Nell’ambito del programma Visiting Professor/Scientist 2018, finanziato dalla LR 7/2007 della Regione Autonoma della Sardegna, il Prof. Roberto Perdisci, Professore Associato presso la University of Georgia (USA) e Professore Associato Aggiunto presso il Georgia Institute of Technology (USA), terrà una lezione dal titolo
Domain Name System (In)Security and Abuse
mercoledì 5 dicembre alle ore 15.00
presso l’Aula Mocci del Dip. di Ing. Elettrica ed Elettronica
(Edificio G della Facoltà di Ingegneria e Architettura, Piazza D’Armi)
Abstract: The Domain Name System (DNS) is a key part of the Internet’s critical infrastructure and plays a fundamental role in securing network communications. Unfortunately, the DNS itself suffers from a number of security weaknesses that threaten to jeopardize Internet security and privacy overall. Furthermore, due to its central role, the DNS is often abused for malicious purposes, thus unwittingly facilitating different types of cybercrime.
In this lecture, we will first review how the DNS and its query protocol work. Then, we will dig deeper to investigate subtleties hidden behind the DNS’s elegance and apparent simplicity, and highlight some of its security and privacy vulnerabilities. Afterwards, we will discuss a number of proposals that have been put forth to strengthen DNS security, with particular focus on DNSSEC. Finally, we will look at how the DNS is abused by malicious software and other security threats, including Phishing and DRDoS attacks, and how security professionals and law enforcement agencies use DNS to track and remediate cyber-criminal activities.
Short Bio: Roberto Perdisci is an Associate Professor in the Computer Science department at the University of Georgia and an Adjunct Associate Professor in the Georgia Tech School of Computer Science. Before joining UGA, he earned a PhD degree at the University of Cagliari, Italy, and then joined Georgia Tech first as Research Scholar and then as Post-Doctoral Fellow in the College of Computing.
His research interests are in Computer and Network Security, with an emphasis on network-centric malware defenses, web security, forensic analysis, and telephony security. He has published over 50 papers, many of which in flagship security and networking conferences, including IEEE Security and Privacy, Usenix Security Symposium, ACM CCS, NDSS, Usenix NSDI, and ACM SIGCOMM. He is actively involved in the technical program committee of the most renowned academic conferences in computer security. In 2012, he received a US National Science Foundation CAREER award on a project titled “Automatic Learning of Adaptive Network-Centric Malware Detection Models.” He is also a recipient of the UGA Fred C. Davison Early Career Scholar Award, and of the UGA Franklin College M. G. Michael Award for Excellence in Research. His research has been funded by multiple grants from NSF, DHS, DARPA, and Intel Corporation.