Source Address Validation Enforcement

NSF Grant:  ANI-9980501 (September 99 to August 03)
Co-Principal Investigator:  Peter Reiher
Co-Principal Investigator:  Lixia Zhang

Project Summary

In today's Internet any node can send a packet to any other node that uses the standard protocol set. When abused by attackers, such flexibility can also lead to various kinds of disastrous behaviors at the target. The SYN denial-of-service attack is one example. While developing more robust protocol behaviors is important, complex protocols are unlikely to be completely bullet-proof. One good method of foiling such attacks is to identify the culprit and take measures to stop him, such as shutting off his node from the network, contacting his system administrator, or notifying law enforcement authorities.

These methods only work if the attacker can almost always be correctly identified. Unfortunately, in today's Internet one cannot easily identify attackers with any confidence. The obvious way to determine the sender of a malicious packet is to examine the source address field in the IP header; but existing Internet protocols allow senders to fill in this field arbitrarily. Despite incorrect source address fields, the network will properly route the packet to its destination. Responses, of course, will go to someone other than the attacker, which means that this vulnerability most likely cannot be used to obtain secret information or services. On the other hand, sometimes this feature allows the attacker to assault two sites for the price of one, since any bad responses to the packet will be routed to the misidentified sender, possibly causing further difficulties there. The receiver of the malicious packet has no confidence that the source address field is accurate.

Researchers in the Laboratory for Advanced Systems Research (LASR) in UCLA's Computer Science Department have worked on an address filtering project to solve this problem. Thanks to a funds and equipment grant from the Intel Corporation, we were given an opportunity to study the feasibility of putting important security enhancements into high-speed routers. In the SAVE project, we used Intel's IXP equipment to develop a system capable of filtering out packets with forged IP source addresses.

Project Members

Peter Reiher (co-principal investigator)
Lixia Zhang (co-principal investigator)
Jun Li (former graduate student, now a faculty member at University of Oregon)
Jelena Mirkovic (former graduate student, now a faculty member at the University of Delaware)
Zhiguo Xu (graduate student)
Mattew Schnaider (former graduate student )
Gregory Prier (former graduate student, now with Microsoft)


*    Implementing Address Assurance in the Intel IXP Router,  Proceedings of NPC 2002
*    iSAVE: Incrementally Deployable Source Address Validation,  UCLA Tech Rept CSD-TR-020030
*    SAVE: Source Address Validity Enforcement,  INFOCOM 2002
*    SAVE: Source Address Validity Enforcement Protocol, UCLA Technical Report CSD-TR-010004
*    Jun Li presentation at USC/ISI
*    Jelena Mirkovic presentation at Usenix Security Symposium 2001 - Work In Progress Session

Simulation Tools

Parsec has been selected as the simulation platform for this project. Currently both RIP and BGP-4 are being studied. We will further study other routing protocols as well.


*    Topology modeling, generation and analysis
*    Traffic modeling and generation
*    Simulation Tools
*    Related publications
*    Related software packages