TY - JOUR
T1 - Defensive programming
T2 - 5th Symposium on Operating Systems Design and Implementation, OSDI 2002
AU - Qie, Xiaohu
AU - Pang, Ruoming
AU - Peterson, Larry
N1 - Funding Information:
We would like to thank the anonymous reviewers and Greg Ganger, our shepherd, for helping us improve the clarity and focus of the paper. This work was supported in part by NSF grant ANI-9906704, DARPA contract F30602-00-2-0561, and Intel Corporation.
PY - 2002/12/31
Y1 - 2002/12/31
N2 - This paper describes a toolkit to help improve the robustness of code against DoS attacks. We observe that when developing software, programmers primarily focus on functionality. Protecting code from attacks is often considered the responsibility of the 0S, firewalls and intrusion detection systems. As a result, many DoS vulnerabilities are not discovered until the system is attacked and the damage is done. Instead of reacting to attacks after the fact, this paper argues that a better solution is to make software defensive by systematically injecting protection mechanisnls into the code itself. Our toolkit provides an API that programmers use to annotate their code. At runtime, these annotations serve as both sensors and actuators: watching for resource abuse and taking the appropriate action should abuse be detected. This paper presents the design and implementation of tile toolkit, as well as evaluation of its effectiveness with three widely-deployed network services.
AB - This paper describes a toolkit to help improve the robustness of code against DoS attacks. We observe that when developing software, programmers primarily focus on functionality. Protecting code from attacks is often considered the responsibility of the 0S, firewalls and intrusion detection systems. As a result, many DoS vulnerabilities are not discovered until the system is attacked and the damage is done. Instead of reacting to attacks after the fact, this paper argues that a better solution is to make software defensive by systematically injecting protection mechanisnls into the code itself. Our toolkit provides an API that programmers use to annotate their code. At runtime, these annotations serve as both sensors and actuators: watching for resource abuse and taking the appropriate action should abuse be detected. This paper presents the design and implementation of tile toolkit, as well as evaluation of its effectiveness with three widely-deployed network services.
UR - http://www.scopus.com/inward/record.url?scp=84978378814&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84978378814&partnerID=8YFLogxK
U2 - 10.1145/844128.844134
DO - 10.1145/844128.844134
M3 - Conference article
AN - SCOPUS:84978378814
SN - 0163-5980
VL - 36
SP - 45
EP - 60
JO - Operating Systems Review (ACM)
JF - Operating Systems Review (ACM)
IS - Special Issue
Y2 - 9 December 2002 through 11 December 2002
ER -