上传人:bupt
上传时间:2017-12-01
视频描述:
主讲人: Yih-Chun Hu (University of Illinois at Urbana-Champaign, USA)
开始时间: 2017-12-01 14:00
结束时间: 2017-12-01 16:00
地点: 科研楼624
主办单位: 校学术委员会、网络技术研究院
主讲人介绍: Yih-Chun Hu is an Associate Professor with the Department of Electrical and Computer Engineering, University of Illinois at Urbana-Champaign, Urbana. His research interests are in security in networked systems, with particular interest in the areas of wireless, future Internet architectures, cyberphysical systems, and medical systems. He received the B.S. degree in computer science and pure mathematics from the University of Washington, Seattle, in 1997, and the Ph.D. degree in computer science
内容摘要:
As the Internet plays a significant role in all facets of our lives, network security has come to be an important problem. Security and performance have long been thought to be orthogonal, or perhaps even opposing, goals. In this talk, I will discuss two areas where feedback from Network Performance can bring improved availability, one of the classical security properties.
First, I will describe MiddlePolice, an approach that mitigates volumetric DDoS attacks, which overwhelm the bandwidth of a destination, and are amongst the most common DDoS attacks today. Most previous work either scrubs DDoS traffic inside the cloud using a one-size-fits-all scrubbing algorithm, or use network capabilities that restrict source sending rates to receiver-determined levels consent, but which require the network to enforce these capabilities. MiddlePolice seeks the best of both worlds: the deployability of DDoS-protection-as-a-service solutions and the destination-based control of network capability systems. I will present results showing that by allowing feedback from the destination to the provider, MiddlePolice can effectively enforce destination-chosen policies, while requiring no deployment from unrelated parties.
Second, I will describe Secure MAC, a Medium Access Control protocol that is resilient to adversarial attacks. A Medium Access Control protocol is designed to help wireless transmitters avoid simultaneous transmission, increasing the system capacity by improving the signal-to-noise ratio. Previous MAC work considered model where all stations are selfish; the Nash equilibrium is that all stations transmit simultaneously. We consider a different model, in which most nodes are legitimate and protocol-compliant, where the balance of nodes are malicious and aim to minimize the capacity of the legitimate nodes. Despite this, we develop a MAC that converges to the best-possible performance under these circumstances; that is, we eventually relegate the malicious insider adversaries to outsider attackers that have no knowledge of the MAC layer in use.
分享
直播
专栏
