Provably Secure DNS: A Case Study in Reliable Software

  • Barry Fagin
  • Martin Carlisle
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7896)


We describe the use of formal methods in the development of IRONSIDES, an implementation of DNS with superior performance to both BIND and Windows, the two most common DNS servers on the Internet. More importantly, unlike BIND and Windows, IRONSIDES is impervious to all single-packet denial of service attacks and all forms of remote code execution.


domain name server formal methods software systems DNS Ada internet security computer security network security buffer overflows domain name system denial of service 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Internet Systems Consortium,
  2. 2.
    Barnes, J.: High Integrity Software: The SPARK Approach to Safety and Security. Addison-Wesley Publishing (2003) 0-321-13616-0 Google Scholar
  3. 3.
  4. 4.
    Barnes, J., et al.: Engineering the Tokeneer Enclave Protection Software. In: 1st IEEE Symposium on Secure Software Engineering (2006)Google Scholar
  5. 5.
    Woodcock, J., et al.: Formal methods: Practice and experience. ACM Comput. Surv. 41(4), Article 19, 36 (2009)Google Scholar
  6. 6.
    Sward, R.E., Carlisle, M.C., Fagin, B.S., Gibson, D.S.: The case for Ada at the USAF Academy. In: ACM SIGAda International Conference on Ada, pp. 68–70 (2003)Google Scholar
  7. 7.
    Carlisle, M., Fagin, B.: IRONSIDES: DNS With No Single-Packet Denial of Service or Remote Code Execution Vulnerabilities. In: Proceedings of IEEE GLOBECOM 2012, Anaheim CA (2012)Google Scholar
  8. 8.
    DNSSEC – The DNS Security Extensions,
  9. 9.
  10. 10.
  11. 11.
    Nominum, Inc. DNS measurement tools,
  12. 12.
  13. 13. Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Barry Fagin
    • 1
  • Martin Carlisle
    • 1
  1. 1.Department of Computer ScienceUS Air Force AcademyColorado SpringsUSA

Personalised recommendations