Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data Planes

USENIX via YouTube

Overview

Learn about a groundbreaking network security research presentation from Princeton University researchers at USENIX Security '24 that introduces SmartCookie, an innovative defense system against SYN flooding attacks. Discover how this split-proxy defense system leverages programmable switches to achieve 100% blocking of SYN floods in the switch data plane while maintaining high performance for legitimate traffic. Explore the technical implementation that combines programmable switches with kernel technologies like eBPF to handle attack traffic at 136.9 Mpps without packet loss - two orders of magnitude better than traditional CPU-based defenses. Understand how the system achieves 2x-6.5x lower end-to-end latency for benign traffic compared to existing switch-based hardware defenses, making it a crucial solution for network providers processing hundreds of Gbps of traffic across thousands of servers.

Syllabus

USENIX Security '24 - SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense...

Taught by

USENIX

Reviews

Start your review of SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data Planes

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.