[dns-operations] Call for Papers: Securing and Trusting Internet Names, SATIN 2012
Richard Clayton
richard at highwayman.com
Mon Oct 17 17:27:52 UTC 2011
The usual apologies if you see multiple copies of this CFP, but the
inhabitants of this mailing list are more likely than most to wish to
submit papers!
Call for Papers: Securing and Trusting Internet Names, SATIN 2012
==================================================================
When: Thursday 22 & Friday 23 March 2012
Note that IETF 83 is in Paris, CZ the following week
Where: National Physical Laboratory (NPL)
Teddington, London, UK
Timetable: Submissions due: Sun 22 Jan 2012, 11:59 PST
Notification of Acceptance: Wed 22 Feb 2012
Final Papers Due: Mon 13 Mar 2012
Overview
========
The domain name system, on which the Internet entirely relies, has
always been inherently insecure. Spoofing of IP source addresses means
that any wide area UDP protocol (such as DNS) can be forged. Cache
poisoning attacks can be made less likely but not prevented altogether.
ISPs, or others who can intercept traffic, can redirect end users to
sites of their choosing. Users can choose (or have forced upon them) DNS
services that suppress access to sites for policy reasons.
DNSSEC, which addresses some of these issues, has been under development
for years - but is finally ready for use; although some of the finer
details are still being worked out.
However, even at the current scale of deployment, implementation issues
are creating unexpected levels of traffic, and that is before the bad
guys make any contribution. Meanwhile DNSCURVE is being promoted as a
lightweight method of securing the links to and between name servers,
which addresses some, but by no means all, of the security issues.
DNSSEC is also being seen by some as a distributed, secure, key
distribution system, which could support new applications, or replace
existing mechanisms for establishing trust in the identity of endpoints.
The IETF's DANE working group is already addressing these issues.
Others merely see DNSSEC as a way of defeating marketers who want to
inject targeted advertising into browser sessions. But how effective
will these ideas be if we continue with our existing APIs and stub
resolvers?
There are significant issues with DNS besides just its integrity. DNS
services can be used to amplify denial-of-service attacks to create very
substantial traffic flows. Malware has also been using the DNS for
rendezvous arrangements, and has avoided countermeasures by exploiting
the DNS system through "fluxing" and other techniques.
There are also signs of a "tragedy of the commons" as legitimate
companies fill the DNS with large numbers of names, or set low TTLs, to
give a performance "edge". Meanwhile, some applications pre-fetch DNS
answers, with little heed to the impact on the infrastructure.
This latter technique raises privacy issues, as indeed does the proposal
to 'leak' partial identities of requestors who contact recursive
resolvers, with the aim of providing different answers to machines in
different blocks of address space.
All of this makes DNS, once amongst the most boring of topics, into one
of the more exciting. The first running of this workshop in April 2011
was a big success, and this second event will be equally significant.
Topics
======
SATIN aims to provide a forum for academic work on the security of the
DNS alongside industry presentations on practical experiences in
providing name services.
This workshop will expose the academics to the real problems that
industry is encountering, and show industry what academia has to offer
them. To improve the flow of information (and as was most successful at
the first SATIN workshop) presentations will be restricted to 15 minutes
with 15 minutes of general discussion to follow.
Submissions must be made under either an "academic" or "industry" label
(relating entirely to the content rather than the affiliations of any
author), because the two types will be judged by different standards.
Academic work will be viewed as an "extended abstract" and should aim to
meet the general standard for acceptance into normal conferences in the
field. However, since this is a workshop, early results and initial
ideas are welcomed.
Industry submissions should be relevant, insightful, and technical, and
should provide information that cannot be gleaned from reading sales
brochures or manuals.
In all cases, real-world operational, implementation, and experimental
results will be preferred, and these results should inform the DNS
protocol development process wherever relevant or possible.
Topics of interest include but are not limited to:
Attacks on naming services
DNSSEC
DNSCURVE
Alternative methods of securing name services
APIs for DNS resolvers
Using DNS as a platform for other applications
Denial of service and the DNS
Malware and the DNS
DNS caching on the modern Internet
Privacy and the DNS
Application behaviour and the DNS
Security economics of naming services
Passive DNS
Operational experience
Measurement studies
New threats and challenges
Questions regarding whether a topic would be suitable are welcome and
should be sent to the programme chair, richard.clayton AT npl.co.uk
Workshop Organizers
===================
Programme Chair:
Richard Clayton NPL and University of Cambridge
Programme Committee:
Nevil Brownlee, University of Auckland
Ben Laurie Google
Anne-Marie Eklund Löwinder .SE (The Internet Infrastructure
Foundation)
Dan Massey Colorado State University
Douglas Maughan Department of Homeland Security
Andrew W Moore University of Cambridge
Jose Nazario Arbor Networks
Roberto Perdisci University of Georgia
Dave Piscitello ICANN
Paul Vixie ISC
Nicholas Weaver ICSI & UC Berkeley
Jonathan Williams NPL
Submissions
===========
All submissions must be in IEEE two column format and no longer than
eight (8) 8.5'' x 11'' pages, including figures, tables, and references.
That means that the text must be set in two columns in 10 point type on
12 point (single-spaced) leading, with the text block being no more than
7.2'' wide by 9.6'' deep. Author names and affiliations should appear on
the title page. The use of LaTeX and the IEEEtrans.cls file to create
submissions is very strongly encouraged:
http://conferences.npl.co.uk/satin/format.html
Submissions must be submitted in PDF format via the SATIN 2012 website:
http://conferences.npl.co.uk/satin/submit.html
Simultaneous submission of the same work to multiple venues, submission
of previously published work, or plagiarism, is dishonest and/or
fraudulent and action may be taken if this occurs. Note, however, that
we expect that many papers accepted for SATIN will eventually be
extended as full papers suitable for presentation at other conferences.
About the National Physical Laboratory
======================================
The National Physical Laboratory (NPL) is one of the UK's leading
science and research facilities. It is a world-leading centre of
excellence in developing and applying the most accurate standards,
science and technology available. NPL occupies a unique position as the
UK's National Measurement Institute and sits at the intersection between
scientific discovery and real world application. Its expertise and
original research have underpinned quality of life, innovation and
competitiveness for UK citizens and business for more than a century.
NPL is collaborating with the University of Cambridge in a three year
programme to develop robust and accurate measurements of Internet
security mechanisms. Measuring and understanding the deployment of
DNSSEC and other trust mechanisms for Internet names is a key part of
this ongoing programme.
More at: http://conferences.npl.co.uk/satin/
--
Dr Richard Clayton <richard.clayton AT cl.cam.ac.uk>
<richard.clayton AT npl.co.uk>
tel: +44 1223 763570, mobile: +44 7887 794090
Computer Laboratory, University of Cambridge, CB3 0FD
National Physical Laboratory, Hampton Road, Teddington, TW11 0LW
More information about the dns-operations
mailing list