An Affordable DDoS Defense via Untrusted Clouds

  • 2016-06-13
  • Research

CDN-on-Demand is a software-based defense that blocks DDoS attacks, with a fraction of the cost of comparable commercial CDN services.


CDN-on-Demand is a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDN-on-Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on-Demand can use less expensive and less trusted clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. This mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces the origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks. A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server configuration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system. Joint work with Yossi Gilad, Michael Sudkovitch and Michael Goberman.


Automation Systems Group, SBA Research, and AIT Safety and Security Department are happy to present the “Cyber Security Lecture Series” organizing leading edge talks by international ICT security experts in Austria.


  • Prof. Amir Herzberg, Head of the Networking and Security Area, Department of Computer Science, Bar-Ilan University, Israel

Note: This is one of the thousands of items we imported from the old website. We’re in the process of reviewing each and every one, but if you notice something strange about this particular one, please let us know. — Thanks!