Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol

Musab AlTurki; José Meseguer; Carl A. Gunter

doi:10.1016/j.entcs.2009.02.069

Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol

Musab AlTurki, José Meseguer, Carl A. Gunter

Research output: Contribution to journal › Article

Abstract

The Adaptive Selective Verification (ASV) protocol was recently proposed as an effective and efficient DoS countermeasure within the shared channel model, in which clients and attackers probabilistically share communication bandwidth with the server. ASV has been manually shown to satisfy some desirable availability and bandwidth consumption properties. Due to the probabilistic nature of the protocol and its underlying attacker model, it is intrinsically difficult to build a faithful model of the protocol with which one may automatically verify its properties. This paper fills the gap between manual analysis and simulation-based experimental analysis of ASV, through automated formal analysis. We describe a formal model of ASV using probabilistic rewrite theories, implemented in a probabilistic extension of Maude, and show how it can be used to formally verify various characteristics of ASV through automated statistical quantitative model checking analysis techniques. In particular, we formally verify ASV's connection confidence theorem and a slightly more general bandwidth consumption theorem of ASV. This is followed by a statistical comparison of ASV with non-adaptive selective verification protocols. We conclude with remarks on possible further development and future work.

Original language	English (US)
Pages (from-to)	3-18
Number of pages	16
Journal	Electronic Notes in Theoretical Computer Science
Volume	234
Issue number	C
DOIs	https://doi.org/10.1016/j.entcs.2009.02.069
State	Published - Mar 28 2009

Keywords

Adaptive Selective Verification
DoS
Formal Statistical Analysis
Maude
Probabilistic Rewrite Theories
Rewriting Logic

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1016/j.entcs.2009.02.069

Fingerprint Dive into the research topics of 'Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol'. Together they form a unique fingerprint.

Cite this

AlTurki, M., Meseguer, J., & Gunter, C. A. (2009). Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol. Electronic Notes in Theoretical Computer Science, 234(C), 3-18. https://doi.org/10.1016/j.entcs.2009.02.069

@article{cba7229c6d894a4cb37f3d565d8047cc,

title = "Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol",

abstract = "The Adaptive Selective Verification (ASV) protocol was recently proposed as an effective and efficient DoS countermeasure within the shared channel model, in which clients and attackers probabilistically share communication bandwidth with the server. ASV has been manually shown to satisfy some desirable availability and bandwidth consumption properties. Due to the probabilistic nature of the protocol and its underlying attacker model, it is intrinsically difficult to build a faithful model of the protocol with which one may automatically verify its properties. This paper fills the gap between manual analysis and simulation-based experimental analysis of ASV, through automated formal analysis. We describe a formal model of ASV using probabilistic rewrite theories, implemented in a probabilistic extension of Maude, and show how it can be used to formally verify various characteristics of ASV through automated statistical quantitative model checking analysis techniques. In particular, we formally verify ASV's connection confidence theorem and a slightly more general bandwidth consumption theorem of ASV. This is followed by a statistical comparison of ASV with non-adaptive selective verification protocols. We conclude with remarks on possible further development and future work.",

keywords = "Adaptive Selective Verification, DoS, Formal Statistical Analysis, Maude, Probabilistic Rewrite Theories, Rewriting Logic",

author = "Musab AlTurki and Jos{\'e} Meseguer and Gunter, {Carl A.}",

year = "2009",

month = mar,

day = "28",

doi = "10.1016/j.entcs.2009.02.069",

language = "English (US)",

volume = "234",

pages = "3--18",

journal = "Electronic Notes in Theoretical Computer Science",

issn = "1571-0661",

publisher = "Elsevier",

number = "C",

}

TY - JOUR

T1 - Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol

AU - AlTurki, Musab

AU - Meseguer, José

AU - Gunter, Carl A.

PY - 2009/3/28

Y1 - 2009/3/28

N2 - The Adaptive Selective Verification (ASV) protocol was recently proposed as an effective and efficient DoS countermeasure within the shared channel model, in which clients and attackers probabilistically share communication bandwidth with the server. ASV has been manually shown to satisfy some desirable availability and bandwidth consumption properties. Due to the probabilistic nature of the protocol and its underlying attacker model, it is intrinsically difficult to build a faithful model of the protocol with which one may automatically verify its properties. This paper fills the gap between manual analysis and simulation-based experimental analysis of ASV, through automated formal analysis. We describe a formal model of ASV using probabilistic rewrite theories, implemented in a probabilistic extension of Maude, and show how it can be used to formally verify various characteristics of ASV through automated statistical quantitative model checking analysis techniques. In particular, we formally verify ASV's connection confidence theorem and a slightly more general bandwidth consumption theorem of ASV. This is followed by a statistical comparison of ASV with non-adaptive selective verification protocols. We conclude with remarks on possible further development and future work.

AB - The Adaptive Selective Verification (ASV) protocol was recently proposed as an effective and efficient DoS countermeasure within the shared channel model, in which clients and attackers probabilistically share communication bandwidth with the server. ASV has been manually shown to satisfy some desirable availability and bandwidth consumption properties. Due to the probabilistic nature of the protocol and its underlying attacker model, it is intrinsically difficult to build a faithful model of the protocol with which one may automatically verify its properties. This paper fills the gap between manual analysis and simulation-based experimental analysis of ASV, through automated formal analysis. We describe a formal model of ASV using probabilistic rewrite theories, implemented in a probabilistic extension of Maude, and show how it can be used to formally verify various characteristics of ASV through automated statistical quantitative model checking analysis techniques. In particular, we formally verify ASV's connection confidence theorem and a slightly more general bandwidth consumption theorem of ASV. This is followed by a statistical comparison of ASV with non-adaptive selective verification protocols. We conclude with remarks on possible further development and future work.

KW - Adaptive Selective Verification

KW - DoS

KW - Formal Statistical Analysis

KW - Maude

KW - Probabilistic Rewrite Theories

KW - Rewriting Logic

UR - http://www.scopus.com/inward/record.url?scp=62849120147&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=62849120147&partnerID=8YFLogxK

U2 - 10.1016/j.entcs.2009.02.069

DO - 10.1016/j.entcs.2009.02.069

M3 - Article

AN - SCOPUS:62849120147

VL - 234

SP - 3

EP - 18

JO - Electronic Notes in Theoretical Computer Science

JF - Electronic Notes in Theoretical Computer Science

SN - 1571-0661

IS - C

ER -