Skip to main content
Springer Nature Link
Log in

A2M: Access-Assured Mobile Desktop Computing

  • Conference paper
Information Security (ISC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5735))

Included in the following conference series:

Abstract

Continued improvements in network bandwidth, cost, and ubiquitous access are enabling service providers to host desktop computing environments to address the complexity, cost, and mobility limitations of today’s personal computing infrastructure. However, distributed denial of service attacks can deny use of such services to users. We present A2M, a secure and attack-resilient desktop computing hosting infrastructure. A2M combines a stateless and secure communication protocol, a single-hop Indirection-based network (IBN) and a remote display architecture to provide mobile users with continuous access to their desktop computing sessions. Our architecture protects both the hosting infrastructure and the client’s connections against a wide range of service disruption attacks. Unlike any other DoS protection system, A2M takes advantage of its low-latency remote display mechanisms and asymmetric traffic characteristics by using multi-path routing to send a small number of replicas of each packet transmitted from client to server. This packet replication through different paths, diversifies the client-server communication, boosting system resiliency and reducing end-to-end latency. Our analysis and experimental results on PlanetLab demonstrate that A2M significantly increases the hosting infrastructure’s attack resilience even for wireless scenarios. Using conservative ISP bandwidth data, we show that we can protect against attacks involving thousands (150,000) attackers, while providing good performance for multimedia and web applications and basic GUI interactions even when up to 30% and 50%, respectively, of indirection nodes become unresponsive.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Citrix ICA Technology Brief. Technical White Paper, Boca Research (1999)

    Google Scholar 

  2. Cumberland, B., Carius, G., Muir, A.: Microsoft Windows NT Server 4.0, Terminal Server Edition: Technical Reference. Microsoft Press (August 1999)

    Google Scholar 

  3. Richardson, T., Stafford-Fraser, Q., Wood, K.R., Hopper, A.: Virtual Network Computing. IEEE Internet Computing 2(1), 33–38 (1998)

    Article  Google Scholar 

  4. DoS-Resistant Internet Working Group Meetings (February 2005), http://www.communicationsresearch.net/dos-resistant

  5. Hulme, G.: Extortion online. Information Week (September 13, 2004)

    Google Scholar 

  6. Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: Secure Overlay Services. In: Proceedings of ACM SIGCOMM, August 2002, pp. 61–72 (2002)

    Google Scholar 

  7. Andersen, D.G.: Mayday: Distributed Filtering for Internet Services. In: Proceedings of the 4th USENIX Symposium on Internet Technologies and Systems (USITS) (March 2003)

    Google Scholar 

  8. Baratto, R., Potter, S., Su, G., Nieh, J.: MobiDesk: Mobile Virtual Desktop Computing. In: Proceedings of the 10th Annual ACM International Conference on Mobile Computing and Networking (MobiCom) (September 2004)

    Google Scholar 

  9. Stavrou, A., Keromytis, A.: Countering DoS Attacks With Stateless Multipath Overlays. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), November 2005, pp. 249–259 (2005)

    Google Scholar 

  10. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote Trust Management System Version 2. RFC 2704 (September 1999)

    Google Scholar 

  11. CCITT: X.509: The Directory Authentication Framework. International Telecommunications Union, Geneva (1989)

    Google Scholar 

  12. Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and Secure Message Authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 216–233. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  13. Xuan, D., Chellappan, S., Wang, X.: Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks. In: Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS), March 2004, pp. 408–417 (2004)

    Google Scholar 

  14. Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial-of-Service Activity. In: Proceedings of the 10th USENIX Security Symposium, August 2001, pp. 9–22 (2001)

    Google Scholar 

  15. Nieh, J., Yang, S.J., Novik, N.: Measuring Thin-Client Performance Using Slow-Motion Benchmarking. ACM Transactions on Computer Systems (TOCS) 21(1), 87–115 (2003)

    Article  Google Scholar 

  16. Gummadi, K.P., Madhyastha, H.V., Gribble, S.D., Levy, H.M., Wetherall, D.: Improving the Reliability of Internet Paths with One-hop Source Routing. In: Proceedings of the 6th Symposium on Operating Systems Design & Implementation (OSDI) (December 2004)

    Google Scholar 

  17. Andersen, D.G., Snoeren, A.C., Balakrishnan, H.: Best-Path vs. Multi-Path Overlay Routing. In: Proceedings of the Internet Measurement Conference (October 2003)

    Google Scholar 

  18. Kaella, A., Pang, J., Shaikh, A.: A Comparison of Overlay Routing and Multihoming Route Control. In: Proceedings of ACM SIGCOMM, August/September 2004, pp. 93–106 (2004)

