Defending Against Denial of Service Attacks in Scout

Abstract:

We describe a two-dimensional architecture for defending against
denial of service attacks. In one dimension, the architecture accounts
for all resources consumed by each I/O path in the system; this
accounting mechanism is implemented as an extension to the path object
in the Scout operating system. In the second dimension, the various
modules that define each path can be configured in separate protection
domains; we implement hardware enforced protection domains, although
other implementations are possible. The resulting system---which we
call Escort---is the first example of a system that simultaneously
does end-to-end resource accounting (thereby protecting against denial
of service attacks) and supports multiple protection domains (thereby
allowing untrusted modules to be isolated from each other). The paper
describes the Escort architecture and its implementation in Scout, and
reports a collection of experiments that measure the costs and
benefits of using Escort to protect a web server from denial of
service attacks.