"Protection of Network Quality of Service
Against Denial of Service Attacks"

As quality of service (QoS) capabilities are added to the Internet, they may become targets of attack by hackers. They may also be exploited in undesired ways by normal users. The mechanisms which provide QoS must be properly safeguarded against attack. There must also be a simple, flexible way for network administrators to define and enforce a variety of QoS policies.

The ARQoS project addresses these needs. The institutions collaborating on this project are N.C. State University, the University of California at Davis, and MCNC. The project has several components:

  1. Quality of Service is dependent upon proper allocation of network resources. When resource demand exceeds supply, a means of deciding among competing demands is needed. We advocate an approach based on pricing theory. This approach is flexible, scalable, efficient, and adapts quickly to changing network loads. We are applying this theory to many resource granularities and timescales. The scope of attacks is limited by this technique.
  2. Requests by users and responses from the network must be properly authorized and authenticated to prevent interference or forgery. We are working on authentication and authorization techniques that are robust, general, and effective. Attacks are prevented by this technique.
  3. Attacks cannot always be limited or prevented.We are investigating scalable methods for monitoring and analyzing QoS performance. Attacks are detected by this technique.
  4. Security mechanisms are installed and configured by administrators to accomplish security objectives, or policies. We are defining a policy specification language, and creating a method for determining if a set of security mechanisms are consistent with (accomplish) a policy specification.

This work is funded by a grant from the Defense Advanced Research Projects Agency, administered by the Air Force Rome Labs under contract F30602-99-1-0540. An abstract of the original proposal is also available.

last updated 02-feb-2002

contact: webmaster