Macquarie Home | Course Handbook | Library | Campus Map | Macquarie Contacts
Home page

Macquarie University ResearchOnline

Home
Add
-List Of Titles -SBAC : service based access control

Please use this identifier to cite or link to this item: http://hdl.handle.net/1959.14/119171

43 Visitors 53 Hits 3 Downloads
FileDescriptionSizeFormat
SOURCE1Publisher version (open access)276 KBAdobe Acrobat PDFView/Open
Title
SBAC : service based access control
Related
IEEE International Conference on Engineering of Complex Computer Systems (14th : 2009) (2 - 4 June 2009 : Potsdam, Germany)
Related
14th IEEE International Conference on Engineering of Complex Computer Systems : ICECCS 2009 : proceedings : 2-4 June 2009, Potsdam, Germany, p.202-209
DOI
10.1109/ICECCS.2009.43
Publisher
Los Alamitos, Calif : IEEE Computer Society
Date
2009
FoR/RFCD Code(s)
080300 Computer Software  080500 Distributed Computing
Author/Creator
Tupakula, Udaya Kiran
Author/Creator
Varadharajan, Vijay
Author/Creator
Vuppala, Sunil Kumar
Description
In this paper we propose a dynamically invoked service based access control (SBAC) model to efficiently deal with the distributed denial of service (DDoS) attacks. The main idea of the SBAC is based on the observation that if the routers have information about the services that are running on the end host and can identify the upper layer traffic from the IP packet payload, then it becomes easy to differentiate between legitimate and attack traffic for that particular victim server. To minimise the overhead on the routers, the SBAC model is invoked during the attack times only and the victimpsilas traffic is processed separately. The boundary routers in SBAC model validate each incoming packet to the victim on a per server basis. Only the packets that are considered to be accessing the legitimate services are passed and the remaining packets are dropped. Hence, at this stage the victimpsilas network is immune to any dynamic changes in attack pattern if the attack packets are not accessing the legitimate services at the victim end. The packets that are considered to be accessing legitimate services of the victim machine/network are marked with a unique ID and destined to the victim. If any of the received packets are found to be malicious, the unique ID enables the victim to identify service specific attack signature for each ingress SBAC router and prevent the attack traffic at that particular router. We will also discuss how the SBAC model deals with attacks on the infrastructure of the autonomous system.
Description
8 page(s)
Subject Keyword
080300 Computer Software
Subject Keyword
080500 Distributed Computing
Resource Type
conference paper
Organisation
Macquarie University. Dept. of Computing
Identifier
http://hdl.handle.net/1959.14/119171
Identifier
ISBN:9780769537023
Identifier
mq-rm-2009004463
Language
eng
Full Text
Full Text
Reviewed
Reviewed
 
Image Thumbnail
Save/E-mail Citation
Citation Format
E-mail Address
Subject
"14th IEEE International Conference on Engineering of Complex Computer Systems : ICECCS 2009 : proceedings : 2-4 June 2009, Potsdam, Germany"
 
OR
  • Show All  
  • Show My Selections 
Advanced Search

Search

Browse

  • By Title 
  • By Author/Creator 
  • By Department/Centre 
  • By Subject Keyword 
  • By Journal/Conference 
  • By FoR/RFCD codes 
  • By Resource Type 
  • By Date 

Highlights

  • Most Accessed Objects 
  • Recent Additions 
  • Pending Publications 
  • Author Profiles 

Resources

  • About ResearchOnline 
  • FAQ 
  • Open Access 
  • Open Access-FAQs 
  • Copyright 
  • Contribute 
  • Help 
  • Contact
  • Terms and Conditions 
Valid XHTML 1.0 Strict Powered by VITAL

Copyright Macquarie University | Privacy Statement | Accessibility Information

ABN 90 952 801 237 | CRICOS Provider No 00002J
Library Staff Sign In