IIIT Hyderabad Publications |
|||||||||
|
Mitigating Browser-based DDoS Attacks using CORPAuthors: Akash Agrawall,Krishna Chaitanya,Arnav Kumar Agrawal,Venkatesh Choppella Conference: Innovations in Software Engineering Conference, ISEC Date: 2017-02-05 Report no: IIIT/TR/2017/7 AbstractOn March 27, 2015,Githubwitnessed a massive DDoS at- tack, the largest in Github's history till date. In this incident, browsers and users were used as vectors to launch the attack. In this paper, we analyse such browser-based DDoS attacks and simulate them in a lab environment. Existing browser security policies like Same Origin Policy (SOP), Content Security Policy (CSP) do not mitigate these attacks by design. In this paper we observe that CORP (Cross Origin Request Policy), a browser security policy, can be used to mitigate these attacks. CORP enables a server to control cross-origin interactions initiated by a browser. The browser intercepts the cross-origin requests and blocks unwanted requests by the server. This takes the load o the server to mitigate the attack. Full paper: pdf Centre for Software Engineering Research Lab |
||||||||
Copyright © 2009 - IIIT Hyderabad. All Rights Reserved. |