Casey Deccio - Sandia National Labs
Mar 02, 2011
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"Modeling DNS Security: Misconfiguration, Availability, and Visualization"
The Domain Name System (DNS) is one of the components most critical to
Internet functionality. The ubiquity of the DNS necessitates both the
accuracy and availability of responses. While the DNS Security
Extensions (DNSSEC) add authentication to the DNS, they also increase
the complexity of an already complex name resolution system. Many
deployments have suffered from server misconfiguration or maintenance
neglect which increase the likelihood of name resolution failure for a
domain name, even if servers are responsive.
Our research introduces metrics for quantifying DNSSEC availability and
evaluates these metrics on production signed DNS zones to show the
pervasiveness of misconfiguration. We present methodology for
increasing robustness of name resolution in the presence of DNSSEC
misconfiguration. In our survey of production signed zones, we observe
that nearly one-third of the validation errors detected might be
mitigated using the technique proposed in our research.
As part of my talk, I will also demo an online DNS visualization tool
designed to assist administrators in identifying critical issues with
their DNSSEC deployments.
This is joint work with researchers at UC Davis and Intel Corporation.
About the Speaker
Casey Deccio is a Senior Member of Technical Staff at Sandia National
Laboratories in Livermore, CA. He joined Sandia in 2004 after receiving
his BS and MS degrees in Computer Science from Brigham Young University,
and he received his PhD in Computer Science from the University of
California, Davis in 2010. Casey's research interests lie primarily in
modeling and availability analysis of DNS and DNSSEC, and he leads
Sandia's DNSSEC deployment efforts.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...