16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana
Less harm, less worry or how to to improve network security by bounding system offensiveness
Lorenzo Cavallaro &
UniversitÓ di Milano
In this paper we describe a new class of tools
for protecting computer systems from security attacks.
Their distinguished feature is the principle they are
Host or network protection is not achieved by
strengthening their defenses but by
weakening the enemy's offensive capabilities.
A prototype tool has been implemented that
demonstrates that such an approach is feasible and effective.
We show that some of the most popular DoS attacks are effectively
blocked, with limited impact on the sender's performance.
Measurements of the implemented prototype show that controlling
the outgoing traffic does not affect performance at the
sender machine, when traffic is not hostile.
If traffic is hostile, the limited slow down experienced
at the source is the price to pay to make the Internet a safer
place for all its users.
The limited performance impact and the efficacy
in attack prevention make tools like the one presented in this
paper a new component of security architectures.
Furthermore, such a type of tools represents an effective way
security problems that
are still unsolved or for which only partial solutions are
available, such as the liability problem, intranet security,
security tools performance and the use of distributed
tools for intrusion.
Read Paper (in PDF)