Secure name service: A framework for protecting critical internet resources

Yingfei Dong, Changho Choi, Zhi Li Zhang

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

We propose a novel Secure Name Service (SNS) framework for protecting critical Internet resources from unauthorized accesses, denial of service (DoS) and other attacks. The key idea is to enforce packet-origin authentication through resource virtualization and utilize dynamic name binding for protecting servers under attacks and improving service availability. Different from static network-level security schemes such as IPsec and VPN, SNS is able to dynamically bind the names of critical resources at the service level, which allows us to actively protect the service resources through a distributed filtering mechanism built on authenticated packet forwarding paths. Our prototype implementation of authenticated packet forwarding components on Pentium 4 Linux machines demonstrates that regular Linux platforms are sufficient to support SNS authenticated packet forwarding on 100Mbps or 1Gbps LANs.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
EditorsNikolas Mitrou, Kimon Kontovasilis, George N. Rouskas, Ilias lliadis, Lazaros Merakos
PublisherSpringer Verlag
Pages783-794
Number of pages12
ISBN (Print)9783540246930
DOIs
StatePublished - 2004

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3042
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint Dive into the research topics of 'Secure name service: A framework for protecting critical internet resources'. Together they form a unique fingerprint.

Cite this