Abstract
We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDNon- Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on- Demand can use less expensive and less trusted clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. This mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces the origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks. A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server configuration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.
Original language | English |
---|---|
Title of host publication | 23rd Annual Network and Distributed System Security Symposium, NDSS 2016 |
Publisher | The Internet Society |
ISBN (Electronic) | 189156241X, 9781891562419 |
DOIs | |
State | Published - 2016 |
Event | 23rd Annual Network and Distributed System Security Symposium, NDSS 2016 - San Diego, United States Duration: 21 Feb 2016 → 24 Feb 2016 |
Publication series
Name | 23rd Annual Network and Distributed System Security Symposium, NDSS 2016 |
---|
Conference
Conference | 23rd Annual Network and Distributed System Security Symposium, NDSS 2016 |
---|---|
Country/Territory | United States |
City | San Diego |
Period | 21/02/16 → 24/02/16 |
Bibliographical note
Publisher Copyright:© 2016 Internet Society.
Funding
This work was supported by grant 1354/11 from the Israeli Science Foundation (ISF), and by grants from the Check Point Institute for Information and Security (CPIIS) and the Ministry of Science, Technology and Space, Israel.
Funders | Funder number |
---|---|
Ministry of Science, Technology and Space | |
Israel Science Foundation | |
Check Point Institute for Information Security, Tel Aviv University |