A Language-Based Approach to Prevent DDoS Attacks in Distributed Financial Agent Systems
Reference: Fazeldehkordi, Owe, Ramezanifarkhani (2018). University of Oslo. Source file: A language-based approach to prevent DDoS attacks in distributed financial agent systems.pdf. URL
Summary
The authors propose adding a language-based layer of defense against DoS/DDoS to distributed financial agent systems built on the actor model with asynchronous method calls and futures (in the style of Creol/ABS). Because such languages make it cheap to launch non-blocking floods, they adapt a static analysis for detecting call-flooding cycles to the many-to-one DDoS setting.
The analysis builds per-method control-flow graphs, identifies cycles, and classifies nodes as strongly- or weakly-reachable to detect unbounded method-call generation at compile time. They distinguish one-to-one, many-to-one, and one-to-many flooding, and illustrate with a publish/subscribe newsletter example where future-based optimization accidentally enables a DoS against subscribers.
Key Ideas
- Static detection of call-based flooding in actor-model languages with futures.
- Classification: one-to-one, many-to-one, one-to-many flooding.
- Strong vs weak reachability in control-flow cycles.
- Instantiation flooding (unbounded object creation) as a resource-exhaustion vector.
- Application to financial service subscriber systems.
Connections
Conceptual Contribution
Tags