W. Kaneko, K. Kono, and K. Shimizu (Japan)
Operating Systems, Resource Management, Security, Exe cutable Contents, Malicious Code
Resource-monopolizing Denial-of-Service (DoS) is one form of malicious code attack. An attacking code exclu sively uses shared resources and attempts to drop the re sponsiveness of the machine so low that it is practically useless. Resource-monopolizing DoS is difficult to prevent in commodity operating systems, because they allow every process to compete for shared resources in an uncontrolled manner. This paper presents preemptive resource manage ment, a scheme we developed to defend against resource monopolizing DoS. Preemptive resource management ex tensively applies priority and preemption to every type of resource. It controls resource allocation based on pri ority, and preempts resources allocated to lower-priority processes based on the availability of shared resources. The experimental results we obtained suggest that preemp tive resource management prevents resource-monopolizing DoS from impinging on the responsiveness of other inno cent processes.
Important Links:
Go Back