Stable availability under denial of service attacks through formal patterns

Jonas Eckhardt; Tobias Mühlbauer; Musab Alturki; José Meseguer; Martin Wirsing

doi:10.1007/978-3-642-28872-2_6

Stable availability under denial of service attacks through formal patterns

Jonas Eckhardt, Tobias Mühlbauer, Musab Alturki, José Meseguer, Martin Wirsing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Availability is an important security property for Internet services and a key ingredient of most service level agreements. It can be compromised by distributed Denial of Service (DoS) attacks. In this work we propose a formal pattern-based approach to study defense mechanisms against DoS attacks. We enhance pattern descriptions with formal models that allow the designer to give guarantees on the behavior of the proposed solution. The underlying executable specification formalism we use is the rewriting logic language Maude and its real-time and probabilistic extensions. We introduce the notion of stable availability, which means that with very high probability service quality remains very close to a threshold, regardless of how bad the DoS attack can get. Then we present two formal patterns which can serve as defenses against DoS attacks: the Adaptive Selective Verification (ASV) pattern, which enhances a communication protocol with a defense mechanism, and the Server Replicator (SR) pattern, which provisions additional resources on demand. However, ASV achieves availability without stability, and SR cannot achieve stable availability at a reasonable cost. As a main result we show, by statistical model checking with the PVeStA tool, that the composition of both patterns yields a new improved pattern which guarantees stable availability at a reasonable cost.

Original language	English (US)
Title of host publication	Fundamental Approaches to Software Engineering - 15th International Conference, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Proceedings
Pages	78-93
Number of pages	16
DOIs	https://doi.org/10.1007/978-3-642-28872-2_6
State	Published - 2012
Event	15th International Conference on Fundamental Approaches to Software Engineering, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012 - Tallinn, Estonia Duration: Mar 24 2012 → Apr 1 2012

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7212 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	15th International Conference on Fundamental Approaches to Software Engineering, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012
Country/Territory	Estonia
City	Tallinn
Period	3/24/12 → 4/1/12

Keywords

availability
cloud computing
denial of service
formal patterns
meta-object pattern
rewriting logic
statistical model checking

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Online availability

10.1007/978-3-642-28872-2_6

Library availability

Discover UIUC Full Text

Cite this

Eckhardt, J., Mühlbauer, T., Alturki, M., Meseguer, J., & Wirsing, M. (2012). Stable availability under denial of service attacks through formal patterns. In Fundamental Approaches to Software Engineering - 15th International Conference, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Proceedings (pp. 78-93). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7212 LNCS). https://doi.org/10.1007/978-3-642-28872-2_6

Stable availability under denial of service attacks through formal patterns. / Eckhardt, Jonas; Mühlbauer, Tobias; Alturki, Musab et al.
Fundamental Approaches to Software Engineering - 15th International Conference, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Proceedings. 2012. p. 78-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7212 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Eckhardt, J, Mühlbauer, T, Alturki, M, Meseguer, J & Wirsing, M 2012, Stable availability under denial of service attacks through formal patterns. in Fundamental Approaches to Software Engineering - 15th International Conference, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7212 LNCS, pp. 78-93, 15th International Conference on Fundamental Approaches to Software Engineering, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Tallinn, Estonia, 3/24/12. https://doi.org/10.1007/978-3-642-28872-2_6

Eckhardt J, Mühlbauer T, Alturki M, Meseguer J, Wirsing M. Stable availability under denial of service attacks through formal patterns. In Fundamental Approaches to Software Engineering - 15th International Conference, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Proceedings. 2012. p. 78-93. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-28872-2_6

Eckhardt, Jonas ; Mühlbauer, Tobias ; Alturki, Musab et al. / Stable availability under denial of service attacks through formal patterns. Fundamental Approaches to Software Engineering - 15th International Conference, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Proceedings. 2012. pp. 78-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{3bc234050eae49a6be3bd8d329c42552,

title = "Stable availability under denial of service attacks through formal patterns",

abstract = "Availability is an important security property for Internet services and a key ingredient of most service level agreements. It can be compromised by distributed Denial of Service (DoS) attacks. In this work we propose a formal pattern-based approach to study defense mechanisms against DoS attacks. We enhance pattern descriptions with formal models that allow the designer to give guarantees on the behavior of the proposed solution. The underlying executable specification formalism we use is the rewriting logic language Maude and its real-time and probabilistic extensions. We introduce the notion of stable availability, which means that with very high probability service quality remains very close to a threshold, regardless of how bad the DoS attack can get. Then we present two formal patterns which can serve as defenses against DoS attacks: the Adaptive Selective Verification (ASV) pattern, which enhances a communication protocol with a defense mechanism, and the Server Replicator (SR) pattern, which provisions additional resources on demand. However, ASV achieves availability without stability, and SR cannot achieve stable availability at a reasonable cost. As a main result we show, by statistical model checking with the PVeStA tool, that the composition of both patterns yields a new improved pattern which guarantees stable availability at a reasonable cost.",

