CSE logo University of Washington Computer Science & Engineering
 TVA (Traffic Validation Architecture)
  CSE Home     Up  About Us    Search    Contact Info 

People
 Tom Anderson
 Timothy Roscoe (Intel Berkeley)
 David Wetherall
 Xiaowei Yang (UC Irvine)
   

Overview

Internet denial-of-service (DoS) attack based on flooding are a serious, ongoing problem for Web sites. They are a fundamental weakness of the existing Internet architecture (in which any host can send to any other host at any time) and hence difficult to defeat. We are working on an alternative network architecture that limits the impact of DoS floods from the outset yet is practical and incrementally deployable. The name of our system is TVA, the traffic validation architecture. It is a play on the Tennessee Valley Authority, which operates a large-scale network of dams to control flood damage, saving more than $200 million annually. The approach we have developed is the use of capabilities, in which senders obtain short-term authorizations from receivers that they use to stamp their packets so that routers can recognize legitimate traffic. 

Papers

  • A DoS-limiting Network Architecture
    X. Yang, D. Wetherall, and T. Anderson
    Proceedings of ACM SIGCOMM 2005, Philadelphia, PA, August 2005.
    Describes the design of TVA, a fairly complete capability-based architecture.
  • Preventing Internet Denial-of-Service with Capabilities (and the talk at HotNets-II MIT, 11-03.)
    T. Anderson, T. Roscoe and D. Wetherall
    Proceedings of the 2nd Workshop on Hot Topics in Networks (HotNets-II), Boston, MA, November 2003.
    Original "capabilities for DoS" paper. Argues for a forwarding architecture based on receiver's permission to send expressed as explicit capabilities.

Earlier Work

Most approaches to mitigate DoS floods process traffic according to its path through the network rather than its source address, as the latter may be spoofed. We pioneered the probabilistic traceback method for obtaining path signatures in earlier work.

  • Network Support for IP Traceback
    Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson,
    IEEE/ACM Transactions on Networking, 9(3):226-237, June 2001.
    Launched the probabilistic packet marking approach to the traceback problem. An earlier version appeared in SIGCOMM 2000.

 

CSE logo Computer Science & Engineering
University of Washington
Box 352350
Seattle, WA  98195-2350
(206) 543-1695 voice, (206) 543-2969 FAX
[comments to djw]