Abstract
Secure OS has been the focus of several studies. However, CPU resources, which are important resources for executing a program, are not the object of access control. For preventing the abuse of CPU resources, we had earlier proposed a new type of execution resource that controls the maximum CPU usage [5,6] The previously proposed mechanism can control only one process at a time. Because most services involve multiple processes, the mechanism should control all the processes in each service. In this paper, we propose an improved mechanism that helps to achieve a bound on the execution performance of a process group, in order to limit unnecessary processor usage. We report the results of an evaluation of our proposed mechanism.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CERT/CC Statistics (1988-2005), http://www.cert.org/stats/
Sekar, R., Bendre, M., Bollineni, P., Dhurjati, D.: A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. In: Proc. of IEEE Symposium on Security and Privacy, pp. 144–155 (2001)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Security-Enhanced Linux, http://www.nsa.gov/selinux/
Tabata, T., Hakomori, S., Yokoyama, K., Taniguchi, H.: Controlling CPU Usage for Processes with Execution Resource for Mitigating CPU DoS Attack. In: 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE 2007), pp. 141–146 (2007)
Tabata, T., Hakomori, S., Yokoyama, K., Taniguchi, H.: A CPU Usage Control Mechanism for Processes with Execution Resource for Mitigating CPU DoS Attack. International Journal of Smart Home 1(2), 109–128 (2007)
Garg, A., Reddy, A.: Mitigation of DoS attacks through QoS regulation. In: IEEE International Workshop on Quality of Service (IWQoS), pp.45–53 (2002)
Spatscheck, O., Petersen, L.L.: Defending Against Denial of Service Attacks in Scout. In: 3rd Symp. on Operating Systems Design and Implementation, pp. 59–72 (1999)
Banga, G., Druschel, P., Mogul, J.C.: Resource containers: A new facility for resource management in server systems. In: The Third Symposium on Operating Systems Design and Implementation (OSDI 1999), pp. 45–58 (1999)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yamauchi, T., Hara, T., Taniguchi, H. (2010). A Mechanism That Bounds Execution Performance for Process Group for Mitigating CPU Abuse. In: Kim, Th., Fang, Wc., Khan, M.K., Arnett, K.P., Kang, Hj., Ślęzak, D. (eds) Security Technology, Disaster Recovery and Business Continuity. Communications in Computer and Information Science, vol 122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17610-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-17610-4_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17609-8
Online ISBN: 978-3-642-17610-4
eBook Packages: Computer ScienceComputer Science (R0)