A2M: Access-Assured Mobile Desktop Computing

Angelos Stavrou, Ricardo Baratto, Angelos Keromytis, Jason Nieh

Proceedings of the 12th Information Security Conference (ISC 2009), Pisa, Italy, September 7-9, 2009, pp. 186-201

Abstract

Continued improvements in network bandwidth, cost, and ubiquitous access are enabling service providers to host desktop computing environments to address the complexity, cost, and mobility limitations of today’s personal com- puting infrastructure. However, distributed denial of service attacks can deny use of such services to users. We present A2 M, a secure and attack-resilient desktop computing hosting infrastructure. A2 M combines a stateless and secure commu- nication protocol, a single-hop Indirection-based network (IBN) and a remote display architecture to provide mobile users with continuous access to their desk- top computing sessions. Our architecture protects both the hosting infrastructure and the client’s connections against a wide range of service disruption attacks. Unlike any other DoS protection system, A2 M takes advantage of its low-latency remote display mechanisms and asymmetric traffic characteristics by using multi- path routing to send a small number of replicas of each packet transmitted from client to server. This packet replication through different paths, diversifies the client-server communication, boosting system resiliency and reducing end-to- end latency. Our analysis and experimental results on PlanetLab demonstrate that A2 M significantly increases the hosting infrastructure’s attack resilience even for wireless scenarios. Using conservative ISP bandwidth data, we show that we can protect against attacks involving thousands (150, 000) attackers, while providing good performance for multimedia and web applications and basic GUI interac- tions even when up to 30% and 50%, respectively, of indirection nodes become unresponsive.

PDF

isc2009:a2m

Columbia University Department of Computer Science