Provably Secure DNS: A Case Study in Reliable Software

نویسندگان

Barry S. Fagin

Martin C. Carlisle

چکیده

We describe the use of formal methods in the development of IRONSIDES, an implementation of DNS with superior performance to both BIND and Windows, the two most common DNS servers on the Internet. More importantly, unlike BIND and Windows, IRONSIDES is impervious to all single-packet denial of service attacks and all forms of remote code execution.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Artemia: a family of provably secure authenticated encryption schemes

Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the in...

متن کامل

Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC

Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public key is the identity (an arbitrary string) of a user, and the corresponding private key is ...

متن کامل

INTERNET - DRAFT Secure DNS Update

Domain Name System (DNS) protocol extensions have been defined to authenticate the data in DNS and provide key distribution services (draft-ietf-dnssec-secext-10.txt). DNS Dynamic Update operations have also been defined (draft-ietf-dnsind-dynDNS-*.txt>, but without a detailed description of strong security for the update operation. This draft describes how to use DNS digital signatures coverin...

متن کامل

Computationally secure multiple secret sharing: models, schemes, and formal security analysis

A multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants. in such a way a multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants, such that any authorized subset of participants can reconstruct the secrets. Up to now, existing MSSs either require too long shares for participants to be perfect secur...

متن کامل

GDS Resource Record: Generalization ofthe Delegation Signer Model

Domain Name System Security Extensions (DNSSEC) architecture is based on public-key cryptography. A secure DNS zone has one or more keys to sign its resource records in order to provide two security services: data integrity and authentication. These services allow to protect DNS transactions and permit the detection of attacks on DNS. The DNSSEC validation process is based on the establishment ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2013

Provably Secure DNS: A Case Study in Reliable Software

نویسندگان

چکیده

منابع مشابه

Artemia: a family of provably secure authenticated encryption schemes

Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC

INTERNET - DRAFT Secure DNS Update

Computationally secure multiple secret sharing: models, schemes, and formal security analysis

GDS Resource Record: Generalization ofthe Delegation Signer Model

عنوان ژورنال:

اشتراک گذاری