ECE Colloquium: Nick Nikiforakis

ECE Colloquium: Nick Nikiforakis

Title: Building on Top of Shifting Sands: Web Security Through the Lens of Content Integrity

Abstract: The web, the Internet's most successful and recognizable application, has become part of people's daily lives and is relied upon by billions for news, entertainment, communication, and work. This reliance is constantly exploited by attackers who, through a seemingly inexhaustible collection of diverse attacks, target users and steal their private and financial information. The security industry and the research community have, for the most part, followed a reactionary approach, where for every newly discovered attack, they build a new system or countermeasure to detect and block it.

In this talk, we take a step back and argue that many varied and seemingly unrelated attacks on the web are actually symptoms of a deeper problem that has existed since the web's inception. Whether it is attacks due to expired domain names, cloaking by malicious websites, malvertising, or even our growing distrust of the news, many of these issues can largely be attributed to the problem of stateless linking. Stateless linking refers to the absence of any integrity guarantees between the time a link for a remote resource is created and a future time when this link is resolved by web clients. We draw on 10+ years of research to demonstrate how stateless linking and the resulting lack of content integrity are the true culprits for many of our past, current, and likely future web problems. Successfully tackling this one challenging problem has the potential to solve many of our web woes.

Bio: Nick Nikiforakis (PhD'13) is an Associate Professor in the Department of Computer Science at Stony Brook University. He leads the PragSec Lab, where his students conduct research in cyber security, with a focus on web and network security. He is the author of more than 90 peer-reviewed academic publications and his work is often discussed in the popular press. He is the recipient of the National Science Foundation CAREER award (2020), the Office of Naval Research Young Investigator Award (2020), as well as a range of other security-related and privacy-related awards by federal funding agencies. Next to multiple best-paper awards, his work on certificate transparency abuse won the National Security Agency's 11th Annual Best Scientific Cybersecurity Paper Competition.