Empower - The Campaign for Northeastern University

Calendar

PhD Thesis Defense: Understanding Issues of Misplaced Trust on the Internet

Title: Understanding Issues of Misplaced Trust on the Internet

Speaker: Tobias Lauinger, PhD Candidate, College of Computer and Information Science at Northeastern University

Location: Northeastern University, 805 Columbus Avenue, Interdisciplinary Science and Engineering Complex (ISEC), 1st Floor, Room #136, Boston, Massachusetts 02120

Abstract 

Incorrect security assumptions and misplaced trust are common on the Internet.  When web developers place a link to an external site, for example, they typically do not expect ownership (and contents) of that site to change.  However, around 1.7% of all registered .com domains are deleted every month, and many of them are re-registered by a new owner.

Violations of security assumptions can enable attacks with severe consequences.  Therefore, it is critical to quantify how often security assumptions or best practices are violated in order to understand the extent of the threat.  Furthermore, visibility into the underlying reasons can help devise more effective and efficient countermeasures.

For his thesis, Tobias Lauinger will propose research into novel measurement techniques tailored to two application areas in order to quantify and explain broken security assumptions and misplaced trust.  In the first area, he show that expired Internet domain names are frequently re-registered and "recycled" by a new owner, which allows abuse of residual trust that is still being placed in the domain.  Ownership changes often occur in a highly competitive environment, and are predominantly part of speculative or ad revenue-based schemes.  In the second area, he will show that many websites include outdated or known vulnerable JavaScript libraries, which may in turn render the websites vulnerable to attacks.  Libraries are often included indirectly and perhaps unknowingly, such as by advertisement or social media widget components.

In both areas, instead of focusing on a single, specific type of attack, Lauinger will propose to measure at a higher level of abstraction that captures issues related to misplaced trust and violated assumptions in a more general way.  The preliminary results indicate that such measurements can help better understand what drives these issues, and ultimately inform more targeted remediation efforts.

About the Speaker

Tobias Lauinger is a PhD student at Northeastern University with an interest in Internet-scale measurements of everything security, and beyond.

Committee 

Professor Engin Kirda, Professor, Interdisciplinary with the College of Computer and Information Science (CCIS) and College of Engineering (COE) at Northeastern University (Advisor)
Professor William Robertson, Associate Professor, Interdisciplinary with the College of Computer and Information Science (CCIS) and College of Engineering (COE) at Northeastern University
Professor Christo Wilson, Assistant Professor, Director of Bachelor of Science in Cybersecurity Program, College of Computer and Information Science (CCIS) at Northeastern University
Professor Damon McCoy, Assistant Professor, Tandon School of Engineering at New York University

Friday, September 8 at 2:00pm

Website

http://www.ccis.northeastern.edu/even...

Subscribe
Google Calendar iCal Outlook

Recent Activity