Defending Networked Resources Against Unwelcome Request Floods

Michael WalfishMassachusetts Institute of TechnologyAbstract: The Internet is afflicted by unwelcome "requests", defined broadly as claims on a scarce resource, such as a server's CPU(in the case of spurious traffic whose purpose is to deny service) or a human's attention (in the case of spam). Traditional responses to these problems apply heuristics: they try to identify "bad" requests based on their content (e.g., in the way that spam filters analyze an email's text). This talk argues that heuristic attempts at filtering are inherently
gameable and instead presents two systems that limit request volumes directly. The first is a denial-of-service mitigation in which clients are encouraged to automatically send *more* traffic to a besieged server. The "good" clients can thereby compete equally with the "bad" ones. The second is a system for enforcing *per-sender email quotas* to control spam. This system scales to a workload of millions of requests per second, tolerates Byzantine faults in its constituent hosts, and resists a variety of external attacks. Biography: Michael Walfish is a Ph.D. student in computer science at M.I.T. He received his B.A. from Harvard in 1998 and then worked for four years, three of those at Digital Fountain, Inc. His research interests are in networked systems, with sub-interests in security, performance, and network architecture.Host: Ramesh GovindanSnack served!

Location: Seaver Science Library (SSL) - 150

Audiences: Everyone Is Invited

Contact: Nancy Levien