This page is dedicated to master's thesis of Michal Šafránek titled "Protecting webservers against specified attacks".
- Protecting webservers against specified attacks
- Mgr. Michal Šafránek <wejn shift-two box dot cz>
- doc. RNDr. Václav Matyáš, M.Sc., Ph.D.
- Faculty of Informatics, Masaryk university in Brno
This work describes problems related to protecting webservers against Denial-of-Service attacks (henceforth DoS) and authentication-mechanisms related attacks. Based on this description it offers list of possible solutions how to mitigate DoS attacks. It also describes new authentication scheme which is resistant against most common attacks. One of the secondary objectives of proposed scheme was backward compatibility with existing web applications on interface level.
In the first chapter we introduce TCP/IP and HTTP protocol (for those who aren't very familiar with them). Following chapter describes attacks on HTTP. It's divided into two parts -- DoS attacks and attacks to authentication mechanisms. Next chapter describes in great detail not only the proposed authentication scheme but also its evolution. Proposed version is then analyzed with regard to previously described attacks. This chapter also contains details about reference implementation. Next chapter describes tests performed on this reference implementation -- both performance and end-user tests. Final chapter contains brief recap and possible future work. Text comes with accompanying CD-ROM containing reference implementation and text in pdf form.
Proposed scheme was found adequate -- it performs well (compared to mod_auth from Apache's distribution) and it proved to be easy-to-use in end-user test. It's also noted that this scheme is ready for real-world deployment because even though reference implementation is for Apache only, the text itself provides firm base for alternative implementations.
Sorry, this master thesis is available in Czech language only.