Reliability and security in the CoDeeN content distribution network
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
CoDNS: improving DNS performance and reliability via cooperative lookups
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Experience-driven experimental systems research
Communications of the ACM
ConfiDNS: leveraging scale and history to detect compromise
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Perspectives: improving SSH-style host authentication with multi-path probing
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Proceedings of the 15th ACM conference on Computer and communications security
DepenDNS: Dependable Mechanism against DNS Cache Poisoning
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Identity trail: covert surveillance using DNS
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Pollution resilience for DNS resolvers
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Prophecy: using history for high-throughput fault tolerance
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Collaborative, privacy-preserving data aggregation at scale
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
ISC'10 Proceedings of the 13th international conference on Information security
Proceedings of the 2012 ACM conference on Computer and communications security
A Proxy View of Quality of Domain Name Service, Poisoning Attacks and Survival Strategies
ACM Transactions on Internet Technology (TOIT)
Hi-index | 0.02 |
While cooperative DNS resolver systems, such as Co-DNS, have demonstrated improved reliability and performance over standard approaches, their security has been weaker, since any corruption or misbehavior of a single resolver can easily propagate throughout the system. We address this weakness in a new system called ConfiDNS, which augments the cooperative lookup process with configurable policies that utilize multi-site agreement and per-site lookup histories. Not only does ConfiDNS provide better security than cooperative approaches, but for up to 99.8% of unique lookups, ConfiDNS exceeds the security of standard DNS resolvers. ConfiDNS provides these benefits while retaining the other benefits of Co-DNS, such as incremental deployability, improved performance, and higher reliability.