-
Discriminating Defense Against DDoS Attacks; a Novel Approach
Authors:
Naftaly H. Minsky
Abstract:
A recent paper (circa 2020) by Osterwile et al., entitled "21 Years of Distributed Denial of Service: A Call to Action", states: "We are falling behind in the war against distributed denial-of-service attacks. Unless we act now, the future of the Internet could be at stake." And an earlier (circa 2007) paper by Peng et al. states: "a key challenge for the defense [against DDoS attacks] is how to d…
▽ More
A recent paper (circa 2020) by Osterwile et al., entitled "21 Years of Distributed Denial of Service: A Call to Action", states: "We are falling behind in the war against distributed denial-of-service attacks. Unless we act now, the future of the Internet could be at stake." And an earlier (circa 2007) paper by Peng et al. states: "a key challenge for the defense [against DDoS attacks] is how to discriminate legitimate requests for service from malicious access attempts." This challenge has not been met yet, which is, arguably, a major reason for the dire situation described by Osterwile et al. -- thirteen years later. This paper attempts to meet an approximation to this challenge, by enabling a a site to define the kind of messages that it considers important, and by introducing an unambiguous criterion of discrimination between messages that a given site considers important, and all other messages sent to it. Two anti-DDoS mechanisms based on this criterion are introduced in this paper. One of these relies on lightweight support by routers; and the other one does not.
△ Less
Submitted 28 January, 2022;
originally announced January 2022.
-
Scalable, Secure and Broad-Spectrum Enforcement of Contracts, Without Blockchains
Authors:
Naftaly Minsky,
Chen Cong
Abstract:
This paper introduces a scalable and secure contract-enforcement mechanism, called Cop, which can be applied to a broad range of multi-agent systems including small and large systems, time-critical systems, and systems-of-systems. Cop enforces contracts (or protocols) via the existing Law- Governed Interaction (LGI) mechanism, coupled with a new protective layer that significantly enhances the dep…
▽ More
This paper introduces a scalable and secure contract-enforcement mechanism, called Cop, which can be applied to a broad range of multi-agent systems including small and large systems, time-critical systems, and systems-of-systems. Cop enforces contracts (or protocols) via the existing Law- Governed Interaction (LGI) mechanism, coupled with a new protective layer that significantly enhances the dependability and security of such enforcement. Cop is arguably superior to the currently popular blockchain-based smart-contract mechanisms, due to its scalability, interoperability, and the breadth of the spectrum of its domain of applications.
△ Less
Submitted 22 April, 2019;
originally announced April 2019.
-
Establishing Global Policies over Decentralized Online Social Networks
Authors:
Zhe Wang,
Naftaly H. Minsky
Abstract:
Conventional online social networks (OSNs) are implemented in a centralized manner. Although centralization is a convenient way for implementing OSNs, it has several well known drawbacks. Chief among them are the risks they pose to the security and privacy of the information maintained by the OSN; and the loss of control over the information contributed by individual members.
These concerns prom…
▽ More
Conventional online social networks (OSNs) are implemented in a centralized manner. Although centralization is a convenient way for implementing OSNs, it has several well known drawbacks. Chief among them are the risks they pose to the security and privacy of the information maintained by the OSN; and the loss of control over the information contributed by individual members.
These concerns prompted several attempts to create decentralized OSNs, or DOSNs. The basic idea underlying these attempts, is that each member of a social network keeps its data under its own control, instead of surrendering it to a central host; providing access to it to other members of the OSN according to its own access-control policy. Unfortunately all existing DOSN projects have a very serious limitation. Namely, they are unable to subject the membership of a DOSN, and the interaction between its members, to any global policy.
We adopt the decentralization idea underlying DOSNs, complementing it with a means for specifying and enforcing a wide range of policies over the membership of a social community, and over the interaction between its disparate distributed members. And we do so in a scalable fashion.
△ Less
Submitted 7 April, 2014;
originally announced April 2014.
-
Bracing Heterogeneous Distributed Systems via Built-in Frameworks
Authors:
Naftaly Minsky
Abstract:
This paper introduces a novel architecture of distributed systems--called framed distributed system, or FDS--that braces a given system via a built-in virtual framework that controls the flow of messages between system components and between them and their environment, while being oblivious of the code of the communicating components. This control is carried out in a decentralized, and thus scalab…
▽ More
This paper introduces a novel architecture of distributed systems--called framed distributed system, or FDS--that braces a given system via a built-in virtual framework that controls the flow of messages between system components and between them and their environment, while being oblivious of the code of the communicating components. This control is carried out in a decentralized, and thus scalable, manner. The FDS architecture is expected to have a significant impact on the dependability and security of distributed systems, and on the whole life cycle of such systems. Although this architecture has been designed specifically for SOA-like heterogeneous and open systems--whose components may be written in different languages, may run on different platforms, and may be designed, constructed, and even maintained under different administrative domains--it should be useful for distributed systems in general.
