Mark Allman / ICSI @mallman_icsi

Kyle Schomp. Complexity and Security of the Domain Name System, Doctoral Dissertation, Case Western Reserve University, May 2016.
PDF

Abstract:

The Domain Name System (DNS) provides mapping of meaningful names to arbitrary data for applications and services on the Internet. Since its original design, the system has grown in complexity and our understanding of the system has lagged behind. In this dissertation, we perform measurement studies of the DNS infrastructure demonstrating the complexity of the system and showing that different parts of the infrastructure exhibit varying behaviors, some being violations of the DNS specification. The DNS also has known weaknesses to attack and we reinforce this by uncovering a new vulnerability against one component of the system. As a result, understanding and maintaining the DNS is increasingly hard. In response to these issues, we propose a modification to the DNS that simplifies the resolution path and reduces the attack surface. We observe that the potential costs of this modification can be managed and discuss ways that the cost may be mitigated.

BibTeX:

@PhdThesis{Sch16,
    author = "Kyle Schomp",
    title  = "{Complexity and Security of the Domain Name System}",
    school = "Case Western Reserve University",
    year   = 2016,
    month  = may,
}

Co-supervised with Michael Rabinovich.

Papers from this thesis:
  • Kyle Schomp, Michael Rabinovich, Mark Allman. Towards a Model of DNS Client Behavior. Passive and Active Measurement Conference, March 2016.
    Abstract | BibTeX | PDF | Misha's Slides
  • Kyle Schomp, Mark Allman, Michael Rabinovich. DNS Resolvers Considered Harmful, ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets), October 2014.
    Abstract | BibTeX | PDF | Kyle's Slides
  • Kyle Schomp, Tom Callahan, Michael Rabinovich, Mark Allman. Assessing DNS Vulnerability to Record Injection, Passive and Active Measurement Conference, March 2014.
    Abstract | BibTeX | PDF | Kyle's Slides | Data
  • Kyle Schomp, Tom Callahan, Michael Rabinovich, Mark Allman. On Measuring the Client-Side DNS Infrastructure, ACM Internet Measurement Conference, October 2013.
    Abstract | BibTeX | PDF | Kyle's Slides | Review | Data
"We are what we repeatedly do. Excellence, then, is not an act, but a habit." --Aristotle