Showing papers on "Differentiated service published in 1987"

A yellow-pages service for a local-area network

Abstract: We introduce a yellow-pages service that maps service names into server addresses. The service is novel in that it associates a set of attributes with each server. Clients specify the attributes the server should possess when requesting a service and the yellow-pages service determines what servers satisfy the request. In addition to describing the implementation of the yellow-pages service within a local-area network, we show how the service can be integrated with the available internet communication protocols to enable clients from throughout the internet to access local servers.

A formal specification and verification method for the prevention of denial of service in computer systems

Abstract: Denial of service is one of the major security concerns in computer systems. It occurs whenever a group of authorized users make the intended service indefinitely unavailable to another group of authorized users. In this thesis we introduce a new formal specification and verification method for the prevention of denial of service and its application to shared services written in the language Ada. A service specification model is introduced. A key component of that model is the separation of the service sharing mechanism from the service sharing policy. The need for specifying fairness and simultaneity formally within the sharing policy is discussed. For verification, we use a formal method for establishing the design-to-specification and the specification-to-code correspondences. This enables us to verify formally the prevention of denial of service at design and implementation stages. The specification and verification are provided using a language based on temporal logic. We argue that, in contrast with other properties, the prevention of denial of service requires specifications of service use; i.e., user agreements, which are external constraints on the service invocations and which must be obeyed by all service users. We show that the formal specification of the sharing policy and that of user agreements form the basis for proof of denial-of-service prevention. We also explain why the previous methods developed for the verification of liveness and safety properties of concurrent programs cannot be used directly to demonstrate absence of denial of service in shared services. We illustrate the difference between denial of service, security, and integrity problems and point out that formal specification and verification methods developed for these latter two areas cannot be used to demonstrate absence of denial of service. The underlying concepts of this method are illustrated through three detailed examples: resource allocation services, dining philosophers problem, and network access services. The first two examples demonstrate the application of this method to denial-of-service prevention in individual services. The third example demonstrates the application of this method to distributed services which are constructed from a set of mutual related component services and processes.