CS Faculty Candidate Talk
Monday, March 22nd
10:30am,  ST2 Room 320

Building a Secure and Resilient Network Infrastructure

Dr. Daniel Massey
USC/ISI
Computer Science Department, Faculty Candidate

This talk examines the security and resilience of two fundamental infrastructure protocols; the Domain Name System (DNS) that provides essential naming information and (briefly) the BGP routing system that provides global reachability. Despite the Internet's tremendous growth and fundamental change in form, these critical network infrastructure protocols remain tied to a simple fault model. In today's complex large-scale system, the core Internet protocols are vulnerable to a wide range intentional attacks and can also be disrupted numerous unintentional faults. This talk examines the DNS system depth. To address vulnerabilities in the DNS, the DNS Security Extensions (DNSSEC) have been proposed. The cryptographic solutions are well understood, but one of the primary challenges has been adding strong authentication to an existing system. The DNS was designed for availability and includes legacy operational models that often contradict the desired security models. The talk shows how a major revision of the DNSSEC standard has succeeded in adding authentication while preserving core requirements of the original DNS. Similar to DNS, the BGP routing infrastructure is vulnerable to a wide range of attacks and faults. The lessons learned from DNS security have direct relevance on the BGP problems and the talk reviews the relationship between the systems and current work on building a resilient BGP. In the broader sense, the results suggest that a multi-fence framework for building a truly secure and resilient Internet infrastructure is both achievable and effective.

------- Dr. Massey received a Ph.D. in Computer Science from UCLA in 2000 and he is currently a research assistant professor at USC's Dept. of CS and a project leader at USC/ISI's East office in Washington, DC.