keywords = "availability, cloud computing, denial of service, formal patterns, meta-object pattern, rewriting logic, statistical model checking",

author = "Jonas Eckhardt and Tobias M{\"u}hlbauer and Musab Alturki and Jos{\'e} Meseguer and Martin Wirsing",

note = "Funding Information: This work has been partially sponsored by the Software Engineering Elite Graduate Program, the EU-funded projects FP7-257414 ASCENS and FP7-256980 NESSoS, and AFOSR Grant FA8750-11-2-0084. The fourth author was also partially supported by the “Programa de Apoyo a la Investigaci{\'o}n y Desarrollo” (PAID-02-11) of the Universitat Polit{\`e}cnica de Val{\`e}ncia.; 15th International Conference on Fundamental Approaches to Software Engineering, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012 ; Conference date: 24-03-2012 Through 01-04-2012",

year = "2012",

doi = "10.1007/978-3-642-28872-2_6",

language = "English (US)",

isbn = "9783642288715",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "78--93",

booktitle = "Fundamental Approaches to Software Engineering - 15th International Conference, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Proceedings",

}

TY - GEN

T1 - Stable availability under denial of service attacks through formal patterns

AU - Eckhardt, Jonas

AU - Mühlbauer, Tobias

AU - Alturki, Musab

AU - Meseguer, José

AU - Wirsing, Martin

N1 - Funding Information: This work has been partially sponsored by the Software Engineering Elite Graduate Program, the EU-funded projects FP7-257414 ASCENS and FP7-256980 NESSoS, and AFOSR Grant FA8750-11-2-0084. The fourth author was also partially supported by the “Programa de Apoyo a la Investigación y Desarrollo” (PAID-02-11) of the Universitat Politècnica de València.

PY - 2012

Y1 - 2012

N2 - Availability is an important security property for Internet services and a key ingredient of most service level agreements. It can be compromised by distributed Denial of Service (DoS) attacks. In this work we propose a formal pattern-based approach to study defense mechanisms against DoS attacks. We enhance pattern descriptions with formal models that allow the designer to give guarantees on the behavior of the proposed solution. The underlying executable specification formalism we use is the rewriting logic language Maude and its real-time and probabilistic extensions. We introduce the notion of stable availability, which means that with very high probability service quality remains very close to a threshold, regardless of how bad the DoS attack can get. Then we present two formal patterns which can serve as defenses against DoS attacks: the Adaptive Selective Verification (ASV) pattern, which enhances a communication protocol with a defense mechanism, and the Server Replicator (SR) pattern, which provisions additional resources on demand. However, ASV achieves availability without stability, and SR cannot achieve stable availability at a reasonable cost. As a main result we show, by statistical model checking with the PVeStA tool, that the composition of both patterns yields a new improved pattern which guarantees stable availability at a reasonable cost.

AB - Availability is an important security property for Internet services and a key ingredient of most service level agreements. It can be compromised by distributed Denial of Service (DoS) attacks. In this work we propose a formal pattern-based approach to study defense mechanisms against DoS attacks. We enhance pattern descriptions with formal models that allow the designer to give guarantees on the behavior of the proposed solution. The underlying executable specification formalism we use is the rewriting logic language Maude and its real-time and probabilistic extensions. We introduce the notion of stable availability, which means that with very high probability service quality remains very close to a threshold, regardless of how bad the DoS attack can get. Then we present two formal patterns which can serve as defenses against DoS attacks: the Adaptive Selective Verification (ASV) pattern, which enhances a communication protocol with a defense mechanism, and the Server Replicator (SR) pattern, which provisions additional resources on demand. However, ASV achieves availability without stability, and SR cannot achieve stable availability at a reasonable cost. As a main result we show, by statistical model checking with the PVeStA tool, that the composition of both patterns yields a new improved pattern which guarantees stable availability at a reasonable cost.

KW - availability

KW - cloud computing

KW - denial of service

KW - formal patterns

KW - meta-object pattern

KW - rewriting logic

KW - statistical model checking

UR - http://www.scopus.com/inward/record.url?scp=84859149082&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84859149082&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-28872-2_6

DO - 10.1007/978-3-642-28872-2_6

M3 - Conference contribution

AN - SCOPUS:84859149082

SN - 9783642288715

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 78

EP - 93

BT - Fundamental Approaches to Software Engineering - 15th International Conference, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Proceedings

T2 - 15th International Conference on Fundamental Approaches to Software Engineering, FASE 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012

Y2 - 24 March 2012 through 1 April 2012

ER -

Stable availability under denial of service attacks through formal patterns

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this