[2017-05-18] Prof. Yih-Chun Hu, University of Illinois at Urbana-Champaign, ” MiddlePolice: Toward Enforcing Destination-Defined Policies in the Middle of the Internet”


Title: MiddlePolice: Toward Enforcing Destination-Defined Policies in the Middle of the Internet

Date: 2017-05-18 11:00am-12:00 pm

Location: R104, CSIE

Speaker: Prof. Yih-Chun Hu, University of Illinois at Urbana-Champaign

Hosted by: Prof. Hsu-Chun Hsiao


Volumetric attacks, which overwhelm the bandwidth of a destination, are amongst the most common DDoS attacks today. One practical approach to addressing these attacks is to redirect all destination traffic (e.g., via DNS or BGP) to a third-party, DDoS-protection-as-a-service provider (e.g. CloudFlare) that is well provisioned and equipped with filtering mechanisms to remove attack traffic before passing the remaining benign traffic to the destination. An alternative approach is based on the concept of network capabilities, whereby source sending rates are determined by receiver consent, in the form of capabilities enforced by the network.


While both third-party scrubbing services and network capabilities can be effective at reducing unwanted traffic at an overwhelmed destination, DDoS-protection-as-a-service solutions outsource all of the scheduling decisions (e.g., fairness, priority and attack identification) to the provider, while capability-based solutions require extensive modifications to existing infrastructure to operate. 


This talk describes MiddlePolice, which seeks to marry the deployability of DDoS-protection-as-a-service solutions with the destination-based control of network capability systems. I will present results showing that by allowing feedback from the destination to the provider, MiddlePolice can effectively enforce destination-chosen policies, while requiring no deployment from unrelated parties.


Yih-Chun Hu is an Associate Professor with the Department of Electrical and Computer Engineering, University of Illinois at Urbana-Champaign, Urbana. His research interests are in security in networked systems, with particular interest in the areas of wireless, future Internet architectures, cyberphysical systems, and medical systems. He received the B.S. degree in computer science and pure mathematics from the University of Washington, Seattle, in 1997, and the Ph.D. degree in computer science from Carnegie Mellon University, Pittsburgh, PA, in 2003. After receiving his Ph.D. degree, he worked as a Post-Doctoral Researcher at the University of California, Berkeley.

最後修改時間:2017-05-10 PM 2:05

cron web_use_log