Abstract:

Cloud services, with their robust resources and flexible allocation capabilities, have enhanced network services by increasing their reliability and security. For example, Content Delivery Networks(CDNs), one of the most popular cloud services, have been deployed widely as the best practice defense solution against Distributed Denial of Service (DDoS) attacks. Great power of cloud service must come with great responsibilities. However, great power with great vulnerabilities, could be potentially abused and transformed into the weapon of mass destruction in the cyberspace.

In this context, Professor Duan and his team have undertaken extensive research in recent years. They have conducted deep examinations of security vulnerabilities in cloud services, especially Content Delivery Networks (CDN) and Domain Name System (DNS). They have shed light on how attackers could ingeniously misuse these resources to construct potent offensive tools. Additionally, they have proposed solutions for patching these vulnerabilities and mitigation to enhance the security of some cloud services such as DNS and CDN. Professor Duan envisions that their research could spark some thoughtful discussions to ensure that the powerful cloud becomes a powerful protection rather than a huge threat.

Bio :

Haixin Duan is a professor of the Institute for Network Sciences and Cyberspace, Tsinghua University. He got his Ph.D from Computer Science department of Tsinghua University and was once a visiting scholar and senior scientist of the International Computer Science Institute (ICSI) in UC Berkeley. Professor Duan focuses his teach and research on network security, including security of Internet infrastructure like domain name system (DNS), web and public key infrastructures (PKI) and cloud services. Together with his team, professor Duan has found a lot of critical vulnerabilities of DNS, HTTP/HTTPS, CDN and Web PKI, which impact most leading internet companies and open source vendors like Google, Apple, Microsoft, Amazon, Akamai, CloudFlare, Apache, ISC and etc. Their research have promoted the leading companies or open source community to upgrade their services and products many times, and promoted IETF and other organizations to modify several protocol standards to enhance security. Prof. Duan publishes most of these findings in top security conferences (USENIX Security, Security&Privacy, CCS and NDSS) and won several best paper awards in CCS, NDSS and DSN. As the founder of Blue-Lotus (Once a famous CTF team based in Tsinghua), InForSec (an International Forum for Security Research), and DataCon (a data security competition), prof. Duan has been an active contributor to the Chinese community of security research and education for many years.