Show simple item record

dc.contributor.authorKoch, Williamen_US
dc.contributor.authorBestavros, Azeren_US
dc.date.accessioned2019-10-08T17:12:09Z
dc.date.available2019-10-08T17:12:09Z
dc.date.issued2018-07
dc.identifier.citationWilliam Koch, Azer Bestavros. 2018. "S3B: Software-Defined Secure Server Bindings." 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS). 2018-07-02 - 2018-07-06. https://doi.org/10.1109/icdcs.2018.00050
dc.identifier.urihttps://hdl.handle.net/2144/38225
dc.description.abstractFor decades, request-routing protocols operating at multiple layers of the network stack have been a staple of Internet services. Commonly deployed request-routing techniques use the requestor's IP address as an identifier of the client. For instance, using DNS as a request-routing protocol, the local DNS resolver's IP address is used as a surrogate identifier of the client in order to assign the client to the closest server. While such coarse associations may be acceptable for performance-centric purposes, they are not appropriate in settings that require fine-grained, enforceable bindings of clients to servers - e.g., to ensure that malicious clients are unable to bypass their bindings and issue their request to a server of their choosing. In this paper, we propose S3B (Software-defined Secure Server Bindings), a protocol that provides precise and enforceable client-server assignments. S3B uses a server module to assign clients unique access keys. Using HTTP redirection with the key encrypted as an additional domain label, the name server is able to distribute precise server assignments specific to each client. In addition, the server module maintains an access control list to enforce these assignments. As an implementation of the S3B protocol, we have developed an HTTP/S prototype and deployed it to Amazon AWS. Our performance evaluation suggests that our prototype introduces no discernible overhead for client requests. To evaluate S3B's effectiveness as a security appliance, we developed an application to isolate clients suspected as spiders, capable of virtually immediate containment once detected.en_US
dc.publisherIEEEen_US
dc.relation.ispartof2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS)
dc.subjectProtocolsen_US
dc.subjectIP networksen_US
dc.subjectWeb serversen_US
dc.subjectAccess controlen_US
dc.subjectClient-server systemsen_US
dc.subjectComputer network securityen_US
dc.titleS3B: software-defined secure server bindingsen_US
dc.typeConference materialsen_US
dc.description.versionAccepted manuscripten_US
dc.identifier.doi10.1109/icdcs.2018.00050
pubs.elements-sourcecrossrefen_US
pubs.notesEmbargo: No embargoen_US
pubs.organisational-groupBoston Universityen_US
pubs.organisational-groupBoston University, College of Arts & Sciencesen_US
pubs.organisational-groupBoston University, College of Arts & Sciences, Department of Computer Scienceen_US
pubs.publication-statusPublisheden_US
dc.identifier.orcid0000-0003-0798-8835 (Bestavros, Azer)
dc.identifier.mycv395269


This item appears in the following Collection(s)

Show simple item record