Mitigating Browser-based DDoS Attacks using CORP

被引：2

作者：

Agrawall, Akash ^{[1
]}

Chaitanya, Krishna ^{[2
]}

Agrawal, Arnav Kumar ^{[3
]}

Choppella, Venkatesh ^{[1
]}

机构：

[1] IIIT Hyderabad, Hyderabad, India

[2] Microsoft India, Hyderabad, India

[3] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA

来源：

PROCEEDINGS OF THE 10TH INNOVATIONS IN SOFTWARE ENGINEERING CONFERENCE | 2017年

关键词：

DDoS; Browser-based DDoS; Browser; !text type='Java']Java[!/text]script; Cross-origin requests; MITM (Man in the middle);

D O I：

10.1145/3021460.3021477

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

On March 27, 2015, Github witnessed a massive DDoS attack, the largest in Github's history till date. In this incident, browsers and users were used as vectors to launch the attack. In this paper, we analyse such browser-based DDoS attacks and simulate them in a lab environment. Existing browser security policies like Same Origin Policy (SOP), Content Security Policy (CSP) do not mitigate these attacks by design. In this paper we observe that CORP (Cross Origin Request Policy), a browser security policy, can be used to mitigate these attacks. CORP enables a server to control cross-origin interactions initiated by a browser. The browser intercepts the cross-origin requests and blocks unwanted requests by the server. This takes the load off the server to mitigate the attack.

引用

页码：137 / 146

页数：10

共 50 条

[31] Performance estimation techniques for browser-based applications
1600, Nippon Telegraph and Telephone Corp. (11):
[32] Browser-based online applications: Something for everyone!
Descy D.E.
TechTrends, 2007, 51 (2) : 3 - 5
[33] An online browser-based attentional blink replication using visual objects
Sharabas, Deena
Varlet, Manuel
Grootswagers, Tijl
PLOS ONE, 2023, 18 (08):
[34] Low-Cost Browser-Based Test Bench Using Arduino
Chiapputo, Nicholas
Depoian, Arthur C., II
Bailey, Colleen P.
PROCEEDINGS OF THE 2022 15TH IEEE DALLAS CIRCUITS AND SYSTEMS CONFERENCE (DCAS 2022), 2022,
[35] Browser-Based Accessibility Evaluation Tools for Beginners
McHale, Nina
JOURNAL OF WEB LIBRARIANSHIP, 2011, 5 (04) : 334 - 343
[36] A voltmeter with browser-based control: an inexpensive instrument
Subhasish Roy
Shreekantha Sil
Arani Chakravarti
Indian Journal of Physics, 2010, 84 : 301 - 307
[37] WEB PAGES CONTENT ANALYSIS USING BROWSER-BASED VOLUNTEER COMPUTING
Turek, Wojciech
Nawarecki, Edward
Dobrowolski, Grzegorz
Krupa, Tomasz
Majewski, Przemyslaw
COMPUTER SCIENCE-AGH, 2013, 14 (02): : 215 - 230
[38] Mitigating DDoS attacks in VANETs using a Variant Artificial Bee Colony Algorithm based on cellular automata
Thilak, K. Deepa
Amuthan, A.
Rajkamal, S.
SOFT COMPUTING, 2021, 25 (18) : 12191 - 12201
[39] A Framework for Mitigating DDoS and DOS Attacks in IoT Environment Using Hybrid Approach
Ghali, Abdulrahman Aminu
Ahmad, Rohiza
Alhussian, Hitham
ELECTRONICS, 2021, 10 (11)
[40] Mitigating DDoS attacks in VANETs using a Variant Artificial Bee Colony Algorithm based on cellular automata
K. Deepa Thilak
A. Amuthan
S. Rajkamal
Soft Computing, 2021, 25 : 12191 - 12201

← 1 2 3 4 5 →