CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds.

Yossi Gilad; Amir Herzberg; Michael Sudkovitch; Michael Goberman

CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds.

Yossi Gilad, Amir Herzberg, Michael Sudkovitch, Michael Goberman

The Rachel and Selim Benin School of Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDN-on-Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on-Demand can use less expensive, and less trusted, clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. The clientless secure-objects mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces an origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks.

A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server conﬁguration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.

Original language	English
Title of host publication	Network and Distributed Systems Security (NDSS) Symposium 2016
State	Published - 2016
Event	Network and Distributed System Security (NDSS) Symposium 2016 - Catamaran Resort Hotel & Spa, San Diego, United States Duration: 21 Feb 2016 → 24 Feb 2016 https://www.ndss-symposium.org/ndss2016/

Conference

Conference	Network and Distributed System Security (NDSS) Symposium 2016
Country/Territory	United States
City	San Diego
Period	21/02/16 → 24/02/16
Internet address	https://www.ndss-symposium.org/ndss2016/

Access to Document

https://www.ndss-symposium.org/wp-content/uploads/2017/09/cdn-on-demand-affordable-ddos-defense-via-untrusted-clouds.pdf

Cite this

@inproceedings{a7d94aa3d6604092bbd0638505181407,

title = "CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds.",

abstract = "We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDN-on-Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on-Demand can use less expensive, and less trusted, clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. The clientless secure-objects mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces an origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks.A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server conﬁguration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.",

author = "Yossi Gilad and Amir Herzberg and Michael Sudkovitch and Michael Goberman",

year = "2016",

language = "אנגלית",

booktitle = "Network and Distributed Systems Security (NDSS) Symposium 2016",

note = "Network and Distributed System Security (NDSS) Symposium 2016 ; Conference date: 21-02-2016 Through 24-02-2016",

url = "https://www.ndss-symposium.org/ndss2016/",

}

Gilad, Y, Herzberg, A, Sudkovitch, M & Goberman, M 2016, CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds. in Network and Distributed Systems Security (NDSS) Symposium 2016. Network and Distributed System Security (NDSS) Symposium 2016, San Diego, California, United States, 21/02/16. <https://www.ndss-symposium.org/wp-content/uploads/2017/09/cdn-on-demand-affordable-ddos-defense-via-untrusted-clouds.pdf>

TY - GEN

T1 - CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds.

AU - Gilad, Yossi

AU - Herzberg, Amir

AU - Sudkovitch, Michael

AU - Goberman, Michael

PY - 2016

Y1 - 2016

N2 - We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDN-on-Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on-Demand can use less expensive, and less trusted, clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. The clientless secure-objects mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces an origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks.A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server conﬁguration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.

AB - We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDN-on-Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on-Demand can use less expensive, and less trusted, clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. The clientless secure-objects mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces an origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks.A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server conﬁguration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

BT - Network and Distributed Systems Security (NDSS) Symposium 2016

T2 - Network and Distributed System Security (NDSS) Symposium 2016

Y2 - 21 February 2016 through 24 February 2016

ER -

CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds.

Abstract

Conference

Access to Document

Fingerprint

Cite this