Abstract
Denial of Service (DoS) and Distributed DoS (DDoS) attacks, with even higher severity, are among the major security threats for distributed systems, and in particular in the financial sector where trust is essential.
In this paper, our aim is to develop an additional layer of defense in distributed agent systems to combat such threats. We consider a high-level object-oriented modeling framework for distributed systems, based on the actor model with support of asynchronous and synchronous method interaction and futures, which are sophisticated and popular communication mechanisms applied in many systems today. Our approach uses static detection to identify and prevent potential vulnerabilities caused by asynchronous communication including call-based DoS or DDoS attacks, possibly involving a large number of distributed actors.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ashford, W.: DDoS is most common cyber attack on financial institutions (blog post, 2016). https://www.computerweekly.com/news/4500272230/DDoS-is-most-common-cyber-attack-on-financial-institutions/
Boer, F.D., et al.: A survey of active object languages. ACM Comput. Surv. (CSUR) 50(5), 76 (2017)
Chang, R., Jiang, G., Ivancic, F., Sankaranarayanany, S., Shmatikov, V.: Inputs of Coma: static detection of denial-of-service vulnerabilities. In: 22nd IEEE Computer Security Foundations Symposium (CSF 2009), pp. 186–199. IEEE Computer Society (2009)
Colóon, M.A., Sipma, H.B.: Synthesis of linear ranking functions. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 67–81. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45319-9_6
Din, C.C., Owe, O.: A sound and complete reasoning system for asynchronous communication with shared futures. J. Log. Algebraic Methods Program. 83(5), 360–383 (2014)
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)
Gulavani, B.S., Gulwani, S.: A numerical abstract domain based on expression abstraction and max operator with application in timing analysis. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 370–384. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_35
Jensen, M., Gruschka, N., Herkenhöner, R.: A survey of attacks on web services. Comput. Sci. Res. Dev. 24(4), 185 (2009)
Johnsen, E.B., Hähnle, R., Schäfer, J., Schlatte, R., Steffen, M.: ABS: a core language for abstract behavioral specification. In: Aichernig, B.K., de Boer, F.S., Bonsangue, M.M. (eds.) FMCO 2010. LNCS, vol. 6957, pp. 142–164. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25271-6_8
Johnsen, E.B., Owe, O.: An asynchronous communication model for distributed concurrent objects. Softw. Syst. Model. 6(1), 35–58 (2007)
Karami, F., Owe, O., Ramezanifarkhani, T.: An evaluation of interaction paradigms for active objects. J. Log. Algebraic Methods Program. 103, 154–183 (2019)
Lambert, K.: Protecting financial institutions from DDoS attacks (blog post, 2018). https://www.imperva.com/blog/protecting-financial-institutions-from-ddos-attacks/
Meadows, C.: A formal framework and evaluation method for network denial of service. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp. 4–13 (1999)
Owe, O., McDowell, C.: On detecting over-eager concurrency in asynchronously communicating concurrent object systems. J. Log. Algebraic Methods Program. 90, 158–175 (2017)
Qie, X., Pang, R., Peterson, L.: Defensive programming: using an annotation toolkit to build DoS-resistant software. CM SIGOPS Oper. Syst. Rev. 36(SI), 45–60 (2002)
Ramezanifarkhani, T., Fazeldehkordi, E., Owe, O.: A language-based approach to prevent DDoS attacks in distributed object systems. In: 29th Nordic Workshop on Programming Theory. Turku Centre for Computer Science, November 2017 (extended abstract, 3 p.)
Urrico, R.: Denial of service attacks overwhelmingly target financial services: Verisign. Credit Union Times (2018). https://www.cutimes.com/2018/07/03/denial-of-service-attacks-overwhelmingly-target-fi/?slreturn=20190713065814/
Wilczek, M.: Why banks shouldn’t be in denial about DDoS attacks (blog post, 2018). https://www.globalbankingandfinance.com/why-banks-shouldnt-be-in-denial-about-ddos-attacks/
Zahoor, Z., Ud-din, M., Sunami, K.: Challenges in privacy and security in banking sector and related countermeasures. Int. J. Comput. Appl. 144(3), 24–35 (2016)
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)
Zheng, L., Myers, A.C.: End-to-end availability policies and noninterference. In: 18th IEEE Workshop Computer Security Foundations, CSFW-18 2005, pp. 272–286 (2005)
Acknowledgments
We thank the reviewers for significant feedback. This work is supported by the IoTSec project, the Norwegian Research Council (No. 248113/O70), and by the SCOTT project, the European Leadership Joint Undertaking under EU H2020 (No. 737422).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Fazeldehkordi, E., Owe, O., Ramezanifarkhani, T. (2020). A Language-Based Approach to Prevent DDoS Attacks in Distributed Financial Agent Systems. In: Fournaris, A., et al. Computer Security. IOSEC MSTEC FINSEC 2019 2019 2019. Lecture Notes in Computer Science(), vol 11981. Springer, Cham. https://doi.org/10.1007/978-3-030-42051-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-42051-2_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42050-5
Online ISBN: 978-3-030-42051-2
eBook Packages: Computer ScienceComputer Science (R0)