Preventing denial-of-service attacks on a μ-kernel for WebOSes

Jochen Liedtke, Nayeem Islam, Trent Jaeger

Research output: Contribution to conferencePaperpeer-review

17 Scopus citations

Abstract

A goal of World-wide Web operating systems (Web-OSes) is to enable clients to download executable content from servers connected to the World-wide web (WWW). This will make applications more easily available to clients, but some of these applications may be malicious. Thus, a WebOS must be able to control the downloaded content's behavior. In this paper, we examine a specific type of malicious activity: denial-of-service attacks using legal system operations. A denial-of-service attack occurs when an attacker prevents other users from performing their authorized operations even when the attacker may not be able to perform such operations. Current systems either do little to prevent denial-of-service attacks or have a limited scope of prevention of such attacks. For a WebOS, however, the ability to prevent denial-of-service should be an integral part of the system. We are developing a WebOS using the L4 μ-kernel as its substrate. In this paper, we evaluate L4 as a basis of a system that can prevent denial-of-service attacks. In particular, we identify the μ-kernel-related resources which are subject to denial-of-service attacks and define μ-kernel mechanisms to defend against such attacks. Our analysis demonstrates that system resource utilization can be managed by trusted, user-level servers to prevent denial-of-service attacks on such resources.

Original languageEnglish (US)
Pages73-79
Number of pages7
StatePublished - 1997
EventProceedings of the 1997 6th Workshop on Hot Topics in Operating Systems, HOTOS - Cape Cod, MA, USA
Duration: May 5 1997May 6 1997

Other

OtherProceedings of the 1997 6th Workshop on Hot Topics in Operating Systems, HOTOS
CityCape Cod, MA, USA
Period5/5/975/6/97

All Science Journal Classification (ASJC) codes

  • General Computer Science

Fingerprint

Dive into the research topics of 'Preventing denial-of-service attacks on a μ-kernel for WebOSes'. Together they form a unique fingerprint.

Cite this