{"title":"基于安全影响分析的DNS区域文件完整性验证方案","authors":"R. Chandramouli, S. Rose","doi":"10.1109/CSAC.2005.9","DOIUrl":null,"url":null,"abstract":"The domain name system (DNS) is the world's largest distributed computing system that performs the key function of translating user-friendly domain names to IP addresses through a process called name resolution. After looking at the protection measures for securing the DNS transactions, we discover that the trust in the name resolution process ultimately depends upon the integrity of the data repository that authoritative name servers of DNS use. This data repository is called a zone file. Hence we analyze in detail the data content relationships in a zone file that have security impacts. We then develop a taxonomy and associated population of constraints. We also have developed a platform-independent framework using XML, XML schema and XSLT for encoding those constraints and verifying them against the XML encoded zone file data to detect integrity violations","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"44 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"An integrity verification scheme for DNS zone file based on security impact analysis\",\"authors\":\"R. Chandramouli, S. Rose\",\"doi\":\"10.1109/CSAC.2005.9\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The domain name system (DNS) is the world's largest distributed computing system that performs the key function of translating user-friendly domain names to IP addresses through a process called name resolution. After looking at the protection measures for securing the DNS transactions, we discover that the trust in the name resolution process ultimately depends upon the integrity of the data repository that authoritative name servers of DNS use. This data repository is called a zone file. Hence we analyze in detail the data content relationships in a zone file that have security impacts. We then develop a taxonomy and associated population of constraints. We also have developed a platform-independent framework using XML, XML schema and XSLT for encoding those constraints and verifying them against the XML encoded zone file data to detect integrity violations\",\"PeriodicalId\":422994,\"journal\":{\"name\":\"21st Annual Computer Security Applications Conference (ACSAC'05)\",\"volume\":\"44 2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-12-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"21st Annual Computer Security Applications Conference (ACSAC'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSAC.2005.9\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"21st Annual Computer Security Applications Conference (ACSAC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.2005.9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
摘要
域名系统DNS (domain name system)是世界上最大的分布式计算系统,它的主要功能是通过名称解析过程将用户友好的域名转换为IP地址。在研究了保护DNS事务的保护措施之后,我们发现对名称解析过程的信任最终取决于DNS的权威名称服务器所使用的数据存储库的完整性。这个数据存储库称为区域文件。因此,我们详细分析了区域文件中具有安全影响的数据内容关系。然后,我们开发一个分类法和相关的约束种群。我们还开发了一个独立于平台的框架,使用XML、XML模式和XSLT对这些约束进行编码,并根据XML编码的区域文件数据对它们进行验证,以检测完整性违规
An integrity verification scheme for DNS zone file based on security impact analysis
The domain name system (DNS) is the world's largest distributed computing system that performs the key function of translating user-friendly domain names to IP addresses through a process called name resolution. After looking at the protection measures for securing the DNS transactions, we discover that the trust in the name resolution process ultimately depends upon the integrity of the data repository that authoritative name servers of DNS use. This data repository is called a zone file. Hence we analyze in detail the data content relationships in a zone file that have security impacts. We then develop a taxonomy and associated population of constraints. We also have developed a platform-independent framework using XML, XML schema and XSLT for encoding those constraints and verifying them against the XML encoded zone file data to detect integrity violations
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
