Preventing Denial-of-Service Attacks on a u-Kernel for WebOSes

        A goal of World-wide Web operating systems (WebOSes) is to enable clients to download executable content from servers connected to the World-wide Web (WWW). This will make applications more easily available to clients, but some of these applications may be malicious. Thus, a WebOSes must be able to control the downloaded content's behavior. In this paper, we examine a specific type of malicious activity: denial-of-service attacks by abuse of legal system operations. Current systems either do little to prevent denial-of-service attacks or have a limited scope of prevention. For a WebOSes, however, the ability to prevent denial-of-service should be an integral part of the system. We are developing a WebOSes using the L4 u-kernel as its substrate. In this paper, we evaluate L4 as a basis of a system that can prevent denial-of-service attacks. In particular, we identify the u-kernel-related resources are subject to denial-of-service attacks and define u-kernel mechanisms to defend against such attacks. Our analysis demonstrates that system resource utilization can be managed by trusted, user-level servers to prevent denial-of-service attacks on such resources.

By: Jochen Liedtke, Nayeem Islam and Trent Jaeger

Published in: RC20711 in 1997

This Research Report is not available electronically. Please request a copy from the contact listed below. IBM employees should contact ITIRC for a copy.

Questions about this service can be mailed to .