Middlepolice: Toward enforcing destination-defined policies in the middle of the internet

Zhuotao Liu, Hao Jiny, Yih Chun Hu, Michael Bailey

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Volumetric attacks, which overwhelm the bandwidth of a destination, are amongst the most common DDoS attacks today. One practical approach to addressing these attacks is to redirect all destination traffic (e.g., via DNS or BGP) to a third-party, DDoS-protection-as-a-service provider (e.g., CloudFlare) that is well provisioned and equipped with filtering mechanisms to remove attack traffic before passing the remaining benign traffic to the destination. An alternative approach is based on the concept of network capabilities, whereby source sending rates are determined by receiver consent, in the form of capabilities enforced by the network. While both third-party scrubbing services and network capabilities can be effective at reducing unwanted traffic at an overwhelmed destination, DDoS-protection-as-a-service solutions outsource all of the scheduling decisions (e.g., fairness, priority and attack identification) to the provider, while capability-based solutions require extensive modifications to existing infrastructure to operate. In this paper we introduce MiddlePolice, which seeks to marry the deployability of DDoS-protection-as-a-service solutions with the destinationbased control of network capability systems. We show that by allowing feedback from the destination to the provider, MiddlePolice can effectively enforce destination-chosen policies, while requiring no deployment from unrelated parties.

Original languageEnglish (US)
Title of host publicationCCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages1268-1279
Number of pages12
ISBN (Electronic)9781450341394
DOIs
StatePublished - Oct 24 2016
Event23rd ACM Conference on Computer and Communications Security, CCS 2016 - Vienna, Austria
Duration: Oct 24 2016Oct 28 2016

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
Volume24-28-October-2016
ISSN (Print)1543-7221

Other

Other23rd ACM Conference on Computer and Communications Security, CCS 2016
CountryAustria
CityVienna
Period10/24/1610/28/16

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Middlepolice: Toward enforcing destination-defined policies in the middle of the internet'. Together they form a unique fingerprint.

  • Cite this

    Liu, Z., Jiny, H., Hu, Y. C., & Bailey, M. (2016). Middlepolice: Toward enforcing destination-defined policies in the middle of the internet. In CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 1268-1279). (Proceedings of the ACM Conference on Computer and Communications Security; Vol. 24-28-October-2016). Association for Computing Machinery. https://doi.org/10.1145/2976749.2978306