Skip to comments.
Provably Secure DNS: A Case Study in Reliable Software
http://ironsides.martincarlisle.com ^
| Unknown
| Barry Fagin and Martin Carlisle
Posted on 07/02/2013 7:14:11 AM PDT by OneWingedShark
Abstract. We describe the use of formal methods in the development of IRONSIDES, an implementation of DNS with superior performance to both BIND and Windows, the two most common DNS servers on the Internet. More importantly, unlike BIND and Windows, IRONSIDES is impervious to all single-packet denial of service attacks and all forms of remote code execution. Introduction DNS is a protocol essential to the proper functioning of the Internet. The two most common implementations of DNS are the free software version BIND and the implementations that come bundled with various versions of Windows. Unfortunately, despite their ubiquity and importance, these implementations suffer from security vulnerabilities and require frequent patching. As of this writing, according to the Internet Systems Consortiums web site, there are 51 known vulnerabilities in various versions of BIND [1]. Over the past five years, Microsoft has released at least 8 security bulletins relating to vulnerabilities in Windows DNS. Since neither of these products have ever been, to our knowledge, formally validated, it is likely that further flaws remain for hackers to discover and exploit. The existence of security flaws in such a vital component of the Internet software suite is troubling, to say the least. These vulnerabilities permit not only bad-packet denial of service attacks to crash a DNS server, but in the worst case can actually lead to remote code execution exploits, giving the adversary control over the host machine. To address this problem, the authors have used formal methods and the SPARK tool set from Praxis Systems to develop a high-performance version of DNS that is provably exception-free. |
(Excerpt) Read more at ironsides.martincarlisle.com ...
TOPICS: Chit/Chat; Computers/Internet; Science
KEYWORDS: bind; computersecurity; dns; hacking; internet; malware; networksecurity; software; tech; windows
Here's an interesting paper [PDF] if you're interested in computer correctness or security.
To: ShadowAce
2
posted on
07/02/2013 7:15:38 AM PDT
by
OneWingedShark
(Q: Why am I here? A: To do Justly, to love mercy, and to walk humbly with my God.)
To: OneWingedShark
The systems distributed nature means that there is no central DNS server. mE likely!!
3
posted on
07/02/2013 7:26:20 AM PDT
by
Errant
To: OneWingedShark; rdb3; Calvinist_Dark_Lord; Salo; JosephW; Only1choice____Freedom; amigatec; ...
4
posted on
07/02/2013 7:35:26 AM PDT
by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: OneWingedShark
5
posted on
07/02/2013 7:37:17 AM PDT
by
ro_dreaming
(Chesterton, 'Christianity has not been tried and found wanting. ItÂ’s been found hard and not tried')
To: Errant
Well, that's the DNS-system… though with Ada's Annex E (Distributed systems) you could make it so your DNS-program was distributed, too.
6
posted on
07/02/2013 7:38:36 AM PDT
by
OneWingedShark
(Q: Why am I here? A: To do Justly, to love mercy, and to walk humbly with my God.)
To: OneWingedShark
Okay then, just don’t screw with distribution. In fact, look at improving it (more efficient, less hierarchy). Not something TPTB are going to allow today, IMO.
7
posted on
07/02/2013 7:45:20 AM PDT
by
Errant
To: OneWingedShark
If MS DNS is implemented properly, it’s as secure as BIND. Most admins deploy MS DNS with secure updates turned off and zone transfers enabled from all sources, which is just a nightmare for administration and security overall.
8
posted on
07/02/2013 8:10:06 AM PDT
by
rarestia
(It's time to water the Tree of Liberty.)
To: rarestia
If MS DNS is implemented properly, its as secure as BIND. Most admins deploy MS DNS with secure updates turned off and zone transfers enabled from all sources, which is just a nightmare for administration and security overall. But the point here is that BIND isn't secure either. Ironsides, on the other hand, is provably free of exceptions (the paper here) and both single-packet denial of service and remote code executions (this paper). That's a huge distinction.
