Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack - Research portal of Justus Liebig University Giessen:

Conference paper

Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack

Authors list: Nguyen, Hoai Viet; Lo Iacono, Luigi; Federrath, Hannes

Appeared in: CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Editor list: Cavallaro, L.

Publication year: 2019

Pages: 1915-1936

eISBN: 978-1-4503-6747-9

DOI Link: https://doi.org/10.1145/3319535.3354215

Conference: 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19)

Abstract:

Web caching enables the reuse of HTTP responses with the aim to reduce the number of requests that reach the origin server, the volume of network traffic resulting from resource requests, and the user-perceived latency of resource access. For these reasons, a cache is a key component in modern distributed systems as it enables applications to scale at large. In addition to optimizing performance metrics, caches promote additional protection against Denial of Service (DoS) attacks. In this paper we introduce and analyze a new class of web cache poisoning attacks. By provoking an error on the origin server that is not detected by the intermediate caching system, the cache gets poisoned with the server-generated error page and instrumented to serve this useless content instead of the intended one, rendering the victim service unavailable. In an extensive study of fifteen web caching solutions we analyzed the negative impact of the CachePoisoned DoS (CPDoS) attack-as we coined it. We show the practical relevance by identifying one proxy cache product and five CDN services that are vulnerable to CPDoS. Amongst them are prominent solutions that in turn cache high-value websites. The consequences are severe as one simple request is sufficient to paralyze a victim website within a large geographical region. The awareness of the newly introduced CPDoS attack is highly valuable for researchers for obtaining a comprehensive understanding of causes and countermeasures as well as practitioners for implementing robust and secure distributed systems.

Authors/Editors

- Uni.-Prof. Dr.-Ing. Luigi Lo Iacono

Citation Styles

Harvard Citation style: Nguyen, H., Lo Iacono, L. and Federrath, H. (2019) Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack, in Cavallaro, L. (ed.) CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York, NY: Association for Computing Machinery. pp. 1915-1936. https://doi.org/10.1145/3319535.3354215

APA Citation style: Nguyen, H., Lo Iacono, L., & Federrath, H. (2019). Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack. In Cavallaro, L. (Ed.), CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. (pp. 1915-1936). Association for Computing Machinery. https://doi.org/10.1145/3319535.3354215