Defensive programming

Using an annotation toolkit to build Dos-Resistant software

Xiaohu Qie, Ruoming Pang, Larry Lee Peterson

Research output: Contribution to journalArticle

22 Citations (Scopus)

Abstract

This paper describes a toolkit to help improve the robustness of code against DoS attacks. We observe that when developing software, programmers primarily focus on functionality. Protecting code from attacks is often considered the responsibility of the 0S, firewalls and intrusion detection systems. As a result, many DoS vulnerabilities are not discovered until the system is attacked and the damage is done. Instead of reacting to attacks after the fact, this paper argues that a better solution is to make software defensive by systematically injecting protection mechanisnls into the code itself. Our toolkit provides an API that programmers use to annotate their code. At runtime, these annotations serve as both sensors and actuators: watching for resource abuse and taking the appropriate action should abuse be detected. This paper presents the design and implementation of tile toolkit, as well as evaluation of its effectiveness with three widely-deployed network services.

Original languageEnglish (US)
Pages (from-to)45-60
Number of pages16
JournalOperating Systems Review (ACM)
Volume36
Issue numberSpecial Issue
DOIs
StatePublished - Dec 31 2002
Externally publishedYes

Fingerprint

Intrusion detection
Tile
Application programming interfaces (API)
Actuators
Sensors
Denial-of-service attack

ASJC Scopus subject areas

  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Defensive programming : Using an annotation toolkit to build Dos-Resistant software. / Qie, Xiaohu; Pang, Ruoming; Peterson, Larry Lee.

In: Operating Systems Review (ACM), Vol. 36, No. Special Issue, 31.12.2002, p. 45-60.

Research output: Contribution to journalArticle

@article{060abcee1c3446569637c160534a8b27,
title = "Defensive programming: Using an annotation toolkit to build Dos-Resistant software",
abstract = "This paper describes a toolkit to help improve the robustness of code against DoS attacks. We observe that when developing software, programmers primarily focus on functionality. Protecting code from attacks is often considered the responsibility of the 0S, firewalls and intrusion detection systems. As a result, many DoS vulnerabilities are not discovered until the system is attacked and the damage is done. Instead of reacting to attacks after the fact, this paper argues that a better solution is to make software defensive by systematically injecting protection mechanisnls into the code itself. Our toolkit provides an API that programmers use to annotate their code. At runtime, these annotations serve as both sensors and actuators: watching for resource abuse and taking the appropriate action should abuse be detected. This paper presents the design and implementation of tile toolkit, as well as evaluation of its effectiveness with three widely-deployed network services.",
author = "Xiaohu Qie and Ruoming Pang and Peterson, {Larry Lee}",
year = "2002",
month = "12",
day = "31",
doi = "10.1145/844128.844134",
language = "English (US)",
volume = "36",
pages = "45--60",
journal = "Operating Systems Review (ACM)",
issn = "0163-5980",
publisher = "Association for Computing Machinery (ACM)",
number = "Special Issue",

}

TY - JOUR

T1 - Defensive programming

T2 - Using an annotation toolkit to build Dos-Resistant software

AU - Qie, Xiaohu

AU - Pang, Ruoming

AU - Peterson, Larry Lee

PY - 2002/12/31

Y1 - 2002/12/31

N2 - This paper describes a toolkit to help improve the robustness of code against DoS attacks. We observe that when developing software, programmers primarily focus on functionality. Protecting code from attacks is often considered the responsibility of the 0S, firewalls and intrusion detection systems. As a result, many DoS vulnerabilities are not discovered until the system is attacked and the damage is done. Instead of reacting to attacks after the fact, this paper argues that a better solution is to make software defensive by systematically injecting protection mechanisnls into the code itself. Our toolkit provides an API that programmers use to annotate their code. At runtime, these annotations serve as both sensors and actuators: watching for resource abuse and taking the appropriate action should abuse be detected. This paper presents the design and implementation of tile toolkit, as well as evaluation of its effectiveness with three widely-deployed network services.

AB - This paper describes a toolkit to help improve the robustness of code against DoS attacks. We observe that when developing software, programmers primarily focus on functionality. Protecting code from attacks is often considered the responsibility of the 0S, firewalls and intrusion detection systems. As a result, many DoS vulnerabilities are not discovered until the system is attacked and the damage is done. Instead of reacting to attacks after the fact, this paper argues that a better solution is to make software defensive by systematically injecting protection mechanisnls into the code itself. Our toolkit provides an API that programmers use to annotate their code. At runtime, these annotations serve as both sensors and actuators: watching for resource abuse and taking the appropriate action should abuse be detected. This paper presents the design and implementation of tile toolkit, as well as evaluation of its effectiveness with three widely-deployed network services.

UR - http://www.scopus.com/inward/record.url?scp=84978378814&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84978378814&partnerID=8YFLogxK

U2 - 10.1145/844128.844134

DO - 10.1145/844128.844134

M3 - Article

VL - 36

SP - 45

EP - 60

JO - Operating Systems Review (ACM)

JF - Operating Systems Review (ACM)

SN - 0163-5980

IS - Special Issue

ER -