usenix conference policies
You are here
Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection
Packet floods targeting a victim’s incoming bandwidth are notoriously difficult to defend against. While a number of solutions have been proposed, such as network capabilities, thirdparty traffic scrubbing, and overlay-based protection, most suffer from drawbacks that limit their applicability in practice. We propose CAT, a new network-based flood protection scheme. In CAT, all flows must perform a three-way handshake with an in-network element to obtain permission to send data. The three-way handshake dissuades source spoofing and establishes a unique handle for the flow, which can then be used for revocation by the receiver. CAT offers the protection qualities of network capabilities, and yet does not require major architectural changes.
author = {Martin Casado and Aditya Akella and Pei Cao and Niels Provos and Scott Shenker},
title = {Cookies Along {Trust-Boundaries} ({{{{{CAT)}}}}}: Accurate and Deployable Flood Protection},
booktitle = {2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI 06)},
year = {2006},
address = {San Jose, CA},
url = {https://www.usenix.org/conference/sruti-06/cookies-along-trust-boundaries-cat-accurate-and-deployable-flood-protection},
publisher = {USENIX Association},
month = jul
}
connect with us