Browsing by Author "Liu, Daiping"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
- All Use-After-Free Vulnerabilities Are Not Created Equal: An Empirical Study on Their Characteristics and DetectabilityChen, Zeyu; Liu, Daiping; Xiao, Jidong; Wang, Haining (ACM, 2023-10-16)Over the past decade, use-after-free (UaF) has become one of the most exploited types of vulnerabilities. To address this increasing threat, we need to advance the defense in multiple directions, such as UaF vulnerability detection, UaF exploit defense, and UaF bug fix. Unfortunately, the intricacy rooted in the temporal nature of UaF vulnerabilities makes it quite challenging to develop effective and efficient defenses in these directions. This calls for an in-depth understanding of real-world UaF characteristics. This paper presents the first comprehensive empirical study of UaF vulnerabilities, with 150 cases randomly sampled from multiple representative software suites, such as Linux kernel, Python, and Mozilla Firefox. We aim to identify the commonalities, root causes, and patterns from realworld UaF bugs, so that the empirical results can provide operational guidance to avoid, detect, deter, and fix UaF vulnerabilities. Our main finding is that the root causes of UaF bugs are diverse, and they are not evenly or equally distributed among different software. This implies that a generic UaF detector/fuzzer is probably not an optimal solution. We further categorize the root causes into 11 patterns, several of which can be translated into simple static detection rules to cover a large portion of the 150 UaF vulnerabilities with high accuracy. Motivated by our findings, we implement 11 checkers in a static bug detector called Palfrey. Running Palfrey on the code of popular open source software, we detect 9 new UaF vulnerabilities. Compared with state-of-the-art static bug detectors, Palfrey outperforms in coverage and accuracy for UaF detection, as well as time and memory overhead.
- Dial "N" for NXDomain: The Scale, Origin, and Security Implications of DNS Queries to Non-Existent DomainsLiu, Guannan; Jin, Lin; Hao, Shuai; Zhang, Yubao; Liu, Daiping; Stavrou, Angelos; Wang, Haining (ACM, 2023-10-24)Non-Existent Domain (NXDomain) is one type of the Domain Name System (DNS) error responses, indicating that the queried domain name does not exist and cannot be resolved. Unfortunately, little research has focused on understanding why and how NXDomain responses are generated, utilized, and exploited. In this paper, we conduct the first comprehensive and systematic study on NXDomain by investigating its scale, origin, and security implications. Utilizing a large-scale passive DNS database, we identify 146,363,745,785 NXDomains queried by DNS users between 2014 and 2022. Within these 146 billion NXDomains, 91 million of them hold historic WHOIS records, of which 5.3 million are identified as malicious domains including about 2.4 million blocklisted domains, 2.8 million DGA (Domain Generation Algorithms) based domains, and 90 thousand squatting domains targeting popular domains. To gain more insights into the usage patterns and security risks of NXDomains, we register 19 carefully selected NXDomains in the DNS database, each of which received more than ten thousand DNS queries per month. We then deploy a honeypot for our registered domains and collect 5,925,311 incoming queries for 6 months, from which we discover that 5,186,858 and 505,238 queries are generated from automated processes and web crawlers, respectively. Finally, we perform extensive traffic analysis on our collected data and reveal that NXDomains can be misused for various purposes, including botnet takeover, malicious file injection, and residue trust exploitation.
- Ready Raider One: Exploring the Misuse of Cloud Gaming ServicesLiu, Guannan; Liu, Daiping; Hao, Shuai; Gao, Xing; Sun, Kun; Wang, Haining (ACM, 2022-11-07)Cloud gaming has become an emerging computing paradigm in recent years, allowing computer games to offload complex graphics and logic computation to the cloud. To deliver a smooth and high quality gaming experience, cloud gaming services have invested abundant computing resources in the cloud, including adequate CPUs, top-tier GPUs, and high-bandwidth Internet connections. Unfortunately, the abundant computing resources offered by cloud gaming are vulnerable to misuse and exploitation for malicious purposes. In this paper, we present an in-depth study on security vulnerabilities in cloud gaming services. Specifically, we reveal that adversaries can purposely inject malicious programs/URLs into the cloud gaming services via game mods. Using the provided features such as in-game subroutines, game launch options, and built-in browsers, adversaries are able to execute the injected malicious programs/URLs in cloud gaming services. To demonstrate that such vulnerabilities pose a serious threat, we conduct four proof-of-concept attacks on cloud gaming services. Two of them are to abuse the CPUs and GPUs in cloud gaming services to mine cryptocurrencies with attractive profits and train machine learning models at a trivial cost. The other two are to exploit the high-bandwidth connections provided by cloud gaming for malicious Command & Control and censorship circumvention. Finally, we present several countermeasures for cloud gaming services to protect their valuable assets from malicious exploitation.