An optimization on requesting and authorization for capabilities architecture

Author

Jiang, Xianliang ; Jin, Guang ; Ni, Cuixia ; Xie, Zhijun ; Qian, Jiangbo

Author_Institution

Coll. of Inf. Sci. & Eng., Ningbo Univ., Ningbo, China

fYear

2011

fDate

27-29 June 2011

Firstpage

200

Lastpage

203

Abstract

Distributed Denial of Service (DDoS) attacks have resulted in huge economic loss and great harms to networks. In this paper, we in-depth analyze the shortcomings and lacks of capabilities existing in the router-based Traffic Validation Architecture (TVA) scheme and propose a new scheme with adjustable pre-capabilities and capabilities. It is able to effectively reduce the overall cost of run-time and improve the transmission efficiency in TVA without reducing the overall security of the original scheme. Meanwhile, we specify the concept of credit values that could precisely control the size of authorized capabilities and provide a standard to measure the overall safety of TVA. Furthermore, this paper also gives a new dynamic mechanism to grant capabilities using the proposed credit. The theoretical proof and practical simulation show that our scheme is feasible and effective.

Keywords

Internet; authorisation; computer network security; economics; optimisation; telecommunication security; telecommunication services; DDoS attacks; capabilities architecture; distributed denial of service; dynamic mechanism; economic loss; router-based traffic validation architecture; Computer architecture; Computer crime; Equations; IP networks; Mathematical model; Safety; Capability; Credit; DDoS; Network Security; Traffic Validation Architecture;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Service System (CSSS), 2011 International Conference on

Conference_Location

Nanjing

Print_ISBN

978-1-4244-9762-1

Type

conf

DOI

10.1109/CSSS.2011.5972118

Filename

5972118