2,915 research outputs found
Protecting web services with service oriented traceback architecture
Service oriented architecture (SOA) is a way of reorganizing software infrastructure into a set of service abstracts. In the area of applying SOA to Web service security, there have been some well defined security dimensions. However, current Web security systems, like WS-Security are not efficient enough to handle distributed denial of service (DDoS) attacks. Our new approach, service oriented traceback architecture (SOTA), provides a framework to be able to identify the source of an attack. This is accomplished by deploying our defence system at distributed routers, in order to examine the incoming SOAP messages and place our own SOAP header. By this method, we can then use the new SOAP header information, to traceback through the network the source of the attack. According to our experimental performance evaluations, we find that SOTA is quite scaleable, simple and quite effective at identifying the source.<br /
TCP throughput guarantee in the DiffServ Assured Forwarding service: what about the results?
Since the proposition of Quality of Service architectures by the IETF, the
interaction between TCP and the QoS services has been intensively studied. This
paper proposes to look forward to the results obtained in terms of TCP
throughput guarantee in the DiffServ Assured Forwarding (DiffServ/AF) service
and to present an overview of the different proposals to solve the problem. It
has been demonstrated that the standardized IETF DiffServ conditioners such as
the token bucket color marker and the time sliding window color maker were not
good TCP traffic descriptors. Starting with this point, several propositions
have been made and most of them presents new marking schemes in order to
replace or improve the traditional token bucket color marker. The main problem
is that TCP congestion control is not designed to work with the AF service.
Indeed, both mechanisms are antagonists. TCP has the property to share in a
fair manner the bottleneck bandwidth between flows while DiffServ network
provides a level of service controllable and predictable. In this paper, we
build a classification of all the propositions made during these last years and
compare them. As a result, we will see that these conditioning schemes can be
separated in three sets of action level and that the conditioning at the
network edge level is the most accepted one. We conclude that the problem is
still unsolved and that TCP, conditioned or not conditioned, remains
inappropriate to the DiffServ/AF service
ECN verbose mode: a statistical method for network path congestion estimation
This article introduces a simple and effective methodology to determine the
level of congestion in a network with an ECN-like marking scheme. The purpose
of the ECN bit is to notify TCP sources of an imminent congestion in order to
react before losses occur. However, ECN is a binary indicator which does not
reflect the congestion level (i.e. the percentage of queued packets) of the
bottleneck, thus preventing any adapted reaction. In this study, we use a
counter in place of the traditional ECN marking scheme to assess the number of
times a packet has crossed a congested router. Thanks to this simple counter,
we drive a statistical analysis to accurately estimate the congestion level of
each router on a network path. We detail in this paper an analytical method
validated by some preliminary simulations which demonstrate the feasibility and
the accuracy of the concept proposed. We conclude this paper with possible
applications and expected future work
- …