Access Management for Content Delivery Networks: Measurements, Models, and Strategies

Lenise M. V. Rodrigues; Daniel Sadoc Menasché; Arthur C. Serra; Antonio A. de Aragão Rocha

doi:10.5753/jisa.2025.5176

Authors

Lenise M. V. Rodrigues Universidade Federal do Rio de Janeiro e Globo https://orcid.org/0009-0008-8444-1669
Daniel Sadoc Menasché Universidade Federal do Rio de Janeiro https://orcid.org/0000-0002-8953-4003
Arthur C. Serra Globo https://orcid.org/0000-0001-7558-6665
Antonio A. de Aragão Rocha Universidade Federal Fluminense https://orcid.org/0000-0001-9314-4035

DOI:

https://doi.org/10.5753/jisa.2025.5176

Keywords:

Piracy, Access Management, CDN, Access Patterns

Abstract

We address the challenge of managing access to Content Delivery Networks (CDNs). In particular, we consider a scenario where users request tokens to access content, and one form of piracy consists in illegally sharing tokens. We focus on mitigating token misuse through performance analysis and statistical access pattern monitoring. Specifically, we examine how illegal token sharing impacts content delivery infrastructure and propose defining acceptable request limits to detect and block suspicious access patterns. Additionally, we introduce countermeasures against piracy, including selective quality degradation for users identified as engaging in illegal sharing, aiming to deter such behavior. Using queuing models, we quantify the impact of piracy on system performance across different scenarios. To validate our model, we perform statistical tests that compare real CDN traffic patterns with the expected request intervals in our proposed framework. These measures—defining access thresholds, quality degradation for unauthorized use, and statistical alignment checks—enhance CDN access management, preserving infrastructure integrity and the legitimate user experience while reducing operational costs.

Downloads

Download data is not yet available.

References

Berger, V. W. and Zhou, Y. (2014). Kolmogorov–smirnov test: Overview. In Wiley StatsRef: Statistics Reference Online. John Wiley & Sons, Ltd. DOI: 10.1002/9781118445112.stat06558.

Bluman, A. G. (2017). Elementary Statistics: A Step By Step Approach. McGraw-Hill Education, 10th edition. Book.

Dent, A. S. (2020). Digital pirates: Policing intellectual property in Brazil. Stanford University Press. Book.

Doërr, G. (2024). Digital flamenco with video pirates. In Proceedings of the 2024 ACM Workshop on Information Hiding and Multimedia Security, MMSec '24, page 1–2, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/3658664.3659663.

Fett, D., Campbell, B., Bradley, J., Lodderstedt, T., Jones, M., and Waite, D. (2023). RFC 9449: OAuth 2.0 Demonstrating Proof of Possession (DPoP). DOI: 10.17487/RFC9449.

Freedman, D., Pisani, R., and Purves, R. (2007). Statistics. W.W. Norton & Company, 4th edition.

Ghimire, S., Ghimire, R., et al. (2014). Mathematical models of Mb/M/1 bulk arrival queueing system. Journal of the Institute of Engineering, 10(1):184-191. DOI: 10.3126/jie.v10i1.10899.

Gillman, D., Lin, Y., Maggs, B., and Sitaraman, R. K. (2015). Protecting websites from attack with secure delivery networks. Computer, 48(4):26-34. DOI: 10.1109/MC.2015.116.

Gonçalves, C. F., Menasché, D. S., Avritzer, A., Antunes, N., and Vieira, M. (2020). A model-based approach to anomaly detection trading detection time and false alarm rate. In MedComNet, pages 1-8. IEEE. DOI: 10.1109/MedComNet49392.2020.9191549.

Harchol-Balter, M. (2013). Performance modeling and design of computer systems: queueing theory in action. Cambridge University Press. Book.

Jiang, B., Nain, P., and Towsley, D. (2021). Covert cycle stealing in a single fifo server. ACM Trans. Modeling and Performance Eval. Computing Systems, 6(2):1-33. DOI: 10.1145/3462774.

Jiang, H. and Dovrolis, C. (2005). Why is the internet traffic bursty in short time scales? SIGMETRICS Perform. Eval. Rev., 33(1):241–252. DOI: 10.1145/1064212.1064240.

Patat, G., Sabt, M., and Fouque, P.-A. (2022). WideLeak: How Over-the-Top Platforms Fail in Android. In 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 501-508. DOI: 10.1109/DSN53405.2022.00056.

Piatek, M., Kohno, T., and Krishnamurthy, A. (2008). Challenges and directions for monitoring p2p file sharing networks-or: why my printer received a dmca takedown notice. In Proceedings of the 3rd conference on Hot topics in security, pages 1-7. Book.

Reza Ramtin, A., Nain, P., Menasche, D. S., Towsley, D., and de Souza e Silva, E. (2022). Fundamental Scaling Laws of Covert DDoS Attacks. ACM SIGMETRICS Performance Evaluation Review, 49(3):20-21. DOI: 10.1145/3529113.3529120.

Rodrigues, L. M. V., Menasché, D. S., Serra, A., and de Aragão Rocha, A. A. (2024). Minimally intrusive access management to content delivery networks based on performance models and access patterns. In 8th International Symposium on Cyber Security, Cryptology and Machine Learning (CSCML 2024). DOI: 10.1007/978-3-031-76934-4_12.

Rufino, V. Q., Nogueira, M. S., Avritzer, A., Menasché, D. S., Russo, B., Janes, A., Ferme, V., Van Hoorn, A., Schulz, H., and Lima, C. (2020). Improving predictability of user-affecting metrics to support anomaly detection in cloud services. IEEE Access, 8:198152-198167. DOI: 10.1109/ACCESS.2020.3028571.

Silveira, F., Diot, C., Taft, N., and Govindan, R. (2010). Astute: detecting a different class of traffic anomalies. SIGCOMM Comput. Commun. Rev., 40(4):267–278. DOI: 10.1145/1851275.1851215.

Simon, G. and Doërr, G. (2024). Next-generation access tokens to fight CDN leeching. MHV, page 111–112, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/3638036.3640276.

Triola, M. F. (2018). Elementary Statistics. Pearson, 13th edition. Available online [link].

Access Management for Content Delivery Networks: Measurements, Models, and Strategies

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Metrics:

Make a Submission