fixed nodes in the system, and all are honest and reliable.  The system supports these operations:  Put(d): inserts/updates data item d into the system  Get(name): this returns the data item d with Name(d)=name, if any.  Assume that time proceeds in steps that are synchronized among the nodes. 11

  12. Past insider attack  Attacker knows everything up to some phase t0 that may not be known to the system.  A fired employee, for example ( Image Credit: Bio Job Blog ).  Can block any ε -fraction of servers  Can generate any set of put/get requests, one per server. 12

  13. Goals  Scalability : every server spends at most polylog time and work on put and get requests.  Robustness : every get request to a data item inserted or updated after t0 is served correctly.  Correctness : every get request to a data item is served correctly if the system is not under DoS-attack.  The paper does not seek to prevent DoS attacks, but rather focuses on how to maintain a good availability and performance during the attack. 13

  14. Also, distributing the load evenly among all nodes Image credit: Internet! 14

  15. Basic strategy  Choose suitable hash functions h 1 ,..,h c :D → V (D: name space of data, V: set of servers)  Store copy of item d for every i and j randomly in a set of servers of size 2 j that contains h i (d) h i (d) difficult to difficult to easy to easy to find block find block 15

  16. Put and Get Requests  Most get requests can access close-by copies, only a few get requests have to find distant copies.  Work for each server altogether just polylog(n) for any set of n get requests, one per server.  All areas must have up-to-date copies, so put requests may fail under DoS attack. h i (d) 16

  17. Distributed Hash Table (DHT)  Chameleon employs the idea of DHT.  Decentralized distributed systems that provide a lookup service of (key, value) pairs: any participating node can efficiently retrieve the value associated with a given key. Image credit: http://en.wikipedia.org/wiki/Distributed_hash_table  17

  18. Data stores  Data management of Chameleon relies on two stores:  p-store : a static DHT, in which the positions of the data items are fixed unless they are updated.  t-store: a classic dynamic DHT that constantly refreshes its topology and positions of items ( not known to a past insider). 18

  19. P-store  Nodes are completely interconnected and mapped to [0,1) .  A node i is responsible for the interval [i/n, (i+1)/n) . It is represented by log n bits, i.e. ∑ x i /2 i  The data items are also mapped to [0, 1) , based on fixed hash functions h 1 ,..,h c : U → [0, 1) (known by everybody).  For each data item d, the lowest level i = 0 gives fixed storage locations h 1 (d), ..., h c (d) for d of which O(log n) are picked at random to store up-to-date copies of d.  Replicas are along prefix paths in the p-store. 19

  20. P-store, prefix path 20

  21. T-store  In order to correctly store the copies of a data item d, Ω (log n) roots should be reached, which may not always be possible due to a past-insider attack. T-store is used to temporarily store data.  Its topology is a de Bruijn-like network with logarithmic node degree, is constructed from scratch in every phase.  de Bruijn graphs are useful as they have a logarithmic diameter and a high expansion. t-store 21

  22. T-store, de Bruijn graph  [0, 1)- space is partitioned into intervals of size ß log n/n .  In every phase, every non-blocked node chooses a random position x in the interval.  Then tries to establish connections to all other nodes that selected the positions x, x-, x+, x/2, (x+1)/2  Image credit: http://en.wikipedia.org/wiki/De_Bruijn_graph 22

  23. New T-store  Once the t-store has been established, the nodes at position 0 select a random hash function h : U → [0, 1) (by leader election) and broadcast that to all nodes in the t-store.  Not known to a past insider after t0.  h determines the locations of the data items in the new t-store.  d in the old t-store is stored in the cluster responsible for h(d). t-store h(d) t-store 23

  24. Chameleon: Operational Details Image credit: Internet!

  25. Overall procedure in a phase 1. Adversary blocks servers and initiates put & get requests 2. build new t-store, transfer data from old to new t-store 3. process all put requests in t-store 4. process all get requests in t-store and p-store 5. try to transfer data items from t-store to p-store t-store p-store Internet 25

  26. Stages  Stage 1: Building a New t-Store  Stage 2: Put Requests in t-Store  Stage 3: Processing Get Requests  Stage 4: Transferring Items 26

