Mitigating TCP Protocol Misuse With Programmable Data Planes
نویسندگان
چکیده
This article proposes a new approach for detecting and mitigating the impact of misbehaving TCP end-hosts, specifically Optimistic ACK attack, Explicit Congestion Notification (ECN) abuse. In contrast to state-of-the-art, we show that it is possible mitigate such misbehavior leveraging emerging programmable data planes while not requiring any end-host or protocol modifications. A key challenge in doing so implement expressive, complex stateful functions plane within its restricted programming model. this regard, propose security monitoring function uses Extended Finite State Machine (EFSM) abstraction protocols plane. We also design mechanism mapping protocol's EFSM primitives. Our evaluation results demonstrate our can fully partially restore throughput loss caused by end-hosts manipulate congestion control through misinformation.
منابع مشابه
Mitigating incast-TCP congestion in data centers with SDN
In data center networks (DCNs), the presence of long lived TCP flows tends to bloat the switch buffers. As a consequence, short-lived TCP-incast traffic suffers repeated losses that often lead to loss recovery via timeout. Because the minimum retransmission timeout (minRTO) in most TCP implementations is fixed to around 200ms, interactive applications that often generate short-lived incast traf...
متن کاملRelaxing state-access constraints in stateful programmable data planes
Supporting the programming of stateful packet forwarding functions in hardware has recently attracted the interest of the research community. When designing such switching chips, the challenge is to guarantee the ability to program functions that can read and modify data plane’s state, while keeping line rate performance and state consistency. Current state-of-the-art designs are based on a ver...
متن کاملMitigating Android Software Misuse Before It Happens
Mobile phones running open operating systems such as Google Android will soon be the norm in cellular networks. These systems expose previously unavailable phone and network resources to application developers. However, with increased exposure comes increased risk. Poorly or maliciously designed applications can compromise the phone and network. While Android defines a base set of permissions t...
متن کاملSampling TCP Data-Path Quality with TCP Data Probes
In this paper, we present preliminary results of measuring TCP data-path quality using a new measurement tool called OneProbe. Unlike the existing tools, OneProbe uses legitimate TCP data probes to profile TCP data-path quality by sampling round-trip delay, one-way loss rate, and one-way reordering rate at the same time. This paper presents a set of recent measurement studies on a set of web se...
متن کاملVisualizing the Internet protocol TCP
Protocols are designed to ensure correct transmission of data when communicating over error-prone media. Understanding exactly how a protocol functions over time can be greatly enhanced if the protocol is visualized. This article discusses the Transmission Control Protocol used in the Internet, and presents an application that visualizes it. Future work aims at extending the application to show...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Network and Service Management
سال: 2021
ISSN: ['2373-7379', '1932-4537']
DOI: https://doi.org/10.1109/tnsm.2021.3054528