A2M: Access-Assured Mobile Desktop Computing

Continued improvements in network bandwidth, cost, and ubiquitous access are enabling service providers to host desktop computing environments to address the complexity, cost, and mobility limitations of today’s personal computing infrastructure. However, distributed denial of service attacks can deny use of such services to users. We present A

2

M, a secure and attack-resilient desktop computing hosting infrastructure. A

2

M combines a stateless and secure communication protocol, a single-hop Indirection-based network (IBN) and a remote display architecture to provide mobile users with continuous access to their desktop computing sessions. Our architecture protects both the hosting infrastructure and the client’s connections against a wide range of service disruption attacks. Unlike any other DoS protection system, A

2

M takes advantage of its low-latency remote display mechanisms and asymmetric traffic characteristics by using multi-path routing to send a small number of replicas of each packet transmitted from client to server. This packet replication through different paths, diversifies the client-server communication, boosting system resiliency and reducing end-to-end latency. Our analysis and experimental results on PlanetLab demonstrate that A

2

M significantly increases the hosting infrastructure’s attack resilience even for wireless scenarios. Using conservative ISP bandwidth data, we show that we can protect against attacks involving thousands (150,000) attackers, while providing good performance for multimedia and web applications and basic GUI interactions even when up to 30% and 50%, respectively, of indirection nodes become unresponsive.