[PAST EVENT] Colloquium talk: Guannan Liu

February 9, 2023
8:45am
Location
McGlothlin-Street Hall
251 Jamestown Rd
Williamsburg, VA 23185Map this location

Abstract: 

Networked systems provide critical infrastructure services and deliver numerous online applications to Internet users. However, the ever-increasing complexity of networked systems inevitably results in overwhelmingly complicated system configurations. In this talk, I will reveal various vulnerabilities led by system misconfiguration that threaten the security of networked systems. I will first motivate my research with an overview of the key hardware and software components in a networked system. Then, I will dive into hardware exploitations and present (1) computing resource misuse in which adversaries can exploit the abundant computing power in cloud gaming for malicious purposes and (2) cooling capacity overloading which throttles down the computing power of an entire data center. In addition, I will also discuss security threats induced by software exploitations. I will present two more security vulnerabilities including (1) identity-account inconsistency threat that compromises user accounts in Single Sign-On authentication and (2) typosquatting attack in container registries to widely distribute malicious docker images. Finally, I will conclude my talk by introducing future research directions and collaboration opportunities.


 


Bio: 

Guannan Liu is a Ph.D. candidate in the Bradley Department of Electrical and Computer Engineering at Virginia Tech. He received his bachelor’s degree in ECE at Purdue University in 2016. His research interests include System and Network Security, Human Factors, and User Authentication. Leveraging systematic and comprehensive measurement techniques, he has investigated various online services to uncover vulnerabilities led by system misconfigurations. The discovered vulnerabilities have been disclosed to large tech companies (Google, Nvidia, IBM, eBay), and the research results have been published in top-tier security venues (ACM CCS, USENIX Security, ACM WWW, and IEEE TDSC).


Zoom link for the talk: https://www.cs.wm.edu/zoom