TY - GEN
T1 - CDN-on-Demand
T2 - 23rd Annual Network and Distributed System Security Symposium, NDSS 2016
AU - Gilad, Yossi
AU - Herzberg, Amir
AU - Sudkovitch, Michael
AU - Goberman, Michael
N1 - Publisher Copyright: © 2016 Internet Society.
PY - 2016
Y1 - 2016
N2 - We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDNon- Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on- Demand can use less expensive and less trusted clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. This mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces the origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks. A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server configuration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.
AB - We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDNon- Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on- Demand can use less expensive and less trusted clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. This mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces the origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks. A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server configuration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.
UR - http://www.scopus.com/inward/record.url?scp=85089309388&partnerID=8YFLogxK
U2 - https://doi.org/10.14722/ndss.2016.23109
DO - https://doi.org/10.14722/ndss.2016.23109
M3 - منشور من مؤتمر
T3 - 23rd Annual Network and Distributed System Security Symposium, NDSS 2016
BT - 23rd Annual Network and Distributed System Security Symposium, NDSS 2016
PB - The Internet Society
Y2 - 21 February 2016 through 24 February 2016
ER -