Technical Report Number
To isolate computations from denial of service (DoS) attacks and other forms of adversarial interference, it is necessary to constrain the effects of interactions among computations. This paper makes four contributions to research on isolation of computations from adversarial interference: (1) it describes the design and implementation of a kernel level scheduling policy to control the effects of adversarial attacks on computations’ execution; (2) it presents formal models of the system components that are involved in a representative DoS attack scenario; (3) it shows how model checking can be used to analyze that example scenario, under default Linux scheduling semantics and under our scheduling policy design; and (4) it presents empirical studies we have conducted to validate our scheduling policy implementation. Our results show that, with careful design, scheduling and detailed monitoring of computations’ behavior can be combined effectively to mitigate interference of attacks with computations’ execution.
Tidwell, Terry; Watkins, Noah; Subramonian, Venkita; Niehaus, Douglas; Gill, Armando; and Migliaccio, "The Design, Modeling, and Implementation of Group Scheduling for Isolation of Computations from Adversarial Interference" Report Number: WUCSE-2006-34 (2006). All Computer Science and Engineering Research.