Nick Nikiforakis (Stony Book University)

In this talk, we take a step back and argue that many varied and seemingly unrelated attacks on the web are actually symptoms of one deeper problem that has existed since the web's inception. Whether it is attacks due to expired domain names, cloaking done by malicious websites, malvertising, or even our growing distrust of the news can be largely attributed back to the issue of stateless linking. Stateless linking refers to the absence of any integrity guarantees between the time that a link for a remote resource was created, to a future time when this link is resolved by web clients. We draw on 10+ years of research to demonstrate how stateless linking and the resulting lack of content integrity is the true culprit for many of our past, current, and likely future web problems. Successfully tackling this one really challenging problem, has the potential of solving many of our web woes.

Speaker's Biography: Nick Nikiforakis (PhD'13) is an Associate Professor in the Department of Computer Science at Stony Brook University. He leads the PragSec Lab, where his students conduct research in cyber security, with a focus on web and network security. He is the author of more than 90 peer-reviewed academic publications and his work is often discussed in the popular press. He is the recipient of the National Science Foundation CAREER award (2020), the Office of Naval Research Young Investigator Award (2020), as well as a range of other security-related and privacy-related awards by federal funding agencies. Next to multiple best-paper awards, the National Security Agency awarded him the "Best Scientific Cybersecurity Paper" award for his research on certificate transparency abuse in 2023.

View More Papers

BitShield: Defending Against Bit-Flip Attacks on DNN Executables

Yanzuo Chen (The Hong Kong University of Science and Technology), Yuanyuan Yuan (The Hong Kong University of Science and Technology), Zhibo Liu (The Hong Kong University of Science and Technology), Sihang Hu (Huawei Technologies), Tianxiang Li (Huawei Technologies), Shuai Wang (The Hong Kong University of Science and Technology)

Read More

NodeMedic-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities

Darion Cassel (Carnegie Mellon University), Nuno Sabino (IST & CMU), Min-Chien Hsu (Carnegie Mellon University), Ruben Martins (Carnegie Mellon University), Limin Jia (Carnegie Mellon University)

Read More

CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian...

Kaiyuan Zhang (Purdue University), Siyuan Cheng (Purdue University), Guangyu Shen (Purdue University), Bruno Ribeiro (Purdue University), Shengwei An (Purdue University), Pin-Yu Chen (IBM Research AI), Xiangyu Zhang (Purdue University), Ninghui Li (Purdue University)

Read More

Automated Mass Malware Factory: The Convergence of Piggybacking and...

Heng Li (Huazhong University of Science and Technology), Zhiyuan Yao (Huazhong University of Science and Technology), Bang Wu (Huazhong University of Science and Technology), Cuiying Gao (Huazhong University of Science and Technology), Teng Xu (Huazhong University of Science and Technology), Wei Yuan (Huazhong University of Science and Technology), Xiapu Luo (The Hong Kong Polytechnic University)

Read More