February 3, 1999
3085 ENG II
In attendance:
Matt Bishop (MB), Karl Levitt (KL), Tuomas Aura (TA), John Hughes (JH),
David O’Brien (DOB) and Nick Puketza (NP)


Review of John Hughes work
Ed Amoroso’s Paper "A Policy Model for Denial of Service"  
    1. Review of John Hughes work
      1. Limits with TCP protocols, RFC – High speed connections
        1. Limitations of sequence numbers
          1. Cycle through sequence numbers faster than 2 minute timeouts – opportunity to corrupt data stream with duplicate material
          2. Closing and reopening session quickly
          3. TCP Urgent mode offset
            1. Windows NT or 95 crashes or locks up with out of band data (urgent data)
          4. MB: Denial of Service "Bake-Offs" – results of competition published. Dan Lynch, Steven Kent or Karl Sunshine would have results.
      2. KL: Formal model – look for implied limits in RFC, undefined conditions, conditions containing "should" or "must"
        1. Buffers overflow, data structure, clock, implementation doesn’t terminate, property-based testing
          1. Prove that implement matches argument
          2. KL: Fairness – book written by author from Israel
    2. Ed Amoroso’s Paper "A Policy Model for Denial of Service"
      1. Policy model – difficult to prove in real world
      2. Priority and Criticality (defined as objects)
      3. Denial and Prevent functions
        1. TA: Deny – yes or no condition
          1. KL: Fairness is a better measure
      4. JH: Model doesn’t lend itself to CPU time
      5. MB: Paper focuses on starvation rather than bounty
        1. JH: Focuses on authorized users misusing systems