Securing DNS Services through System Self Cleansing and Hardware Enhancements

Yih Huang; David Arsenault; Arun Sood

doi:10.1109/ARES.2006.123

A
ARES
2006
First International Conference on Availability, Reliability and Security (ARES'06)
Abstract - Securing DNS Services through System Self Cleansing and Hardware Enhancements

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yih Huang Articles by David Arsenault Articles by Arun Sood

First International Conference on Availability, Reliability and Security (ARES'06)

Securing DNS Services through System Self Cleansing and Hardware Enhancements

Vienna, Austria

April 20-April 22

ISBN: 0-7695-2567-9

	ASCII Text	x
	Yih Huang, David Arsenault, Arun Sood, "Securing DNS Services through System Self Cleansing and Hardware Enhancements," 2012 Seventh International Conference on Availability, Reliability and Security, pp. 132-139, First International Conference on Availability, Reliability and Security (ARES'06), 2006.

	BibTex	x
	@article{ 10.1109/ARES.2006.123, author = {Yih Huang and David Arsenault and Arun Sood}, title = {Securing DNS Services through System Self Cleansing and Hardware Enhancements}, journal ={2012 Seventh International Conference on Availability, Reliability and Security}, volume = {0}, year = {2006}, isbn = {0-7695-2567-9}, pages = {132-139}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2006.123}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - 2012 Seventh International Conference on Availability, Reliability and Security TI - Securing DNS Services through System Self Cleansing and Hardware Enhancements SN - 0-7695-2567-9 SP132 EP139 A1 - Yih Huang, A1 - David Arsenault, A1 - Arun Sood, PY - 2006 KW - null VL - 0 JA - 2012 Seventh International Conference on Availability, Reliability and Security ER -

Yih Huang, George Mason University, Fairfax, VA

David Arsenault, George Mason University, Fairfax, VA

Arun Sood, George Mason University, Fairfax,

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2006.123

Domain Name Systems (DNS) provide the mapping between easily-remembered host names and their IP addresses. Popular DNS implementations however contain vulnerabilities that are exploited by frequent, targeted attacks. The software vulnerabilities of DNS together with the constant innovation and morphing of cyber attack techniques necessitate the consideration of the worst case scenarios: there will be successful but undetected attacks against DNS servers.

In this work1 we develop a secure DNS architecture that contains the damage of successful, undetected attacks. This formidable end is achieved by constantly cleansing the servers and rotating the role of individual servers. Moreover, the server rotation process itself is protected against corruption by hardware. We will show the advantages of our design in the following areas: (1) protection of the DNS master file and cryptographic keys, (2) incorruptible intrusion tolerance, (3) high availability, and (4) scalability, the support of using of high degrees of hardware/server redundancy to improve both system security and service dependability. Due to the critical importance of DNS, such a dependable and intrusion-resilient design contributes significantly to the overall security of the Internet.

Citation:

Yih Huang, David Arsenault, Arun Sood, "Securing DNS Services through System Self Cleansing and Hardware Enhancements," ares, pp.132-139, First International Conference on Availability, Reliability and Security (ARES'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.