• Home
• News
•  
• Pastry et al.
• Wireless Mesh Networking
• Vehicular Networking Other projects
•  
• Biography
• Contact
•  
• Publications

Vigilante (worm containment)   |  Cashmere (Anonymous Routing)

---

Vigilante - A host-centric worm containment system

Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed a network centric approach to automate worm containment: network traffic is analyzed to derive a packet classifier that blocks (or rate-limits) worm propagation. This approach has fundamental limitations because the analysis has no information about the application vulnerabilities exploited by worms.

Vigilante is a new host centric approach for automatic worm containment that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts in the Internet but does not require hosts to trust each other. Hosts detect worms by analysing attempts to infect applications and broadcast self-certifying alerts (SCAs) when they detect a worm. SCAs are automatically generated machine-verifiable proofs of vulnerability; they can be independently and inexpensively verified by any host. Hosts can use SCAs to generate filters or patches that prevent infection. Preliminary result show that Vigilante can effectively contain fast spreading worms that exploit unknown vulnerabilities.

Publications:

M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham, "Vigilante: End-to-End Containment of Internet Worms", SOSP'05, Brighton, UK, October 2005. [ ps | pdf ]

M. Costa, J. Crowcroft, M. Castro and A. Rowstron, "Can we contain Internet worms?", HotNets III, San Diego, California, USA, November 2004. [ ps | pdf ]

---

Cashmere - a resilient anonymous routing infrastructure.

Anonymous routing protects user communication from identification by third-party observers. Existing anonymous routing layers utilize Chaum-Mixes for anonymity by relaying traffic through relay nodes called
mixes. The source defines a static forwarding path through which traffic is relayed to the destination. The resulting path is fragile and shortlived: failure of one mix in the path breaks the forwarding path and results in data loss and jitter before a new path is constructed. In this paper, we propose Cashmere, a resilient anonymous routing layer built on a structured peer-to-peer overlay. Instead of single-node mixes, Cashmere selects regions in the overlay namespace as mixes. Any node in a region can act as the MIX, drastically reducing the probability of a mix failure. We analyze Cashmere's anonymity and measure its performance through simulation and measurements, and show that it maintains high anonymity while providing orders of magnitude improvement in resilience to network dynamics and node failures.

Publications:

L. Zhuang, F. Zhou, B. Y. Zhao and A. Rowstron, "Cashmere: Resilient Anonymous Routing", NSDI'05, Boston, MA, USA, May 2004. [ ps | pdf ]