  27. Stage 1: Building a New t-Store  Join protocol: To form a de Bruijn network.  Every non-blocked node chooses new random location in de Bruijn network.  Searches for neighbors in p-store using join(x) operation.  Nodes in graph agree on a set of log n random hash functions g 1 , . . . , g c‘ : [0, 1) → [0, 1) via randomized leader election.  Randomized leader election : each node guesses a random bit string and the one with lowest bit string wins and proposes the hash functions, in O(log n) round/time. 27

  28. Stage 1: Building a New t-Store, cont.  Insert protocol : to transfer data items from the old t-store to the new t-store.  For every cluster in the old t-store with currently non-blocked nodes, one of its nodes issues an insert(d) request for each of the data items d stored in it.  Each of these requests is sent to the nodes owning g 1 (x), . . . , g c‘ (x) in the p-store, where x = ⌊ h(d) ⌋ (δ log n)/n.  Each non-blocked node collects all data items d to point x and forwards them to those contacted it in the join protocol.  O(n) items w.h.p. 28

  29. Stage 2: Put Requests in t-Store  New put requests are served in the t-store: for a put(d) requests, a t-put(d) request is executed.  Each t-put(d) request aims at storing d in the cluster responsible for h(d) passing.  The t-put requests are sent to their destination clusters using de Bruijn paths , e.g. X → Y  (x 1 , …, x logn ) → (y logn , x 1 , …, x logn -1 ) → … → (y 1 , …, y logn )  Filtering mechanism:  Only one of the same t-put requests survives. d  Routing rule : d d  Just ρ log 2 n to pass a node  O(logn) time, O(log 2 n) congestion. d 29

  30. Stage 3: Processing Get Requests  First: in the t-store using the t-get protocol  de Bruijn routing with combining to lookup data in t-store  O(log n) time and O(log 2 n) congestion  Second: If cannot be served in the t-store, then store in the p-store using the p-get protocol.  Three stages: preprocessing, contraction and expansion  Filtering : almost similar to t-put. name d name d name d name d 30

  31. Stage 3: Processing p-Get Requests, Preprocessing  P-get Preprocessing : Determines blocked areas via sampling.  Every non-blocked node v checks the state of α log n random nodes in T i (v) for every 0 ≤ i ≤ log n.  If >= 1/4 of the nodes are blocked, v declares T i (v) as blocked .  O(1) time: Since the checking can be done in parallel.  O(log 2 n) congestion 31

Recommend

Coastal Climate Information System (CCIS) in WRIS Coastal Climate Information System in WRIS

Coastal Climate Information System (CCIS) in WRIS Coastal Climate Information System in WRIS

Coastal Climate Information System (CCIS) in WRIS Coastal Climate Information System in WRIS About Coastal Climate Data As part of project, exhaustive database related to hydro dynamic and meteorological variables developed and analyzed to

369 views • 9 slides
Spark: Resilient Distributed Datasets as Workflow System H. Andrew Schwartz CSE545 Spring 2020

Spark: Resilient Distributed Datasets as Workflow System H. Andrew Schwartz CSE545 Spring 2020

Spark: Resilient Distributed Datasets as Workflow System H. Andrew Schwartz CSE545 Spring 2020 Big Data Analytics, The Class Goal: Generalizations A model or summarization of the data. Data Frameworks Algorithms and Analyses Similarity

779 views • 58 slides
Resilient Food Systems, Resilient Cities Presented by Kim Zeuli Resilience A

Resilient Food Systems, Resilient Cities Presented by Kim Zeuli Resilience A

Resilient Food Systems, Resilient Cities Presented by Kim Zeuli Resilience A resilient Growing food Processing system Distribution 60% of NYCs produce; 50% meat and fish 28% of site in

181 views • 15 slides
Corruption in the criminal justice system: a robust and resilient system Cheyanne

Corruption in the criminal justice system: a robust and resilient system Cheyanne

Corruption in the criminal justice system: a robust and resilient system Cheyanne Scharbatke-Church The Fletcher School/Tufts, CDA, Besa cheyanne@besacsc.org Our purpose develop an analytic process to understand the system of corruption in

