UVicSpace

On the virtues and liabilities of ConfiDNS : can simple tactics overcome deep insecurities?

Show simple item record

dc.contributor.author Yazir, Yağız Onat
dc.date.accessioned 2010-02-17T22:18:09Z
dc.date.available 2010-02-17T22:18:09Z
dc.date.copyright 2007 en
dc.date.issued 2010-02-17T22:18:09Z
dc.identifier.uri http://hdl.handle.net/1828/2211
dc.description.abstract The Domain Name System (DNS) is perhaps one of the most widely used infrastructural software entities in the world. Built in a distributed manner. DNS can be simply explained as a mapping tool between human readable addresses and physical addresses. Ultimately. it acts much like a phone book. providing a means of associating a high-level understanding with a low-level representation. However, the primary goal that motivated the design and implementation of such a mapping device was solely performance. The creators of DNS mainly focused on getting technical details right, leaving gaps for today's security and availability threats which were nonexistent at that time. As a result. DNS provides an insecure and unreliable mapping mechanism in today's environment that neither performs any checks on the origin of data, nor provides a solution better then simple replication in the face of benign or malicious server failures. After the emergence of threats like man-in-the-middle attacks, distributed denial of service attacks, and server overloads, alarms have been sounding in the systems community for a renovation of DNS. This need has given birth to several proposals to improve the security and availability in DNS. DNS Security Extensions (DNSSEC). Scalable Byzantine Fault Tolerant Secure DNS (SBFTSDNS), Cooperative DNS (CoDoNS), and Cooperative DNS Lookup System (CoDNS) are some of the most important steps taken to fix the current problems in DNS. This thesis overviews these proposals for renovation in addition to a recent proposal based on cooperation between domain name servers, called ConfiDNS [1]. ConfiDNS does not dictate any change to the current setting of DNS; instead it intercepts name resolution activity between a client and a domain name server, and performs multiple simultaneous name lookup queries to multiple name servers in order to produce results (Internet Protocol Addresses) that are agreed upon by a pool of name servers. Further, the agreed results are stored for a history mechanism to operate on, in order to create direct paths to the source of content, and bypass problematic name servers during server failures. The key to availability on the client-side of DNS is the cooperative approach. which extends the classic primary-secondary replication scheme to a pool of name servers. The primary statistics on the collected domain name resolution data show that for approximately 95% of the domain names this idea is applicable, while for the rest, which are mostly domain names served by content distribution networks, is not realistic due to the number and frequent variation of physical addresses en
dc.language English eng
dc.language.iso en en
dc.rights Available to the World Wide Web en
dc.subject internet domain names en
dc.subject.lcsh UVic Subject Index::Sciences and Engineering::Applied Sciences::Computer science en
dc.title On the virtues and liabilities of ConfiDNS : can simple tactics overcome deep insecurities? en
dc.type Thesis en
dc.contributor.supervisor Coady, Yvonne
dc.degree.department Dept. of Computer Science en
dc.degree.level Master of Science M.Sc. en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UVicSpace


Browse

My Account

Statistics

Help