9
posted on
07/02/2013 8:18:39 AM PDT
by
OneWingedShark
(Q: Why am I here? A: To do Justly, to love mercy, and to walk humbly with my God.)
To: OneWingedShark
I’m absolutely not taking away from that point, sir. I just wanted to jump to the defense of MSDNS since the paper seemed to jump on it as flawed. Every system is flawed with the right backdoors or vulnerabilities to exploit.
We’re already discussing IRONSIDES here internally.
10
posted on
07/02/2013 8:29:33 AM PDT
by
rarestia
(It's time to water the Tree of Liberty.)
To: rarestia
Im absolutely not taking away from that point, sir. I just wanted to jump to the defense of MSDNS since the paper seemed to jump on it as flawed. Every system is flawed with the right backdoors or vulnerabilities to exploit. Ah, I see. You are certainly right that MS DNS can be as secure as BIND, I would actually be surprised if BIND didn't actually have statistically more than MS DNS because [IIUC] MS has, over the past few years, been integrating some prover technology into their build-cycle/code-review. -- Of course since they're likely using languages that are highly resistant to analysis (the C-family as a whole) I'd take that with a grain of salt.
11
posted on
07/02/2013 8:46:31 AM PDT
by
OneWingedShark
(Q: Why am I here? A: To do Justly, to love mercy, and to walk humbly with my God.)
To: OneWingedShark
Don’t mistake my defense here. I believe BIND to be far superior to MSDNS. BIND allows split-horizon and ACL recursion, but MSDNS is much faster than BIND over all, as evidenced in the paper.
Also, given the prevalence of MS products in many corporate environments, MS DNS is the predominant product deployed for DNS over BIND as a whole.
12
posted on
07/02/2013 8:51:00 AM PDT
by
rarestia
(It's time to water the Tree of Liberty.)
To: rarestia
If MS DNS is implemented properly, its as secure as BIND. Most admins deploy MS DNS with secure updates turned off and zone transfers enabled from all sources, which is just a nightmare for administration and security overall. This. Lazy admins take the shotgun approach. Not smart.
13
posted on
07/02/2013 9:48:33 AM PDT
by
Noumenon
(What would Michael Collins do?)
To: Noumenon
When it comes to high-level domain infrastructure, implementation should be surgical.
MS infrastructure is my expertise. My last few jobs I’ve been hired to “clean up” implementations, esp. post-Novell migrations, and I’ve yet to come across a company that does it correctly.
Engineers don’t like to document and scope everything, so the installation usually goes full-default and it’s just a mess. DNS is no exception.
14
posted on
07/02/2013 9:54:18 AM PDT
by
rarestia
(It's time to water the Tree of Liberty.)
To: rarestia
When it comes to high-level domain infrastructure, implementation should be surgical. But most of the time it resembles sausage-making, doesn't it? The lack of documentation is the bane of my existence. Even simple Visio diagrams would be helpful, but I've almost always gotten blank looks when I ask for them.
And yeah, Netware migrations tend to be messy. It's almost better to start from scratch using best practices for a clean implementation.
15
posted on
07/02/2013 10:13:17 AM PDT
by
Noumenon
(What would Michael Collins do?)
To: Noumenon
My academic background is in English comp and professional writing, but I’ve been in IT for 20 years. They love me in my shop, because I’m the documentation guy and I don’t mind it.
My personal quote: “You can lead an engineer to documentation, but you can’t make him read it.”
16
posted on
07/02/2013 10:40:44 AM PDT
by
rarestia
(It's time to water the Tree of Liberty.)
To: rarestia
My academic background is in English comp and professional writing, but Ive been in IT for 20 years. They love me in my shop, because Im the documentation guy and I dont mind it.
My personal quote: You can lead an engineer to documentation, but you cant make him read it. That's pretty cool.
17
posted on
07/02/2013 5:11:56 PM PDT
by
OneWingedShark
(Q: Why am I here? A: To do Justly, to love mercy, and to walk humbly with my God.)
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson