Article

Attack resistant cache replacement for survivable services

Authors:

Mustaque Ahamad,

H. VenkateswaranAuthors Info & Claims

SSRS '03: Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security

Pages 64 - 71

https://doi.org/10.1145/1036921.1036928

Published: 31 October 2003 Publication History

Abstract

Many distributed services are susceptible to attacks by malicious clients that can significantly degrade their performance. Scalable distributed services make use of a variety of techniques which are vulnerable to such attacks. We explore the survivability of services when attacks target the scalability techniques employed by the services. In particular, we explore how the effectiveness of caching can be degraded when malicious clients manipulate cache management algorithms. We present an attack resistant replacement algorithm and show that it is much more effective in dealing with attacks compared to other widely deployed replacement algorithms.

References

[1]

Edward G. Coffman Jr., and Peter J. Denning, "Operating Systems Theory", Prentice-Hall, Inc., 1973.

Digital Library

[2]

Susanne Albers, "Competitive Online Algorithms", ISSN 1395-2048 BRICS lecture series, 1996.

[3]

Paolo Lorenzetti, Luigi Rizzo, and Lorenzo Vicisano, "Replacement Policies For A Proxy Cache", IEEE/ACM Transactions on networking, 1998.

[4]

Boeing proxy logs. http://www.web-caching.com/traces-logs.html

[5]

Carlos R. Cunha, Azer Bestavros, and Mark E. Crovella "Characteristics of WWW Client-based Traces", Technical Report BU-CS-95-010, Boston University Computer Science Department, 1995.

Digital Library

[6]

Squid Web Proxy Cache, http://www.squid-cache.org.

[7]

IRCACHE - the NLANR Web Caching Project, http://www.ircache.net

[8]

Jun Xu, "Sustaining Availability Of Web Services Under Severe Denial Of Service Attacks", Technical Report GIT-CC-01-10, 2001.

[9]

David Moore, Geoffrey M. Voelker, and Stefan Savage, "Inferring Internet Denial Of Service Activity", Proceedings of the 2001 USENIX security symposium, 2001.

Digital Library

[10]

Denial of Service (DOS) Attack Resources, http://www.denialinfo.com.

[11]

Martin F. Arlitt, and Carey L. Williamson, "Trace Driven Simulation of Document Caching Strategies for Internet Web Servers", The Society for Computer Simulation SIMULATION Journal, Jan. 1997.

[12]

Peng Liu and Lunquan Li, "A Game Theoretic Approach to Attack Prediction", Technical Report, PSU-S2-2002-01, Penn State University, 2002.

[13]

Evangelos P. Markatos, "Main Memory Caching Of Web Documents", Proceedings of the Fifth International WWW Conference, 1996.

Digital Library

[14]

Economics and Statistics Administration, U.S. Department of Commerce "Digital Economy 2000" June 2000.

[15]

D.J. Bernstein, and Eric Schenk, "SYN Cookies Firewall Project", http://www.bronzesoft.org/projects/scfw.

[16]

X. Axelsson, "Research in Intrusion Detection Systems: A survey", TR 98-17, Chalmers University, Sweden, 1999.

[17]

Elizabeth J. O'Neil, Patrick E. O'Neil and Gerhard Weikum, "The LRU-K Page Replacement Algorithm for Database Disk Buffering", Proc. ACM SIGMOD, 1993.

Digital Library

[18]

N. Megiddo and D. S. Modha, "ARC: A Self-tuning, Low Overhead Replacement Cache", Proc. 2nd Usenix Conference on File and Storage Technologies (FAST 03), 2003.

Digital Library

[19]

A.Sundaram, "An introduction to intrusion detection", ACM Crossroads 2.4 1996.

Digital Library

[20]

Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, "Practical Network Support for IP Traceback", Proceedings of ACM SIGCOMM 2000.

Digital Library

[21]

Frank Kargl, and Joern Maier, "Protecting Web Servers from Distributed Denial of Service Attacks", Tenth International World Wide Web Conference, May 2001.

Digital Library

[22]

Evangelos P. Markatos, "Main Memory Caching of Web Documents", Computer Networks and ISDN Systems, 1996.

Digital Library

[23]

Azer Bestavros et. al., "Application-Level Document Caching in the Internet", Proceedings of the IEEE SDNE 1995.

Digital Library

Cited By

Ghaznavi MJalalpour ESalahuddin MBoutaba RMigault DPreda S(2021)Content Delivery Network Security: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2021.309349223:4(2166-2190)Online publication date: Dec-2022
https://doi.org/10.1109/COMST.2021.3093492
Gadkari KWeikum MMassey DPapadopoulos C(2015)Pragmatic router FIB caching2015 IFIP Networking Conference (IFIP Networking)10.1109/IFIPNetworking.2015.7145296(1-9)Online publication date: May-2015
https://doi.org/10.1109/IFIPNetworking.2015.7145296
Mengjun Xie Widjaja IHaining Wang (2012)Enhancing cache robustness for content-centric networking2012 Proceedings IEEE INFOCOM10.1109/INFCOM.2012.6195632(2426-2434)Online publication date: Mar-2012
https://doi.org/10.1109/INFCOM.2012.6195632

Attack resistant cache replacement for survivable services
1. General and reference
  1. Cross-computing tools and techniques

Recommendations

Secure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Atacks
ISCA '17: Proceedings of the 44th Annual International Symposium on Computer Architecture

In cache-based side channel attacks, a spy that shares a cache with a victim probes cache locations to extract information on the victim's access patterns. For example, in evict+reload, the spy repeatedly evicts and then reloads a probe address, ...
Attack Resilience of Cache Replacement Policies
IEEE INFOCOM 2021 - IEEE Conference on Computer Communications
Caches are pervasively used in computer networks to speed up access by reusing previous communications, where various replacement policies are used to manage the cached contents. The replacement policy of a cache plays a key role in its performance, and ...
A Distributed Security Approach against ARP Cache Poisoning Attack
CySSS '22: Proceedings of the 1st Workshop on Cybersecurity and Social Sciences

The Address Resolution Protocol (ARP) has a critical function in the Internet protocol suite, however, it was not designed for security as it does not verify that a response to an ARP request really comes from an authorized party. This weak point in the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SSRS '03: Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security

October 2003

129 pages

ISBN:1581137842

DOI:10.1145/1036921

Program Chairs:
Peng Liu
Pennsylvania State University
,
Partha Pal
BBN Technologies

Copyright © 2003 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2003

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

CCS03

Sponsor:

SIGSAC

CCS03: Tenth ACM Conference on Computer and Communications Security 2003

October 31, 2003

VA, Fairfax

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
299
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ghaznavi MJalalpour ESalahuddin MBoutaba RMigault DPreda S(2021)Content Delivery Network Security: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2021.309349223:4(2166-2190)Online publication date: Dec-2022
https://doi.org/10.1109/COMST.2021.3093492
Gadkari KWeikum MMassey DPapadopoulos C(2015)Pragmatic router FIB caching2015 IFIP Networking Conference (IFIP Networking)10.1109/IFIPNetworking.2015.7145296(1-9)Online publication date: May-2015
https://doi.org/10.1109/IFIPNetworking.2015.7145296
Mengjun Xie Widjaja IHaining Wang (2012)Enhancing cache robustness for content-centric networking2012 Proceedings IEEE INFOCOM10.1109/INFCOM.2012.6195632(2426-2434)Online publication date: Mar-2012
https://doi.org/10.1109/INFCOM.2012.6195632

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents