Homework #3 - DoS Defense / Capabilities - Due Sunday Sep 4, 11PM


Turn in this assignment via email (vern@berkeley.edu, plain text) by the due date, with the term Homework in the Subject.


In computer security, a capability is an unforgeable value that indicates that the possessor of the value has the authority to perform some action. That is, merely by being able to provide the capability to some system, the possessor of it is granted some sort of access to the system. A real-world analog would be how the possession of car keys grants the ability to unlock the doors and start the engine of the corresponding car.

Read the paper SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, Abraham Yaar, Adrian Perrig, and Dawn Song, IEEE S&P 2004

Note, if you're not familiar with client puzzles, then you may find section 5.3 hard to follow. Feel free to skip it. (If we have time, I will discuss puzzles in lecture.)

Briefly write up your views of:

  1. What are the main contributions of this paper?
  2. What parts of the paper do you find unclear? (optional)
  3. What parts of the paper are questionable? (That is, you think a conclusion may be wrong, an approach or evaluation technically flawed, or data ill-presented.)
  4. Today's Internet does not support a mechanism like SIFF, even though it was proposed more than 10 years ago. Explain your assessment of why this is the case. List any particular citations (either to formal literature or to less formal web articles/discussions) that you used in developing your assessment.