CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds.

Yossi Gilad, Amir Herzberg, Michael Sudkovitch, Michael Goberman

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDN-on-Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on-Demand can use less expensive, and less trusted, clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. The clientless secure-objects mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces an origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks.

A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server configuration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.
Original languageEnglish
Title of host publicationNetwork and Distributed Systems Security (NDSS) Symposium 2016
StatePublished - 2016
EventNetwork and Distributed System Security (NDSS) Symposium 2016 - Catamaran Resort Hotel & Spa, San Diego, United States
Duration: 21 Feb 201624 Feb 2016


ConferenceNetwork and Distributed System Security (NDSS) Symposium 2016
Country/TerritoryUnited States
CitySan Diego
Internet address


Dive into the research topics of 'CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds.'. Together they form a unique fingerprint.

Cite this