554 views • 26 slides
Provenance in Dynamic Linked Data Marcin Wylot Linking Everything: Dynamic Graphs

Provenance in Dynamic Linked Data Marcin Wylot Linking Everything: Dynamic Graphs

Provenance in Dynamic Linked Data Marcin Wylot Linking Everything: Dynamic Graphs Integrated and summarized uncertain graph data Dynamic physical and logical network of things Necessity to established transparency 2 Data

850 views • 17 slides
MEDIA LAUNCH PLANNER OVERVIEW One Dynamic Hub The Data Center Exchange is the best of

MEDIA LAUNCH PLANNER OVERVIEW One Dynamic Hub The Data Center Exchange is the best of

MEDIA LAUNCH PLANNER OVERVIEW One Dynamic Hub The Data Center Exchange is the best of print publications, online communities and social networking packaged into one dynamic hub. INFORMATION EXCHANGED It is designed to attract and retain

235 views • 8 slides
Passenger Transport Services Dynamic Purchasing System (DPS) Supplier Information Day Andrew

Passenger Transport Services Dynamic Purchasing System (DPS) Supplier Information Day Andrew

Provision of Passenger Transport Services Dynamic Purchasing System (DPS) Supplier Information Day Andrew Patten Lancashire Procurement Service Brian Derbyshire Integrated Transport Service Agenda Housekeeping Introduction

420 views • 38 slides
Program Analysis Extracting static and dynamic information from a software system Program

Program Analysis Extracting static and dynamic information from a software system Program

Program Analysis Extracting static and dynamic information from a software system Program Analysis Extracting information, in order to present abstractions of, or answer questions about, a software system Static Analysis: Examines the

754 views • 32 slides
Information System & Database Design CS105 What is an Information System? Storage and

Information System & Database Design CS105 What is an Information System? Storage and

Information System & Database Design CS105 What is an Information System? Storage and organization of data Resource planning Customer relationship management (CRM) Patient management Information System vs. Filesystem Directory

304 views • 9 slides
IT Telecommunication Technology 1 Information System (IS) Model Performance Control System

IT Telecommunication Technology 1 Information System (IS) Model Performance Control System

INFORMATION SYSTEM & TECHNOLOGY by Kudang B. Seminar, PhD 2/9/2015 1 Definition of Information Technology Information Technology (IT) is an electronic technology for the acquisition, processing, storing, & retrieving of data and

697 views • 7 slides
Retrofits for Resiliency - How to Make an Existing Solar PV System into an Islandable Resilient

Retrofits for Resiliency - How to Make an Existing Solar PV System into an Islandable Resilient

Energy Storage Technology Advancement Partnership (ESTAP) Webinar: Retrofits for Resiliency - How to Make an Existing Solar PV System into an Islandable Resilient Power System November 12, 2015 Hosted by Todd Olinsky-Paul ESTAP Project

561 views • 27 slides
Dynamic Light Implementation of Dynamic Lighting Pilot System in Town of akovec Medjimurje

Dynamic Light Implementation of Dynamic Lighting Pilot System in Town of akovec Medjimurje

Dynamic Light Final Conference , Germany 26 th 27 th March 2019 Wismar Dynamic Light Implementation of Dynamic Lighting Pilot System in Town of akovec Medjimurje Energy Agency Ltd. MENEA / Town of akovec Alen Vinji, M.Sc. /

723 views • 21 slides
Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics

Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics

Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics System Institute Alpen-Adria University, Klagenfurt, Austria DeepSec 2017, Vienna Recent developments (since > 2014 ) 1. Socioeconomic 2.

