45 research outputs found
A Model for Access Negotiations in Dynamic Coalitions
The process of negotiating common access states in dynamic coalitions that comprise tens of autonomous domains sharing hundreds of resources is time-consuming and error-prone if performed without the benefit of automated tools. This process is also repetitive since, during the lifetime of a dynamic coalition, member domains must undertake the task of negotiating common access states multiple times as domains leave and new ones join the coalition. To define and verify the correctness of tools for automated negotiation, we develop a formal state-transition model of the process of negotiating a common access state. We extend an existing Role Based Access Control (RBAC) language to illustrate a wide variety of negotiation constraints and present a resolution procedure for verifying the satisfaction of such constraints in the state-transition model
Analysis of complex contagions in random multiplex networks
We study the diffusion of influence in random multiplex networks where links
can be of different types, and for a given content (e.g., rumor, product,
political view), each link type is associated with a content dependent
parameter in that measures the relative bias type- links
have in spreading this content. In this setting, we propose a linear threshold
model of contagion where nodes switch state if their "perceived" proportion of
active neighbors exceeds a threshold \tau. Namely, a node connected to
active neighbors and inactive neighbors via type- links will turn
active if exceeds its threshold \tau. Under this
model, we obtain the condition, probability and expected size of global
spreading events. Our results extend the existing work on complex contagions in
several directions by i) providing solutions for coupled random networks whose
vertices are neither identical nor disjoint, (ii) highlighting the effect of
content on the dynamics of complex contagions, and (iii) showing that
content-dependent propagation over a multiplex network leads to a subtle
relation between the giant vulnerable component of the graph and the global
cascade condition that is not seen in the existing models in the literature.Comment: Revised 06/08/12. 11 Pages, 3 figure
Guaranteeing Access in Spite of Distributed Service-Flooding Attacks
We argue that open networks designed using end-to-end arguments are particularly vulnerable to flooding, and that this vulnerability persists as hardware and operating systems technologies advance
Pittsburgh, PA 15213FLoc: Dependable Link Access for Legitimate Traffic in Flooding Attacks
Abstract — Malware-contaminated hosts organized as a “bot network ” can target and flood network links (e.g., routers). Yet, none of the countermeasures to link flooding proposed to date have provided dependable link access (i.e., bandwidth guarantees) for legitimate traffic during such attacks. In this paper, we present a router subsystem called FLoc (Flow Localization) that confines attack effects and provides differential bandwidth guarantees at a congested link: (1) packet flows of uncontaminated domains (i.e., Autonomous Systems) receive better bandwidth guarantees than packet flows of contaminated ones; and (2) legitimate flows of contaminated domains are guaranteed substantially higher bandwidth than attack flows. FLoc employs new preferential packet-drop and traffic-aggregation policies that limit “collateral damage ” and protect legitimate flows from a wide variety of flooding attacks. We present FLoc’s analytical model for dependable link access, a router design based on it, and illustrate FLoc’s effectiveness using simulations of different flooding strategies and comparisons with other flooding defense schemes. Internet-scale simulation results corroborate FLoc’s effectiveness in the face of large-scale attacks in the real Internet. I