Lindsey Poole will present his research seminar/general exam on Thursday May 22 at 3PM in Room 402. The members of his committee are: Vivek Pai (advisor), Jennifer Rexford, and Larry Peterson. Everyone is invited to attend his talk, and those faculty wishing to remain for the oral exam following are welcome to do so. His abstract and reading list follow below. --------------------------------------------- Abstract While cooperative DNS resolver systems, such as CoDNS, have demonstrated improved reliability and performance over standard approaches, their security has been weaker, since any corruption or misbehavior of a single resolver can easily propagate throughout the system. We address this weakness in a new system called ConfiDNS, which augments the cooperative lookup process with configurable policies that utilize multi-site agreement and per-site lookup histories. Not only does ConfiDNS provide better security than cooperative approaches, but for up to 99.8% of unique lookups, ConfiDNS exceeds the security of standard DNS resolvers. ConfiDNS provides these benefits while retaining the other benefits of CoDNS, such as incremental deployability, higher reliability, and improved performance, in some cases faster than CoDNS. We discuss the implementation of ConfiDNS and the challenges of running a distributed agreement protocol in an environment where DNS-based redirection is is used to facilitate load-balancing and localized content distribution. Textbook [1] L. Peterson, and B. Davie, Computer Networks: A Systems Approach, 3rd edition, Morgan Kaufmann Publishers, May 2003. Research Papers [1] D. Clark, "The design philosophy of the DARPA Internet protocols," ACM SIGCOMM Computer Communication Review, Vol. 18, No. 4, pp. 106-114, Aug. 1988. [2] L. Breslau, P. Cao, L. Fan, G. Phillips, and S. Shenker. Web Caching and Zipf-like Distributions: Evidence and Implications. In 'In Proceedings of IEEE INFOCOM', New York, NY, March 1999. [3] A. Lioy, F. Maino, M. Marian, and D. Mazzocchi. Dns security. In Proceedings of the TERENA Networking Conference, Lisbon, Portugal, May 2000. [4] H. B. Jaeyeon Jung, Emil Sit and R. Morris. DNS Performance and the Effectiveness of Caching. In Proceedings of the ACM SIGCOMM Internet Measurement Workshop '01, San Francisco, California, November 2001. [5] K. Park, V. S. Pai, L. Peterson, and Z. Wang. CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups. In Proceedings of the Sixth Symposium on Operating Systems Design and Implementation (OSDI), San Franscisco, CA, December 2004. [6] P. Mockapetris and K. Dunlap. Development of the Domain Name System. In In Proceedings of the ACM SIGCOMM Conference, Stanford, CA, August 1988. [7] A. Shaikh, R. Tewari, and M. Agrawal. On the effectiveness of dns- based server selection. In Proceedings of INFOCOM 2001. Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, Anchorage, AK, April 2001. [8] B. Krishnamurthy, C. Wills, and Y. Zhang. On the use and performance of content distribution networks. In Proceedings of SIGCOMM Internet Measurement Workshop, San Francisco, CA, November 2001. [9] H. Ballani and P. Francis. A Simple Approach to DNS DoS Mitigation. In Proceedings of the 5th ACM Workshop on Hot Topics in Networks (HotNets '06), Irvine, CA, November 2006. [10] L. Wang, K. Park, R. Pang, V. Pai, and L. Peterson. Reliability and Security in the CoDeeN Content Distribution Network. In In Proceedings of the USENIX Annual Technical Conference, Boston, MA, June 2004. [11] J. Yin, J. Martin, A. Venkataramani, L. Alvisi, and M. Dahlin. Separating agreement from execution for byzantine fault tolerant services. In In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP-2003), Lake George, NY, October 2003. [12] M. Castro and B. Liskov. Practical byzantine fault tolerance. In In Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI), New Orleans, LA, February 1999.
participants (1)
-
Melissa M Lawson