A Slam for Cybersecurity@TU Delft
This year has been the most successful year for TU Delft’s Cybersecurity group so far, and marks the first year in which the group was able to place a paper in every single one of the Big Four.
The Big Four are the ISOC Network and Distributed Systems Symposium (NDSS), the IEEE Symposium on Security and Privacy (S&P), USENIX Security (Sec), and the ACM Conference on Computer and Communications Security (CCS). These conferences generally only accept research contributions of the outmost quality. Getting research published in these conferences in itself is already a big accomplishment. But this year, the Cybersecurity group was able to place research in all four conferences—called a Slam in the community—underlining the international relevance and high quality of computer security research at TU Delft.
Read more about the papers our researchers wrote in international collaborations below.
NDSS: Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates
Kevin Borgolte (UCSB), Tobias Fiebig (TU Delft), Shuang Hao (UT Dallas), Christopher Kruegel (UCSB), and Giovanni Vigna (UCSB)
Is your company hosting services in the cloud? Is you IT departments sometimes a little slow in cleaning up after themselves? Read our paper on the security risks of domain-validated certificates, and find out how a little oversight in a cloud-deployment can allow attackers to take over your site! Find out more about this, and how you can protect yourself in our open-access paper: dx.doi.org/10.14722/ndss.2018.23327
S&P: Enumerating active IPv6 hosts for large-scale security scans via DNSSEC-signed reverse zones
Kevin Borgolte (UCSB), Shuang Hao (UT Dallas), Tobias Fiebig (TU Delft), and Giovanni Vigna (UCSB)
IP addresses (think: 203.0.113.23; You might have seen that at Mr. Robot!) are running out. Network engineers developed a new protocol with more available addresses: IPv6. People thought that you could not scan these addresses, and vulnerable hosts connected to the Internet via this protocol were secure. Find out more about how your company may vulnerable via IPv6, and how you can protect yourself (without disabling it ;-)) in our paper: dx.doi.org/10.1109/SP.2018.00027
USENIX: Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets
Rolf van Wegberg (TU Delft), Samaneh Tajalizadehkhoob (TU Delft), Kyle Soska (CMU), Ugur Akyazi (TU Delft), Carlos Gañán (TU Delft), Bram Klievink (TU Delft), Nicolas Christin (CMU), and Michel van Eeten (TU Delft)
Ever wondered how the professional side of the Dark Web is making money by providing cybercrime services to all sizes of malicious ‘businesses’? Take a look at our open access paper measuring the commoditization of cybercrime via online markets and find out how much money criminals make on the Internet by selling cybercrime services: www.tudelft.nl/en/2018/tu-delft/first-large-scale-market-analysis-of-underground-cybercrime-economy/
CCS: Investigating System Operators’ Perspective on Security Misconfigurations
Constanze Dietrich (BHT), Katharina Krombholz (CISPA), Kevin Borgolte (UCSB), Tobias Fiebig (TU Delft)
Have you ever wondered why most computer systems have a security breach sooner or later? Often, these happen due to simple human error and dramatic oversights. Read our paper on security misconfigurations to learn how to protect your company against these issues.
Find a pre-print here: https://homepage.tudelft.nl/2x09j/pdf/ccs2018.pdf
And the final version in October here: https://doi.org/10.1145/3243734.3243794