{"title":"在网络协议中使用流量守恒作为安全机制","authors":"John R. Hughes, T. Aura, M. Bishop","doi":"10.1109/SECPRI.2000.848451","DOIUrl":null,"url":null,"abstract":"The law of conservation of flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is an attractive tool with which to analyze network protocols for security properties. One of its uses is to detect disruptive network elements that launch denial of service attacks by absorbing or discarding packets. Its use requires several assumptions about the protocols being analyzed. We examine the WATCHERS algorithm to detect misbehaving routers. We show that it uses conservation of flow without sufficient verification of its assumptions, and can consequently be defeated. We suggest improvements to make the use of conservation of flow valid.","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"65","resultStr":"{\"title\":\"Using conservation of flow as a security mechanism in network protocols\",\"authors\":\"John R. Hughes, T. Aura, M. Bishop\",\"doi\":\"10.1109/SECPRI.2000.848451\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The law of conservation of flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is an attractive tool with which to analyze network protocols for security properties. One of its uses is to detect disruptive network elements that launch denial of service attacks by absorbing or discarding packets. Its use requires several assumptions about the protocols being analyzed. We examine the WATCHERS algorithm to detect misbehaving routers. We show that it uses conservation of flow without sufficient verification of its assumptions, and can consequently be defeated. We suggest improvements to make the use of conservation of flow valid.\",\"PeriodicalId\":373624,\"journal\":{\"name\":\"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2000-05-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"65\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECPRI.2000.848451\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECPRI.2000.848451","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Using conservation of flow as a security mechanism in network protocols
The law of conservation of flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is an attractive tool with which to analyze network protocols for security properties. One of its uses is to detect disruptive network elements that launch denial of service attacks by absorbing or discarding packets. Its use requires several assumptions about the protocols being analyzed. We examine the WATCHERS algorithm to detect misbehaving routers. We show that it uses conservation of flow without sufficient verification of its assumptions, and can consequently be defeated. We suggest improvements to make the use of conservation of flow valid.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
