Identifying and Preventing Large-scale Internet Abuse

The widespread access to the Internet and the ubiquity of web-based services make it easy to communicate and interact globally. Unfortunately, the software and protocols implementing the functionality of these services are often vulnerable to attacks. In turn, an attacker can exploit them to compromise, take over, and abuse the services for her own nefarious purposes. In this dissertation, we aim to better understand such attacks, and we develop methods and algorithms to detect and prevent them, which we evaluate on large-scale datasets.First, we detail Meerkat, a system to detect a visible way in which websites are being compromised, namely website defacements. They can inflict significant harm on the websites’ operators through the loss of sales, the loss in reputation, or because of legal ramifications. Meerkat requires no prior knowledge about the websites’ content or their structure, but only the Uniform Resource Identifier (URI) at which they can be reached. By design, Meerkat mimics how a human analyst decides if a website was defaced when viewing it in a browser, by using computer vision techniques. Thus, it tackles the problem of detecting website defacements through their attention-seeking nature, their goal and purpose, rather than code or data artifacts that they might exhibit. In turn, it is much harder for an attacker to evade our system, as she needs to change her modus operandi. When Meerkat detects a website as defaced, the website can automatically be put into maintenance mode or restored to a known good state.An attacker, however, is not limited to abuse a compromised website in a way that is visible to the website’s visitors. Instead, she can misuse the website to infect its visitors with malicious software (malware). Although malware is well studied, identifying malicious websites remains a major challenge in today’s Internet. Second, we introduce Delta, a novel, purely static analysis approach that extracts change-related features between two versions of the same website, uses machine learning to derive a model of website changes, detects if an introduced change was malicious or benign, identifies the underlying infection vector based on clustering, and generates an identifying signature. Furthermore, due to the way Delta clusters campaigns, it can uncover infection campaigns that leverage specific vulnerable applications as a distribution channel, and it can greatly reduce the human labor necessary to uncover the application responsible for a service’s compromise.Third, we investigate the practicality and impact of domain takeover attacks, which an attacker can similarly abuse to spread misinformation or malware, and we present a defense on how such takeover attacks can be rendered toothless. Specifically, the new elasticity of Internet resources, in particular Internet protocol (IP) addresses in the context of Infrastructure-as-a-Service cloud service providers, combined with previously made protocol assumptions can lead to security issues. In Cloud Strife, we show that this dynamic component paired with recent developments in trust-based ecosystems (e.g., Transport Layer Security (TLS) certificates) creates so far unknown attack vectors. For example, a substantial number of stale domain name system (DNS) records points to readily available IP addresses in clouds, yet, they are still actively attempted to be accessed. Often, these records belong to discontinued services that were previously hosted in the cloud. We demonstrate that it is practical, and time and cost-efficient for attackers to allocate the IP addresses to which stale DNS records point. Further considering the ubiquity of domain validation in trust ecosystems, an attacker can impersonate the service by obtaining and using a valid certificate that is trusted by all major operating systems and browsers, which severely increases the attackers’ capabilities. The attacker can then also exploit residual trust in the domain name for phishing, receiving and sending emails, or possibly distributing code to clients that load remote code from the domain (e.g., loading of native code by mobile apps, or JavaScript libraries by websites). To prevent such attacks, we introduce a new authentication method for trust-based domain validation that mitigates staleness issues without incurring additional certificate requester effort by incorporating existing trust into the validation process.Finally, the analyses of Delta, Meerkat, and Cloud Strife have made use of large-scale measurements to assess our approaches’ impact and viability. Indeed, security research in general has made extensive use of exhaustive Internet-wide scans over the recent years, as they can provide significant insights into the state of security of the Internet (e.g., if classes of devices are behaving maliciously, or if they might be insecure and could turn malicious in an instant). However, the address space of the Internet’s core addressing protocol (Internet Protocol version 4; IPv4) is exhausted, and a migration to its successor (Internet Protocol version 6; IPv6), the only accepted long-term solution, is inevitable. In turn, to better understand the security of devices connected to the Internet, in particular Internet of Things devices, it is imperative to include IPv6 addresses in security evaluations and scans. Unfortunately, it is practically infeasible to iterate through the entire IPv6 address space, as it is 296 times larger than the IPv4 address space. Without enumerating hosts prior to scanning, we will be unable to retain visibility into the overall security of Internet-connected devices in the future, and we will be unable to detect and prevent their abuse or compromise. To mitigate this blind spot, we introduce a novel technique to enumerate part of the IPv6 address space by walking DNSSEC-signed IPv6 reverse zones. We show (i) that enumerating active IPv6 hosts is practical without a preferential network position contrary to common belief, (ii) that the security of active IPv6 hosts is currently still lagging behind the security state of IPv4 hosts, and (iii) that unintended default IPv6 connectivity is a major security issue