246 views • 20 slides
View Helper Context The system creates presentation content, which requires processing of dynamic

View Helper Context The system creates presentation content, which requires processing of dynamic

View Helper Context The system creates presentation content, which requires processing of dynamic business data. Problem Presentation tier changes occur often and are difficult to develop and maintain when business data access logic and

58 views • 3 slides
Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Example How many registers do we need a := 0 1 for the program on the right? L1: b := a + 1 2

408 views • 12 slides
Resilience Engineering (RE) A system is resilient if it can adjust its functioning prior to,

Resilience Engineering (RE) A system is resilient if it can adjust its functioning prior to,

Resilience Engineering (RE) A system is resilient if it can adjust its functioning prior to, during, or following events (changes, disturbances, and opportunities), and thereby sustain required operations under both expected and unexpected

488 views • 14 slides
Introductjon to EuroEXA EuroEXA: Co-designed Innovatjon and System for Resilient Exascale

Introductjon to EuroEXA EuroEXA: Co-designed Innovatjon and System for Resilient Exascale

Introductjon to EuroEXA EuroEXA: Co-designed Innovatjon and System for Resilient Exascale Computjng in Europe: From Applicatjons to Silicon Enrico Calore This project has received funding from the European INFN Ferrara, Italy Unions Horizon

362 views • 21 slides
Developing a Resilient Workforce Why Are We Here Today? The Role of Resiliency in the

Developing a Resilient Workforce Why Are We Here Today? The Role of Resiliency in the

Engage. Inspire. Thrive. Developing a Resilient Workforce Why Are We Here Today? The Role of Resiliency in the Dynamic Workplace Who We Are and How We Coach The Link Between Reskilling and Resiliency Helping Employees

484 views • 20 slides
FAROS: Illuminating In-Memory Injection Attacks via Provenance-based Whole System Dynamic

FAROS: Illuminating In-Memory Injection Attacks via Provenance-based Whole System Dynamic

FAROS: Illuminating In-Memory Injection Attacks via Provenance-based Whole System Dynamic Information Flow Tracking Meisam Navaki Arefi , Geoffrey Alexander, Hooman Rokham, Aokun Chen, Michalis Faloutsos, Xuetao Wei, Daniela Seabra Oliveira and

588 views • 32 slides
Dynamic Purchasing System South East Regional Meeting 9 th March 2017 Chris Davison 1

Dynamic Purchasing System South East Regional Meeting 9 th March 2017 Chris Davison 1

Dynamic Purchasing System South East Regional Meeting 9 th March 2017 Chris Davison 1 What is the Dynamic Purchasing System? Dynamic Purchasing System (DPS) is the new way to buy provision through the Flexible Support Fund Budget

534 views • 9 slides
Resilient Chicago 100 Resilient Cities is a global initiative that seeks to help cities around

Resilient Chicago 100 Resilient Cities is a global initiative that seeks to help cities around

Resilient Chicago 100 Resilient Cities is a global initiative that seeks to help cities around the world become more resilient to the physical, social, and economic challenges that are a growing part of the 21st century. Credit: City of Chicago

882 views • 47 slides
Modern MDL Meets Data Mining Insight, Theory, and Practice Part IV Dynamic Setting Kenji

Modern MDL Meets Data Mining Insight, Theory, and Practice Part IV Dynamic Setting Kenji

Modern MDL Meets Data Mining Insight, Theory, and Practice Part IV Dynamic Setting Kenji Yamanishi Graduate School of Information Science and Technology, the University of Tokyo August 4 th 2019 KDD Tutorial Part IV. Dynamic Setting

944 views • 60 slides
NII Homepage INFORMATION SYSTEMS IN JAPAN 2.1 The Science Information System and NACSIS / NII

NII Homepage INFORMATION SYSTEMS IN JAPAN 2.1 The Science Information System and NACSIS / NII

1. ECONOMICS OF INFORMATION Economics of Information Services 1.1 Microeconomics of Information 1961- Market Models with Asymmetric Information for Scientific and Technical Data in Information Cost / Value the Information Age: Lemon Market,

530 views • 6 slides
HI-CFG: Construction by Dynamic Binary Analysis, and Application to Attack Polymorphism Dan

HI-CFG: Construction by Dynamic Binary Analysis, and Application to Attack Polymorphism Dan

HI-CFG: Construction by Dynamic Binary Analysis, and Application to Attack Polymorphism Dan Caselden, Alex Bazhanyuk, Mathias Payer , Stephen McCamant, Dawn Song, UC Berkeley Recovering Information Knowledge of information (data) flow and

694 views • 32 slides

More recommend