SBAC

Service Based Access Control

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

10 Citations (Scopus)
7 Downloads (Pure)

Abstract

In this paper we propose a dynamically invoked Service Based Access Control (SBAC) Model to efficiently deal with the Distributed Denial of Service (DDoS) attacks. The main idea of the SBAC is based on the observation that if the routers have information about the services that are running on the end host and can identify the upper layer traffic from the IP packet payload, then it becomes easy to differentiate between legitimate and attack traffic for that particular victim server. To minimise the overhead on the routers, the SBAC model is invoked during the attack times only and the victim's traffic is processed separately. The boundary routers in SBAC model validate each incoming packet to the victim on a per server basis. Only the packets that are considered to be accessing the legitimate services are passed and the remaining packets are dropped. Hence, at this stage the victim's network is immune to any dynamic changes in attack pattern if the attack packets are not accessing the legitimate services at the victim end. The packets that are considered to be accessing legitimate services of the victim machine/network are marked with a unique ID and destined to the victim. If any of the received packets are found to be malicious, the unique ID enables the victim to identify service specific attack signature for each ingress SBAC router and prevent the attack traffic at that particular router. We will also discuss how the SBAC model deals with attacks on the infrastructure of the Autonomous System.

Original languageEnglish
Title of host publicationProceedings - 2009 14th IEEE International Conference on Engineering of Complex Computer Systems, ICECCS 2009
Place of PublicationLos Alamitos, CA, USA
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages202-209
Number of pages8
ISBN (Print)9780769537023
DOIs
Publication statusPublished - 2009
Event2009 14th IEEE International Conference on Engineering of Complex Computer Systems, ICECCS 2009 - Potsdam, Germany
Duration: 2 Jun 20094 Jun 2009

Other

Other2009 14th IEEE International Conference on Engineering of Complex Computer Systems, ICECCS 2009
CountryGermany
CityPotsdam
Period2/06/094/06/09

Fingerprint Dive into the research topics of 'SBAC: Service Based Access Control'. Together they form a unique fingerprint.

Cite this