Letting the winter in: myth revision and the winter solstice in fantasy fiction

This is a Creative Writing thesis, which incorporates both critical writing and my own novel, Cold City. The thesis explores ‘myth-revision’ in selected works of Fantasy fiction. Myth-revision is defined as the retelling of traditional legends, folk-tales and other familiar stories in such as way as to change the story’s implied ideology. (For example, Angela Carter’s ‘The Company of Wolves’ revises ‘Red Riding Hood’ into a feminist tale of female sexuality and empowerment.) Myth-revision, the thesis argues, has become a significant trend in Fantasy fiction in the last three decades, and is notable in the works of Terry Pratchett, Neil Gaiman and Philip Pullman. Despite its incorporation of supernatural elements, myth-revision is an agnostic or even atheistic phenomenon, which takes power from deities and gives it to moral humans instead. As such it represents a rebellion against the ‘Founding Fathers’ of Fantasy, writers such as Tolkien or CS Lewis, whose works stress the rightful superiority of divine figures. The thesis pays particular attention to how the myths surrounding the Winter Solstice are revised in this kind of fiction. Part One consists of my novel Cold City, with appropriate annotations. In Part Two, Chapter One compares and contrasts Philip Pullman’s His Dark Materials with CS Lewis’s The Chronicles of Narnia. It argues that Pullman’s sequence of children’s novels is an anti-Narnia, which revises CS Lewis’s conservative Christian allegory into one supporting Pullman’s secular humanist viewpoint. Chapter Two explores myth-revision in Elizabeth Hand’s novel of adult Fantasy Winterlong. It examines how Hand ‘revises’ the Hellenic myth of the god Dionysos, especially as it is related to Euripides’ tragedy The Bacchae. Chapter Three examines the use of ‘Ragnarok’ – the ancient Norse myth of the end of the world – in Cold City

Deductive Verification of Concurrent Programs and its Application to Secure Information Flow for Java

Formal verification of concurrent programs still poses a major challenge in computer science. Our approach is an adaptation of the modular rely/guarantee methodology in dynamic logic. Besides functional properties, we investigate language-based security. Our verification approach extends naturally to multi-threaded Java and we present an implementation in the KeY verification system. We propose natural extensions to JML regarding both confidentiality properties and multi-threaded programs

LIPIcs, Volume 251, ITCS 2023, Complete Volume

LIPIcs, Volume 251, ITCS 2023, Complete Volum

Inflated Hopes, Taxing Times: Fiscal Crisis, the Pocketbook Squeeze, and the Roots of the Tax Revolt.

For the past three decades, tax politics have been almost synonymous with conservative politics. Scholars, journalists, and pundits searching for the roots of the conservative ascendance agree that the tax revolt of the 1970s – and its signature event, Californians’ approval of the property tax-slashing Proposition 13 in 1978 – was a key turning point that helped shift both U.S. tax policy and American politics to the right. My dissertation challenges this narrative. It places the “pocketbook squeeze” facing low- and middle-income Americans at the center of the story. It demonstrates that, rather than motivated by ideological fervor, the revolt sprang from both rising tax burdens on low- and middle-income Americans and a growing realization that “loopholes” in the tax system unfairly benefited the wealthy. The revolt began quietly, nearly two decades before Prop 13, much earlier than in most accounts. The combined effect of tax rates and tax inequity pushed the public towards an inchoate – but largely left-leaning, populist – critique of the American tax system. Indeed, left-leaning tax activists with roots in labor, civil rights, and consumer activism were among the first to successfully harness the public’s tax discontent as part of a “tax justice” movement. The central questions my dissertation attempts to answer is how a movement that began with low- and middle-income Americans and was first harnessed by the left eventually came to be seen as a conservative “revolt of the haves.” Rather than inevitable, the eventual conservative triumph was a highly contingent outcome dependent on the interplay between policymakers, the parties, activists, and interest groups. Despite their state and local successes in the late-1960s and early-1970s, left-leaning tax justice activists found the post-Watergate Democratic Party to be inhospitable, thanks to the “New Democrats” increasing focus on fiscal responsibility. In contrast, many of the GOP’s leaders in the late-1970s nurtured right-leaning groups. Though they did little to assist the passage of Prop 13, which was ultimately an inchoate expression of pocketbook frustrations, conservative tax activists were well-positioned to frame its passage as their victory, forever altering the course of American tax politics.PHDIndependent Interdepartmental Degree ProgramUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/116785/1/mound_1.pd