A Formal Specification of the DNSSEC Model

Authors

  • Ezequiel Bazan Eixarch
  • Gustavo Betarte Instituto de Computación, Facultad de Ingeniería Universidad de la República
  • Carlos Luna Instituto de Computación, Facultad de Ingeniería Universidad de la República

DOI:

https://doi.org/10.14279/tuj.eceasst.48.797

Abstract

The Domain Name System Security Extensions (DNSSEC) is a suite of specifications that provide origin authentication and integrity assurance services for DNS data. In particular, DNSSEC was designed to protect resolvers from forged DNS data, such as the one generated by DNS cache poisoning. This article presents a minimalistic specification of a DNSSEC model which provides the grounds needed to formally state and verify security properties concerning the chain of trust of the DNSSEC tree. The model, which has been formalized and verified using the Coq proof assistant, specifies an abstract formulation of the behavior of the protocol and the corresponding security-related events, where security goals, such as the prevention of cache poisoning attacks, can be given a formal treatment.

Downloads

Published

2013-03-17

How to Cite

[1]
E. Bazan Eixarch, G. Betarte, and C. Luna, “A Formal Specification of the DNSSEC Model”, eceasst, vol. 48, Mar. 2013.

Issue

Vol. 48 (2012): Foundations and Techniques for Open Source Software Certification 2011

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.