Applying decentralized trust management to DNS dynamic updates
نویسندگان
چکیده
DNS dynamic updates can be used to modify the data of a DNS zone. This can be used to update DNS records of hosts with dynamic IP addresses, for example. DNS dynamic updates can be authenticated using the DNSSEC transaction signatures or the TSIG mechanism. While there are existing mechanisms for authenticating the source of update requests, mechanisms for authorization, i.e. specifying who is allowed to change what, are inadequate in many cases. In this paper, we propose a solution for authorizing DNS dynamic updates, based on the decentralized trust management approach, and more specifically, the KeyNote 2 system. We have also modified the BIND 9 name server to use this approach. Our solution supports the separation of DNS server administration and update authorization, and also allows the specification of more flexible access restrictions than the use of access control lists.
منابع مشابه
SCIT-DNS: Critical infrastructure protection through secure DNS server dynamic updates
Domain Name Systems (DNS) provide the mapping between easily remembered host names and their IP addresses. While domain name information is typically created and updated off-line, dynamic DNS updates allow clients to manage domain names online, in real time. The current secure DNS standards (DNSSEC) require private keys to be kept online to sign dynamic updates, leaving private keys subject to ...
متن کاملPolicy Based Framework for Trust Management and Evolution of Peer to Peer Groups
Peer to peer collaborative groups are becoming increasingly popular for collaborative applications like video/audio conferencing, IP telephony, file sharing, collaborative work spaces, and multi-user games. The decentralized nature of these groups gives rise to the need of a secure group layer which integrates authentication, admission control, authorization, access control and key management. ...
متن کاملA Case Study in Decentralized, Dynamic, Policy-Based, Authorization and Trust Management - Automated Software Distribution for Airplanes
We apply SecPAL, a logic-based policy language for decentralized authorization and trust management, to our case study of automated software distribution for airplanes. In contrast to established policy frameworks for authorization like XACML, SecPAL offers constructs to express trust relationships and delegation explicitly and to form chains of trusts. We use these constructs in our case study...
متن کاملResolution of Fully Qualified Domain Name (FQDN) Conflicts among Dynamic Host Configuration Protocol (DHCP) Clients
The Dynamic Host Configuration Protocol (DHCP) provides a mechanism for host configuration that includes dynamic assignment of IP addresses and fully qualified domain names. To maintain accurate name-to-IP-address and IP-address-to-name mappings in the DNS, these dynamically assigned addresses and fully qualified domain names (FQDNs) require updates to the DNS. This document identifies situatio...
متن کاملDecentralized Trust-Based Access Control for Dynamic Collaborative Environments
The goal of this research was to create a decentralized trust-based access control (TBAC) system for a dynamic collaborative environment (DCE). By building a privilege management infrastructure (PMI) based on trust, user access was determined using behavior grading without the need for pre-configured, centrally managed role hierarchies or permission sets. The PMI provided TBAC suitable for depl...
متن کامل