Less harm, less worry or how to improve network security by bounding system offensiveness

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by D. Bruschi Articles by L. Cavallaro Articles by E. Rosti

16th Annual Computer Security Applications Conference (ACSAC'00)

New Orleans, Louisiana

December 11-December 15

ISBN: 0-7695-0859-6

	ASCII Text	x
	D. Bruschi, L. Cavallaro, E. Rosti, "Less harm, less worry or how to improve network security by bounding system offensiveness," Computer Security Applications Conference, Annual, pp. 188, 16th Annual Computer Security Applications Conference (ACSAC'00), 2000.

	BibTex	x
	@article{ 10.1109/ACSAC.2000.898872, author = {D. Bruschi and L. Cavallaro and E. Rosti}, title = {Less harm, less worry or how to improve network security by bounding system offensiveness}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2000}, issn = {1063-9527}, pages = {188}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898872}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Less harm, less worry or how to improve network security by bounding system offensiveness SN - 1063-9527 SP EP A1 - D. Bruschi, A1 - L. Cavallaro, A1 - E. Rosti, PY - 2000 KW - security of data; Internet; computer network management; network security; system offensiveness; security attacks; DoS attacks; Internet; security architectures; liability problem; intranet security; security tools performance; distributed tools VL - 0 JA - Computer Security Applications Conference, Annual ER -

D. Bruschi, Dipt. di Sci. dell'Inf., Univ. degli Studi di Milano, Italy

L. Cavallaro, Dipt. di Sci. dell'Inf., Univ. degli Studi di Milano, Italy

E. Rosti, Dipt. di Sci. dell'Inf., Univ. degli Studi di Milano, Italy

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898872

We describe a new class of tools for protecting computer systems from security attacks. Their distinguished feature is the principle they are based on. Host or network protection is not achieved by strengthening their defenses but by weakening the enemy's offensive capabilities. A prototype tool has been implemented that demonstrates that such an approach is feasible and effective. We show that some of the most popular DoS attacks are effectively blocked with limited impact on the sender's performance. Measurements of the implemented prototype show that controlling the outgoing traffic does not affect performance at the sender machine, when traffic is not hostile. If traffic is hostile, the limited slow down experienced at the source is the price to pay to make the Internet a safer place for all its users. The limited performance impact and the efficacy in attack prevention make tools like the one presented a new component of security architectures. Furthermore, such a type of tools represents an effective way to address security problems that are still unsolved or for which only partial solutions are available, such as the liability problem, intranet security, security tools performance and the use of distributed tools for intrusion.

Index Terms:

security of data; Internet; computer network management; network security; system offensiveness; security attacks; DoS attacks; Internet; security architectures; liability problem; intranet security; security tools performance; distributed tools

Citation:

D. Bruschi, L. Cavallaro, E. Rosti, "Less harm, less worry or how to improve network security by bounding system offensiveness," acsac, pp.188, 16th Annual Computer Security Applications Conference (ACSAC'00), 2000

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.