Security

STRIDE: Sanctuary Trail - Refuge From Internet DDoS Entrapment

Free registration required

Executive Summary

The authors propose STRIDE, a new DDoS-resilient Internet architecture that isolates attack traffic through viable band-width allocation, preventing a botnet from crowding out legitimate flows. This new architecture presents several novel concepts including tree-based bandwidth allocation and long-term static paths with guaranteed bandwidth. In concert, these mechanisms provide domain-based bandwidth guarantees within a trust domain - administrative domains grouped within a legal jurisdiction with enforceable account-ability; each administrative domain in the trust domain can then internally split such guarantees among its end-hosts to provide connection establishment with high probability, and precise bandwidth guarantees for established flows, regardless of the size or distribution of the botnet outside the source and the destination domains.

  • Format: PDF
  • Size: 338.39 KB