Call for Papers:  Securing and Trusting Internet Names, SATIN 2011
When:       Monday 4 & Tuesday 5 April 2011
            Note that IETF 80 is in Prague, Czech Republic, the previous week
Where:      National Physical Laboratory (NPL)
            Teddington, London, UK
Timetable:  Submissions due:            Sun 23 Jan 2011, 11:59 PST
            Notification of Acceptance: Wed 23 Feb 2011
            Final Papers Due:           Mon 15 Mar 2011
The domain name system, on which the Internet entirely relies, has
always been inherently insecure. Spoofing of IP source addresses means
that any wide area UDP protocol (such as DNS) can be forged. Cache
poisoning attacks can be made less likely but not prevented
ISPs, or others who can intercept traffic, can redirect end users to
sites of their choosing. Users can choose (or have forced upon them)
DNS services that suppress access to sites for policy reasons.
DNSSEC, which addresses some of these issues, has been under
development since late last century, but the July 2010 signing of the
root (and the commitment of many top level domains to timetables for
deployment) signal that widespread deployment may finally be coming to
However, even at the current scale of deployment, implementation
issues are creating unexpected levels of traffic, and that's without
the bad guys making any contribution. Meanwhile DNSCURVE is being
promoted as a lightweight method of securing the links to and between
name servers, which addresses some, but by no means all, of the
security issues.
DNSSEC is also being seen by some as a distributed, secure, key
distribution system, which could support new applications, or replace
existing mechanisms for establishing trust in the identity of
endpoints.  Others merely see it as a way of defeating marketers who
want to inject targeted advertising into browser sessions. But how
effective will these ideas be if we continue with our existing APIs
and stub resolvers?
There are significant issues with DNS besides just its integrity. DNS
services can be used to amplify denial-of-service attacks to create
very substantial traffic flows. Malware has also been using the DNS
for rendezvous arrangements, and has avoided countermeasures by
exploiting the DNS system through ``fluxing'' and other techniques.
There are also signs of a ``tragedy of the commons'' as legitimate
companies fill the DNS with large numbers of names, or set low TTLs,
to give a performance ``edge''. Meanwhile, some applications pre-fetch
DNS answers, with little heed to the impact on the infrastructure.
This latter technique raises privacy issues, as indeed does the
proposal to ``leak'' partial identities of requestors who contact
recursive resolvers, with the aim of providing different answers to
machines in different blocks of address space.
All of this makes DNS, once amongst the most boring of topics, into
one of the more exciting, and this workshop into a timely event.
SATIN aims to provide a forum for academic work on the security of the
DNS alongside industry presentations on practical experiences in
providing name services.
The intent is to make this a workshop that will expose the academics
to the real problems that industry is encountering, and to show
industry what academia has to offer them. To improve the flow of
information, presentations will be restricted to 15 minutes with 15
minutes of general discussion to follow.
Submissions must be made under either an ``academic'' or ``industry''
label (relating entirely to the content rather than the affiliations
of any author), because the two types will be judged by different
Academic work will be viewed as an ``extended abstract'' and should
aim to meet the general standard for acceptance into normal
conferences in the field. However, since this is a workshop, early
results and initial ideas are welcomed.
Industry submissions should be relevant, insightful, and technical,
and should provide information that cannot be gleaned from reading sales brochures or manuals.
In all cases, real-world operational, implementation, and experimental
results will be preferred, and these results should inform the DNS
protocol development process wherever relevant or possible.
Topics of interest include but are not limited to:
    Attacks on naming services
    Alternative methods of securing name services
    APIs for DNS resolvers
    Using DNS as a platform for other applications
    Denial of service and the DNS
    Malware and the DNS
    DNS caching on the modern Internet
    Privacy and the DNS
    Application behaviour and the DNS
    Security economics of naming services
    Passive DNS
    Operational experience
    Measurement studies
    New threats and challenges
Questions regarding whether a topic would be suitable are welcome and should be sent to the programme chair, richard.clayton AT npl.co.uk
Workshop Organizers
Programme Chair:
        Richard Clayton             NPL and University of Cambridge
Programme Committee:
        David Dagon                 Georgia Tech
        Ben Laurie                  Google
        Anne-Marie Eklund Löwinder  .SE (The Internet Infrastructure
        Dan Massey                  Colorado State University
        Douglas Maughan             Department of Homeland Security
        Andrew Moore                University of Cambridge
        Jose Nazario                Arbor Networks
        Roberto Perdisci            University of Georgia
        Dave Piscitello             ICANN
        Paul Vixie                  ISC
        Nicholas Weaver             ICSI & UC Berkeley
        Jonathan Williams           NPL
All submissions must be in IEEE two column format and no longer than
eight (8) 8.5'' x 11'' pages, including figures, tables, and
That means that the text must be set in two columns in 10 point type
on 12 point (single-spaced) leading, with the text block being no more
than 7.2'' wide by 9.6'' deep. Author names and affiliations should
appear on the title page. The use of LaTeX and the IEEEtrans.cls file
to create submissions is very strongly encouraged:
Submissions must be submitted in PDF format via the SATIN 2011 website:
Simultaneous submission of the same work to multiple venues,
submission of previously published work, or plagiarism, is dishonest
and/or fraudulent and action may be taken if this occurs. Note,
however, that we expect that many papers accepted for SATIN will
eventually be extended as full papers suitable for presentation at
other conferences.
About the National Physical Laboratory
The National Physical Laboratory (NPL) is one of the UK's leading
science and research facilities. It is a world-leading centre of
excellence in developing and applying the most accurate standards,
science and technology available. NPL occupies a unique position as
the UK's National Measurement Institute and sits at the intersection
between scientific discovery and real world application. Its expertise
and original research have underpinned quality of life, innovation and
competitiveness for UK citizens and business for more than a century.
NPL is collaborating with the University of Cambridge in a three year
programme to develop robust and accurate measurements of Internet
security mechanisms. Measuring and understanding the deployment of
DNSSEC and other trust mechanisms for Internet names is a key part of
this ongoing programme.
More at: http://conferences.npl.co.uk/satin/