The Internet architecture has provided a powerful and successful strategy for the interconnection of digital communication systems.  Since the base model does not provide security by itself, protections are primarily obtained by systems at higher layers such as the application and transport layers.  For example, the Transport Layer Security (TLS) protocol provides strong guarantees of integrity and confidentiality between pairs of communicating parties over wired or wireless internetworks.  However, these strategies do not assure the availability of networked services, which remain vulnerable to Denial of Service (DoS) attacks on both the network and the edge systems.  Models for DoS are rudimentary compared to ones used for integrity and confidentiality breaches.  Better DoS models will enable more principled design of systems engineered for robust availability.

Our projects in this area focus on the development of abstract models and languages for describing DoS models and on countermeasures for DoS.   One project concerns the shared channel model and a collection of techniques collectively called selective verification that aim to use bandwidth limits as a strategy for protecting against DoS attacks.  In these investigations, an important line of study is the design and analysis of protocols for adaptive response to DoS attacks as a way to incur DoS protection costs only when an attack is underway.  Another area of investigation concerns protocols for the configuration of tunnel complexes, which are collections of security tunnels aimed at achieving an overall security objective such as assuring that traffic is authorized on a protected network.  Our work is based on formal models using term rewriting to examine especially the functional and DoS vulnerabilities of protocols that set up tunnel complexes.  This work is based on a formalism called the tunnel calculus which provides a notation and semantics for tunnel establishment suited to modeling protocols that discover security gateways and configure tunnel complexes.