Browsing by Author "Sun, Kun"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
- Attack and Defense with Hardware-Aided SecurityZhang, Ning (Virginia Tech, 2016-08-26)Riding on recent advances in computing and networking, our society is now experiencing the evolution into the age of information. While the development of these technologies brings great value to our daily life, the lucrative reward from cyber-crimes has also attracted criminals. As computing continues to play an increasing role in the society, security has become a pressing issue. Failures in computing systems could result in loss of infrastructure or human life, as demonstrated in both academic research and production environment. With the continuing widespread of malicious software and new vulnerabilities revealing every day, protecting the heterogeneous computing systems across the Internet has become a daunting task. Our approach to this challenge consists of two directions. The first direction aims to gain a better understanding of the inner working of both attacks and defenses in the cyber environment. Meanwhile, our other direction is designing secure systems in adversarial environment.
- Investigating Security Threats of Resource Mismanagement in Networked SystemsLiu, Guannan (Virginia Tech, 2023-08-10)The complexity of networked systems has been continuously growing, and the abundance of online resources has presented practical management challenges. Specifically, system administrators are required to carefully configure their online systems to minimize security vulnerabilities of resource management, including resource creation, maintenance, and disposal. However, numerous networked systems have been exploited or compromised by adversaries, due to misconfiguration and mismanagement of human errors. In this dissertation, we explore different network systems to identify security vulnerabilities that adversaries could exploit for malicious purposes. First, we investigate the identity-account inconsistency threat, a new SSO vulnerability that can cause the compromise of online accounts. We demonstrate that this inconsistency in SSO authentication allows adversaries controlling a reused email address to take over online accounts without using any credentials. To substantiate our findings, we conduct a measurement study on the account management policies of various cloud email providers, highlighting the feasibility of acquiring previously used email accounts. To gain insight into email reuse in the wild, we examine commonly employed naming conventions that contribute to a significant number of potential email address collisions. To mitigate the identity-account inconsistency threat, we propose a range of useful practices for end-users, service providers, and identity providers. Secondly, we present a comprehensive study on the vulnerability of container registries to typosquatting attacks. In typosquatting attacks, adversaries intentionally upload malicious container images with identifiers similar to those of benign images, leading users to inadvertently download and execute malicious images. Our study demonstrates that typosquatting attacks can pose a significant security threat across public and private container registries, as well as across multiple platforms. To mitigate the typosquatting attacks in container registries, we propose CRYSTAL, a lightweight extension to the existing Docker command-line interface. Thirdly, we present an in-depth study on hardware resource management in cloud gaming services. Our research uncovers that adversaries can intentionally inject malicious programs or URLs into these services using game mods. To demonstrate the severity of these vulnerabilities, we conduct four proof-of-concept attacks on cloud gaming services, including crypto-mining, machine-learning model training, Command and Control, and censorship circumvention. In response to these threats, we propose several countermeasures that cloud gaming services can implement to safeguard their valuable assets from malicious exploitation. These countermeasures aim to enhance the security of cloud gaming services and mitigate the security risks associated with hardware mismanagement. Last but not least, we present a comprehensive and systematic study on NXDomain, examining its scale, origin, and security implications. By leveraging a large-scale passive DNS database, we analyze a vast dataset spanning from 2014 to 2022, identifying an astonishing 146 trillion NXDomains queried by DNS users. To gain further insights into the usage patterns and security risks associated with NXDomains, we carefully select and register 19 NXDomains in the DNS database. To analyze the behavior and sources of these queries, we deploy a honeypot for our registered domains and collect 5,925,311 queries over a period of six months. Furthermore, we conduct extensive traffic analysis on the collected data, uncovering various malicious uses of NXDomains, including botnet takeovers, malicious file injections, and exploitation of residual trust.
- Ready Raider One: Exploring the Misuse of Cloud Gaming ServicesLiu, Guannan; Liu, Daiping; Hao, Shuai; Gao, Xing; Sun, Kun; Wang, Haining (ACM, 2022-11-07)Cloud gaming has become an emerging computing paradigm in recent years, allowing computer games to offload complex graphics and logic computation to the cloud. To deliver a smooth and high quality gaming experience, cloud gaming services have invested abundant computing resources in the cloud, including adequate CPUs, top-tier GPUs, and high-bandwidth Internet connections. Unfortunately, the abundant computing resources offered by cloud gaming are vulnerable to misuse and exploitation for malicious purposes. In this paper, we present an in-depth study on security vulnerabilities in cloud gaming services. Specifically, we reveal that adversaries can purposely inject malicious programs/URLs into the cloud gaming services via game mods. Using the provided features such as in-game subroutines, game launch options, and built-in browsers, adversaries are able to execute the injected malicious programs/URLs in cloud gaming services. To demonstrate that such vulnerabilities pose a serious threat, we conduct four proof-of-concept attacks on cloud gaming services. Two of them are to abuse the CPUs and GPUs in cloud gaming services to mine cryptocurrencies with attractive profits and train machine learning models at a trivial cost. The other two are to exploit the high-bandwidth connections provided by cloud gaming for malicious Command & Control and censorship circumvention. Finally, we present several countermeasures for cloud gaming services to protect their valuable assets from malicious exploitation.