Sign Up

 Investigation of Naming Space Hijacking Threat

 

Abstract: Naming space hijacking has been one of the most commonly exploited security risks in today’s Internet. Adversaries can establish malicious domains to mount cyber attacks (e.g., phishing attacks) by exploiting dangling references (such as dangling DNS records) and confusing resource names (e.g., typosquatting domain names). Unfortunately, the risk of naming space hijacking is not limited to one specific service or application like DNS or Web, and it has posed new security and privacy challenges and threats to emerging applications. In this talk, I will discuss three recent projects on this topic. First, I will introduce the identity-account inconsistency threat in the Single Sign-On system that can cause the compromise of online accounts. Next, I will talk about our study on potential security threats to package management in the software registry ecosystem. Finally, I’ll briefly present our study on the vulnerability of container registries to typosquatting attacks.

 

Bio: Xing Gao is an Assistant Professor in the Department of Computer and Information Sciences at the University of Delaware. He obtained his Ph.D. in Computer Science from the College of William and Mary in 2018. His research interests lie in the areas of cybersecurity, with specific focuses on cloud and system security, side-channel attacks, and Internet measurement. He has published papers on leading system security venues and is the recipient of the NSF CRII award and the Distinguished Poster Award in NDSS 2016.

 

Event Details

See Who Is Interested

0 people are interested in this event


User Activity

No recent activity