If the communication system of remote objects PBC does not incorporate the use of robust control algorithms for the connection, then get rid of one type of remote attacks on the compound system can be substituted by other types of UA - Denial of service.
Therefore, to ensure reliable operation and performance of each object distributed CS is first necessary to control the process of creating a connection.
The second task is obvious: as the network operating system can not simultaneously have an infinite number of open VC, then, if the VC is idle for a certain system time-out is its closure.
Next, consider a possible algorithm to ensure control over the creation of connections in PBC.
The main problem to be solved in this case, is not to allow one entity to take the interaction of all the virtual channels of the system.
Recall that when you create a VC system received a request to establish the connection is put in the queue, and when it comes to time, the system will work out the answer to the query and sends it back to the sender of the request. The task of controlling the establishment of the connection is just to define the rules based on which the system could either put the request in the queue or not.
If all the requests come automatically put the system in place (as constructed, all network operating systems that support the protocol TCP / IP), it is in case of attack leads to queue overflow and denial of service of all other legitimate requests.
This is due to the fact that the attacker sends so many requests per second, how much will the traffic (thousands of requests per second), and a regular user with a legal connection request can send a few requests per minute! Consequently, the probability of connection in such a situation, if the overflow queue, one to a million at best. It is therefore necessary to impose restrictions on the queuing of requests from one object.
However, if the PBC any object of the system can send a request on behalf of (with addresses) of any other system, as noted earlier, to solve the problem of control is not possible.
Therefore, to ensure this capability was introduced by Proposition 5, from which to every visitor on the package object must be specified route traversed by them, allowing up to a sub-network to confirm the authenticity of the sender. Given this fact, allowing weed out all packets with an invalid sender address, you can suggest the following condition setting request in turn: in the system introduces a restriction on the number of processed requests per second from one sub-network.
This is the maximum number of becoming a queue of requests per second is determined directly by the operating system and depends on the following parameters of the network operating system: speed, virtual memory, number of concurrent virtual channels, the queue length, etc.
Restrictions imposed do not allow an attacker to overflow the queue, since only its first few requests are queued for service, and the rest will be ignored.
The first request is authorized user of the other sub-networks will also be immediately put in place.
By cons of this method of solving the problem of control over the creation of compounds can be attributed the fact that, as the address of the sender can be authenticated with an accuracy of only up to a - network, an attacker can send requests on behalf of any object of this sub-network. Consequently, in the event of an attack all other objects from sub-network attacks will be unable to connect to uke object.
However, since, firstly, an attacker on the route specified in the package will be calculated up to its sub-network and, secondly, will not happen malfunction target of attack, such an attack is unlikely to be meaningful.
So, in conclusion of the regular requirement for secure communications systems in a distributed Sun
|