noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Tekedia Capital LLC

Paypal Is ‘Becoming A Technology (AI) Company Again,’ But It Signals[...]
Tekedia Capital LLC

Intel’s Historic Rebound Accelerates as Apple Explores U.S. Chip[...]
Caydan Capital Partners

Caydan Capital Partners Appoints Naresh Shanker as Senior Advisor[...]

Technology

NIST - National Institute of Standards and Technology

05/04/2026 | Press release | Archived content

EZ-SAVE: Evaluation of Easy-to-Deploy Source Address Validation Policies

Published

May 4, 2026

Author(s)

Nicholas Scaglione, Justin Furuness, Yossi Gilad, Hemi Leibowitz, Cameron Morris, Bing Wang, Amir Herzberg, Kotikalapudi Sriram

Abstract

The lack of Source Address Validation (SAV) is a major vulnerability of the Internet, abused in many Denial of Service (DoS) and other attacks. Several IETF RFCs define easy-to-deploy, non-interactive SAV designs; IETF SAVNET group is currently developing another SAV mechanism, BAR-SAV. However, no comparative evaluation of their impacts was done. Designers, developers, and operators rely on intuition and experimental deployments, or wait for better data or clear guidelines to help choose and deploy SAV, as we confirm in a survey of network operators. We present EZ-SAVE, the first simulation-based analysis evaluating easy-to-deploy SAV policies. We measure both the spoofed traffic detection rates and the legitimate traffic filtering (false-positive) rates of each of the standards and proposed designs for different adoption rates, using the measured Internet topology and traffic engineering policies. Our results reveal several significant insights that may assist and guide the standardization process as well as developers and operators. In particular, we find that BAR-SAV is the only design that features both high detection rates and low false-positive rates, motivating its standardization and deployment. Our results also provide guidance to operators on other SAV mechanisms that are effective for specific scenarios. In addition, our results highlight the importance of using realistic export policies for SAV evaluation.

Proceedings Title

Proceedings of the 23rd USENIX Symposium on Networked Systems Design and Implementation, May 4-6, 2026. ISBN 978-1-939133-54-0

Conference Dates

May 4-6, 2026

Conference Location

Renton, WA, US

Conference Title

USENIX Symposium on Networked Systems Design and Implementation (NSDI '26)

Pub Type

Conferences

Download Paper

Local Download

Keywords

Source Address Validation, SAV, BAR-SAV, uRPF, DDoS Mitigation

Advanced communications

Citation

Scaglione, N. , Furuness, J. , Gilad, Y. , Leibowitz, H. , Morris, C. , Wang, B. , Herzberg, A. and Sriram, K. (2026), EZ-SAVE: Evaluation of Easy-to-Deploy Source Address Validation Policies, Proceedings of the 23rd USENIX Symposium on Networked Systems Design and Implementation, May 4-6, 2026. ISBN 978-1-939133-54-0, Renton, WA, US, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=961003 (Accessed May 6, 2026)

Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

NIST - National Institute of Standards and Technology published this content on May 04, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on May 06, 2026 at 09:13 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]

Back

View original format