Mitigating DoS attacks in identity management systems through reorganizations

Ensuring identity management (IdM) systems availability plays a key role to support networked systems. Denial-of-Service (DoS) attacks can make IdM operations unavailable, preventing the use of computational resources by legitimate users. In the literature, the main countermeasures against DoS over IdM systems are based on either the application of external resources to extend the system lifetime (replication) or on DoS attacks detection. The first approach increases the solutions cost, and in general the second approach is still prone to high rates of false negatives and/or false positives. Hence, this work presents SAMOS, a novel and paradigm-shifting Scheme for DoS Attacks Mitigation by the reOrganization and optimization of the IdM System. SAMOS optimizes the reorganization of the IdM system components founded on optimization techniques, minimizing DoS effects and improving the system lifetime. SAMOS is based on the unavailabilities effects such as the exhaustion of processing and memory resources, eliminating the dependence of attacks detection. Furthermore, SAMOS employs operational IdPs from the IdM system to support the demand of the IdM system, differently from replication approaches. Results considering data from two real IdM systems indicate the scheme viability and improvements. As future works, SAMOS will be prototyped in order to allow performance evaluations in a real testbed.