Title :
An integrity verification scheme for DNS zone file based on security impact analysis
Author :
Chandramouli, Ramaswamy ; Rose, Scott
Author_Institution :
NIST, Gaithersburg, MD
Abstract :
The domain name system (DNS) is the world´s largest distributed computing system that performs the key function of translating user-friendly domain names to IP addresses through a process called name resolution. After looking at the protection measures for securing the DNS transactions, we discover that the trust in the name resolution process ultimately depends upon the integrity of the data repository that authoritative name servers of DNS use. This data repository is called a zone file. Hence we analyze in detail the data content relationships in a zone file that have security impacts. We then develop a taxonomy and associated population of constraints. We also have developed a platform-independent framework using XML, XML schema and XSLT for encoding those constraints and verifying them against the XML encoded zone file data to detect integrity violations
Keywords :
Internet; XML; distributed processing; security of data; DNS transaction; DNS zone file; IP address; XML schema; XSLT; data content relationships; data repository; distributed computing system; domain name system; integrity verification scheme; integrity violations; name resolution; security impact analysis; user-friendly domain names; Distributed computing; Domain Name System; Electronic mail; File servers; Internet; NIST; Performance analysis; Security; Web server; XML;
Conference_Titel :
Computer Security Applications Conference, 21st Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-7695-2461-3
DOI :
10.1109/CSAC.2005.9