    Google Scholar 

  19. Su, A., Choffnes, D.R., Kuzmanovic, A., Bustamante, F.E.: Drafting Behind Akamai (Travelocity-Based Detouring). In: Proceedings of ACM SIGCOMM, September 2006, pp. 435–446 (2006)

    Google Scholar 

  20. Ioannidis, J., Bellovin, S.M.: Implementing Pushback: Router-Based Defense Against DDoS Attacks. In: Proceedings of the ISOC Symposium on Network and Distributed System Security (SNDSS) (February 2002)

    Google Scholar 

  21. Dean, D., Franklin, M., Stubblefield, A.: An Algebraic Approach to IP Traceback. In: Proceedings of the ISOC Symposium on Network and Distributed System Security (SNDSS), February 2001, pp. 3–12 (2001)

    Google Scholar 

  22. Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical Network Support for IP Traceback. In: Proceedings of ACM SIGCOMM, August 2000, pp. 295–306 (2000)

    Google Scholar 

  23. Snoeren, A., Partridge, C., Sanchez, L., Jones, C., Tchakountio, F., Kent, S., Strayer, W.: Hash-Based IP Traceback. In: Proceedings of ACM SIGCOMM (August 2001)

    Google Scholar 

  24. Li, J., Sung, M., Xu, J., Li, L.: Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2004)

    Google Scholar 

  25. Reiher, P., Mirkovic, J., Prier, G.: Attacking DDoS at the source. In: Proceedings of the 10th IEEE International Conference on Network Protocols (November 2002)

    Google Scholar 

  26. Yaar, A., Perrig, A., Song, D.: An Endhost Capability Mechanism to Mitigate DDoS Flooding Attacks. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2004)

    Google Scholar 

  27. Papadopoulos, C., Lindell, R., Mehringer, J., Hussain, A., Govindan, R.: COSSACK: Coordinated Suppression of Simultaneous Attacks. In: Proceedings of DISCEX III, April 2003, pp. 2–13 (2003)

    Google Scholar 

  28. Parno, B., Wendlandt, D., Shi, E., Perrig, A., Maggs, B., Hu, Y.C.: Portcullis: protecting connection setup from denial-of-capability attacks. SIGCOMM Comput. Commun. Rev. 37(4), 289–300 (2007)

    Article  Google Scholar 

  29. Baratto, R., Kim, L., Nieh, J.: THINC: A Virtual Display Architecture for Thin-Client Computing. In: Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP) (October 2005)

    Google Scholar 

  30. Morein, W.G., Stavrou, A., Cook, D.L., Keromytis, A.D., Misra, V., Rubenstein, D.: Using Graphic Turing Tests to Counter Automated DDoS Attacks Against Web Servers. In: Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS), October 2003, pp. 8–19 (2003)

    Google Scholar 

  31. Stavrou, A., Keromytis, A.D., Nieh, J., Misra, V., Rubenstein, D.: MOVE: An End-to-End Solution To Network Denial of Service. In: Proceedings of the ISOC Symposium on Network and Distributed System Security (SNDSS), February 2005, pp. 81–96 (2005)

    Google Scholar 

  32. Khattab, S.M., Sangpachatanaruk, C., Moss, D., Melhem, R., Znati, T.: Roaming Honeypots for Mitigating Service-Level Denial-of-Service Attacks. In: Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS), March 2004, pp. 238–337 (2004)

    Google Scholar 

  33. Scheifler, R.W., Gettys, J.: X Window System, 3rd edn. Digital Press (1992)

    Google Scholar 

  34. Schmidt, B.K., Lam, M.S., Northcutt, J.D.: The interactive performance of SLIM: a stateless, thin-client architecture. In: 17th ACM Symposium on Operating Systems Principles (SOSP), December 1999, vol. 34, pp. 32–47 (1999)

    Google Scholar 

  35. Lai, A., Nieh, J.: Limits of Wide-Area Thin-Client Computing. In: Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), June 2002, pp. 228–239 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, George Mason University, USA

    Angelos Stavrou

  2. Computer Science Department, Columbia University, USA

    Ricardo A. Barrato, Angelos D. Keromytis & Jason Nieh

Authors
  1. Angelos Stavrou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ricardo A. Barrato
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Angelos D. Keromytis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jason Nieh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Tecnologie dell’ Informazione, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, (CR), Italy

    Pierangela Samarati

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

  3. Information Security Group, Pisa Research Area, Istituto di Informatica e Telematica - IIT Consiglio Nazionale delle Ricerche - C.N.R., Via. G. Moruzzi 1, 56125, Pisa, Italy

    Fabio Martinelli

  4. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, (CR), Italy

    Claudio A. Ardagna

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Stavrou, A., Barrato, R.A., Keromytis, A.D., Nieh, J. (2009). A2M: Access-Assured Mobile Desktop Computing. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04474-8_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04474-8_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04473-1

  • Online ISBN: 978-3-642-04474-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics