Title
S3B: Software-Defined Secure Server Bindings
Abstract
For decades, request-routing protocols operating at multiple layers of the network stack have been a staple of Internet services. Commonly deployed request-routing techniques use the requestor's IP address as an identifier of the client. For instance, using DNS as a request-routing protocol, the local DNS resolver's IP address is used as a surrogate identifier of the client in order to assign the client to the closest server. While such coarse associations may be acceptable for performance-centric purposes, they are not appropriate in settings that require fine-grained, enforceable bindings of clients to servers - e.g., to ensure that malicious clients are unable to bypass their bindings and issue their request to a server of their choosing. In this paper, we propose S3B (Software-defined Secure Server Bindings), a protocol that provides precise and enforceable client-server assignments. S3B uses a server module to assign clients unique access keys. Using HTTP redirection with the key encrypted as an additional domain label, the name server is able to distribute precise server assignments specific to each client. In addition, the server module maintains an access control list to enforce these assignments. As an implementation of the S3B protocol, we have developed an HTTP/S prototype and deployed it to Amazon AWS. Our performance evaluation suggests that our prototype introduces no discernible overhead for client requests. To evaluate S3B's effectiveness as a security appliance, we developed an application to isolate clients suspected as spiders, capable of virtually immediate containment once detected.
Year
DOI
Venue
2018
10.1109/ICDCS.2018.00050
2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS)
Keywords
Field
DocType
client server assignments,web security,access control,request routing,automated attacks
Identifier,Computer science,Server,Computer network,Access control,Access control list,Protocol stack,Name server,Web server,The Internet
Conference
ISSN
ISBN
Citations 
1063-6927
978-1-5386-6872-6
0
PageRank 
References 
Authors
0.34
18
2
Name
Order
Citations
PageRank
William Koch121.38
Azer Bestavros23791764.82