Downloading executable codes from the Internet increases the risk of executing malicious codes. Commodity operating systems can control access rights of downloaded code, but can do little to prevent resource-monopolizing Denial-of-Service (DoS) attacks. In this paper, we focus on memory-monopolizing DoS attacks, and propose the prioritized memory management to defend the attacks. Using this system, the user can sandbox the memory-monopolizing attacks, and the attacker process cannot affect other processes. On our system, each process has memory-priority. Higher-prioritized process can steal physical memory from lower-prioritized process, but the reverse is forbidden. As a result, by prioritizing the attacker process lower, the memory-monopolizing attacks are sandboxed.
展开▼