Thursday, April 5, 2007
4:15 pm
B17 Upson Hall

Computer Science
Spring 2007

Michael Walfish

Defending Networked Resources Against
Floods of Unwelcome Requests

The Internet is afflicted by unwelcome "requests", defined broadly as claims on a scarce resource, such as a server's CPU (in the case of spurious traffic whose purpose is to deny service) or a human's attention (in the case of spam). Traditional responses to these problems apply heuristics: they try to identify "bad" requests based on their content (e.g., in the way that spam filters analyze an email's text). This talk argues that heuristic attempts at filtering are inherently gameable and instead presents two systems that limit request volumes directly. The first is a denial-of-service mitigation in which clients are encouraged to automatically send *more* traffic to a besieged server. The "good" clients can thereby compete equally with the "bad" ones. The second is a system for enforcing *per-sender email quotas* to control spam. This system scales to a workload of millions of requests per second, tolerates Byzantine faults in its constituent hosts, and resists a variety of attacks.

Bio: Michael Walfish is a Ph.D. student in computer science at M.I.T. He received his B.A. from Harvard in 1998 and then worked for four years, three of those at Digital Fountain, Inc. His research interests are in networked systems, with sub-interests in security, performance, and network architecture.