Secure IP Address Allocation at Cloud Scale
Eric Pauley
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · Internet Security
In the modern cloud computing landscape, the fundamental role of **IP addresses** has undergone a significant transformation. Historically, IP addresses served primarily as an infrastructure component, facilitating traffic routing between physical networks and typically mapping to long-lived, organization-owned infrastructure. However, as articulated by Eric Pauley at NDSS 2025, IP addresses are increasingly functioning as a **security principle**, mediating access in firewall rules, routing sensitive data via DNS records, and even enabling TLS certificate provisioning (e.g., via Let's Encrypt). This shift, coupled with the elastic, short-term leasing model prevalent in public clouds, introduces a new class of complex security vulnerabilities that traditional allocation policies fail to address.
AI review
Pauley delivers a genuine research contribution: a well-motivated threat model, a purpose-built simulation framework, and a concrete policy (IP scan segmentation) with quantified results against a realistic civil attack model. This is the kind of systems security work that belongs at NDSS — it solves a real, underappreciated problem and leaves the field with an open-source tool to build on.