"Modeling DNS Security: Misconfiguration, Availability, and Visualization"
Casey Deccio - Sandia National Labs
Mar 02, 2011Size: 443.7MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractThe Domain Name System (DNS) is one of the components most critical to
Internet functionality. The ubiquity of the DNS necessitates both the
accuracy and availability of responses. While the DNS Security
Extensions (DNSSEC) add authentication to the DNS, they also increase
the complexity of an already complex name resolution system. Many
deployments have suffered from server misconfiguration or maintenance
neglect which increase the likelihood of name resolution failure for a
domain name, even if servers are responsive.
Our research introduces metrics for quantifying DNSSEC availability and
evaluates these metrics on production signed DNS zones to show the
pervasiveness of misconfiguration. We present methodology for
increasing robustness of name resolution in the presence of DNSSEC
misconfiguration. In our survey of production signed zones, we observe
that nearly one-third of the validation errors detected might be
mitigated using the technique proposed in our research.
As part of my talk, I will also demo an online DNS visualization tool
designed to assist administrators in identifying critical issues with
their DNSSEC deployments.
This is joint work with researchers at UC Davis and Intel Corporation.
About the SpeakerCasey Deccio is a Senior Member of Technical Staff at Sandia National
Laboratories in Livermore, CA. He joined Sandia in 2004 after receiving
his BS and MS degrees in Computer Science from Brigham Young University,
and he received his PhD in Computer Science from the University of
California, Davis in 2010. Casey's research interests lie primarily in
modeling and availability analysis of DNS and DNSSEC, and he leads
Sandia's DNSSEC deployment efforts.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.