Abstract: Domain Name System (DNS) is a fundamental infrastructure that supports almost all sorts of Internet activities. However, service failures and breach of DNS are not rare, though DNS was designed under the goals like resiliency from the very beginning. We argue one main reason is that the DNS ecosystem has become overly fragmented and complex, resulting in vulnerable implementations. In this talk, I'll describe our efforts in finding new DNS bugs. First, I'll talk about a new software fuzzer we developed to discover bugs of DNS resolvers automatically. Then, I'll dive into details about some prominent DNS bugs and how they can be exploited. Finally, I'll conclude the talk with an outlook for DNS-related research.
Bio: Zhou Li is an Assistant Professor at UC Irvine, EECS department, leading the Data-driven Security and Privacy Lab. Before joining UC Irvine, he worked as Principal Research Scientist at RSA Labs from 2014 to 2018. His research interests include Domain Name System (DNS), Graph Security analytics, Privacy Enhancement Technologies, and security and privacy for machine learning. He received the NSF CAREER award, Amazon Research Award, Microsoft Security AI award and IRTF Applied Networking Research Prize.
Abstract: Domain Name System (DNS) is a fundamental infrastructure that supports almost all sorts of Internet activities. However, service failures and breach of DNS are not rare, though DNS was designed under the goals like resiliency from the very beginning. We argue one main reason is that the DNS ecosystem has become overly fragmented and complex, resulting in vulnerable implementations. In this talk, I'll describe our efforts in finding new DNS bugs. First, I'll talk about a new software fuzzer we developed to discover bugs of DNS resolvers automatically. Then, I'll dive into details about some prominent DNS bugs and how they can be exploited. Finally, I'll conclude the talk with an outlook for DNS-related research.
Bio: Zhou Li is an Assistant Professor at UC Irvine, EECS department, leading the Data-driven Security and Privacy Lab. Before joining UC Irvine, he worked as Principal Research Scientist at RSA Labs from 2014 to 2018. His research interests include Domain Name System (DNS), Graph Security analytics, Privacy Enhancement Technologies, and security and privacy for machine learning. He received the NSF CAREER award, Amazon Research Award, Microsoft Security AI award and IRTF Applied Networking Research Prize.