Nick Nikiforakis (Stony Book University)

In this talk, we take a step back and argue that many varied and seemingly unrelated attacks on the web are actually symptoms of one deeper problem that has existed since the web's inception. Whether it is attacks due to expired domain names, cloaking done by malicious websites, malvertising, or even our growing distrust of the news can be largely attributed back to the issue of stateless linking. Stateless linking refers to the absence of any integrity guarantees between the time that a link for a remote resource was created, to a future time when this link is resolved by web clients. We draw on 10+ years of research to demonstrate how stateless linking and the resulting lack of content integrity is the true culprit for many of our past, current, and likely future web problems. Successfully tackling this one really challenging problem, has the potential of solving many of our web woes.

Speaker's Biography: Nick Nikiforakis (PhD'13) is an Associate Professor in the Department of Computer Science at Stony Brook University. He leads the PragSec Lab, where his students conduct research in cyber security, with a focus on web and network security. He is the author of more than 90 peer-reviewed academic publications and his work is often discussed in the popular press. He is the recipient of the National Science Foundation CAREER award (2020), the Office of Naval Research Young Investigator Award (2020), as well as a range of other security-related and privacy-related awards by federal funding agencies. Next to multiple best-paper awards, the National Security Agency awarded him the "Best Scientific Cybersecurity Paper" award for his research on certificate transparency abuse in 2023.

View More Papers

Silence False Alarms: Identifying Anti-Reentrancy Patterns on Ethereum to...

Qiyang Song (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences), Heqing Huang (Institute of Information Engineering, Chinese Academy of Sciences), Xiaoqi Jia (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences), Yuanbo Xie (Institute of Information…

Read More

Evaluating LLMs Towards Automated Assessment of Privacy Policy Understandability

Keika Mori (Deloitte Tohmatsu Cyber LLC, Waseda University), Daiki Ito (Deloitte Tohmatsu Cyber LLC), Takumi Fukunaga (Deloitte Tohmatsu Cyber LLC), Takuya Watanabe (Deloitte Tohmatsu Cyber LLC), Yuta Takata (Deloitte Tohmatsu Cyber LLC), Masaki Kamizono (Deloitte Tohmatsu Cyber LLC), Tatsuya Mori (Waseda University, NICT, RIKEN AIP)

Read More

Try to Poison My Deep Learning Data? Nowhere to...

Yansong Gao (The University of Western Australia), Huaibing Peng (Nanjing University of Science and Technology), Hua Ma (CSIRO's Data61), Zhi Zhang (The University of Western Australia), Shuo Wang (Shanghai Jiao Tong University), Rayne Holland (CSIRO's Data61), Anmin Fu (Nanjing University of Science and Technology), Minhui Xue (CSIRO's Data61), Derek Abbott (The University of Adelaide, Australia)

Read More

The State of https Adoption on the Web

Christoph Kerschbaumer (Mozilla Corporation), Frederik Braun (Mozilla Corporation), Simon Friedberger (Mozilla Corporation), Malte Jürgens (Mozilla Corporation)

Read More