CDN-on-Demand: An Affordable DDoS Defense via Untrusted Clouds

Yossi Gilad, Amir Herzberg, Michael Sudkovitch, Michael Goberman

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

41 Scopus citations

Abstract

We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDNon- Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on- Demand can use less expensive and less trusted clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. This mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces the origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks. A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server configuration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.

Original languageEnglish
Title of host publication23rd Annual Network and Distributed System Security Symposium, NDSS 2016
PublisherThe Internet Society
ISBN (Electronic)189156241X, 9781891562419
DOIs
StatePublished - 2016
Event23rd Annual Network and Distributed System Security Symposium, NDSS 2016 - San Diego, United States
Duration: 21 Feb 201624 Feb 2016

Publication series

Name23rd Annual Network and Distributed System Security Symposium, NDSS 2016

Conference

Conference23rd Annual Network and Distributed System Security Symposium, NDSS 2016
Country/TerritoryUnited States
CitySan Diego
Period21/02/1624/02/16

Bibliographical note

Publisher Copyright:
© 2016 Internet Society.

Funding

This work was supported by grant 1354/11 from the Israeli Science Foundation (ISF), and by grants from the Check Point Institute for Information and Security (CPIIS) and the Ministry of Science, Technology and Space, Israel.

FundersFunder number
Ministry of Science, Technology and Space
Israel Science Foundation
Check Point Institute for Information Security, Tel Aviv University

    Fingerprint

    Dive into the research topics of 'CDN-on-Demand: An Affordable DDoS Defense via Untrusted Clouds'. Together they form a unique fingerprint.

    Cite this