△ Less
Submitted 19 March, 2014;
originally announced March 2014.
-
Dependable Management of Untrusted Distributed Systems
Authors:
Naftaly Minsky
Abstract:
The conventional approach to the online management of distributed systems---represented by such standards as SNMP for network management, and WSDM for systems based on service oriented computing (SOC)---relies on the components of the managed system to cooperate in the management process, by providing the managers with the means to monitor their state and activities, and to control their behavior.…
▽ More
The conventional approach to the online management of distributed systems---represented by such standards as SNMP for network management, and WSDM for systems based on service oriented computing (SOC)---relies on the components of the managed system to cooperate in the management process, by providing the managers with the means to monitor their state and activities, and to control their behavior. Unfortunately, the trust thus placed in the cooperation of the managed components is unwarranted for many types of systems---such as systems based on SOA---making the conventional management of such systems unreliable and insecure.
This paper introduces a radically new approach to the management of distributed systems, called governance-based management (GBM), which is based on a middleware that can govern the exchange of messages between system components. GBM has a substantial ability to manage distributed systems, in a reliable and secure manner, even without any trustworthy cooperation of the managed components.
And it can fully incorporate the conventional management techniques wherever such cooperation can be trusted. GBM also supports a reflexive mode of management, which manages the management process itself, making it safer. However, GBM is still a work in progress, as it raises several open problems that needs to be addressed before this management technique can be put to practice.
△ Less
Submitted 17 March, 2014;
originally announced March 2014.
-
An Approach to Modularization of Distributed Systems
Authors:
Naftaly Minsky
Abstract:
Modularization is an important architectural principle underlying many types of complex systems. It tends to tame the complexity of systems, to facilitate their management, and to enhance their flexibility with respect to evolution. In software, modularization has been practiced and studied thoroughly in local, i.e. non-distributed systems. But very little attention has been paid so far to modular…
▽ More
Modularization is an important architectural principle underlying many types of complex systems. It tends to tame the complexity of systems, to facilitate their management, and to enhance their flexibility with respect to evolution. In software, modularization has been practiced and studied thoroughly in local, i.e. non-distributed systems. But very little attention has been paid so far to modularization in distributed systems. This is, in part, because distributed systems are inherently modularized, in the sense that the internals of each component of such a system is inaccessible to other components, thus satisfying the Parnas hiding principle. It is, however, the thesis of this paper that there is much to be gained by being able to treat groups of distributed components as modules, called here distributed modules. And that besides the conventional hiding principle, distributed modularization should provide additional capabilities, which rarely, if ever, figure in conventional modularized systems. These capabilities include, but are not limited to: the ability to impose constraints on which kind of messages can be sent from a given distributed-module to its outside; and the ability to create AOP-like crosscutting modules. This paper introduces a model of modular distributed system, orMDS, which satisfies such capabilities, and which is implemented via the LGI middleware.
△ Less
Submitted 24 September, 2013;
originally announced September 2013.
-
Picture-Hanging Puzzles
Authors:
Erik D. Demaine,
Martin L. Demaine,
Yair N. Minsky,
Joseph S. B. Mitchell,
Ronald L. Rivest,
Mihai Patrascu
Abstract:
We show how to hang a picture by wrapping rope around n nails, making a polynomial number of twists, such that the picture falls whenever any k out of the n nails get removed, and the picture remains hanging when fewer than k nails get removed. This construction makes for some fun mathematical magic performances. More generally, we characterize the possible Boolean functions characterizing when th…
▽ More
We show how to hang a picture by wrapping rope around n nails, making a polynomial number of twists, such that the picture falls whenever any k out of the n nails get removed, and the picture remains hanging when fewer than k nails get removed. This construction makes for some fun mathematical magic performances. More generally, we characterize the possible Boolean functions characterizing when the picture falls in terms of which nails get removed as all monotone Boolean functions. This construction requires an exponential number of twists in the worst case, but exponential complexity is almost always necessary for general functions.
△ Less
Submitted 26 April, 2014; v1 submitted 15 March, 2012;
originally announced March 2012.
