Biblio

Filters: Author is Krishnamurthy, Balachander  [Clear All Filters]
2018-11-19
Liu, Chang, Raghuramu, Arun, Chuah, Chen-Nee, Krishnamurthy, Balachander.  2017.  Piggybacking Network Functions on SDN Reactive Routing: A Feasibility Study. Proceedings of the Symposium on SDN Research. :34–40.

This paper explores the potential of enabling SDN security and monitoring services by piggybacking on SDN reactive routing. As a case study, we implement and evaluate a piggybacking based intrusion prevention system called SDN-Defense. Our study of university WiFi traffic traces reveals that up to 73% of malicious flows can be detected by inspecting just the first three packets of a flow, and 90% of malicious flows from the first four packets. Using such empirical insights, we propose to forward the first K packets of each new flow to an augmented SDN controller for security inspection, where K is a dynamically configurable parameter. We characterize the cost-benefit trade-offs of SDN-Defense using real wireless traces and discuss potential scalability issues. Finally, we discuss other applications which can be enhanced by using our proposed piggybacking approach.

2017-09-11
Mundada, Yogesh, Feamster, Nick, Krishnamurthy, Balachander.  2016.  Half-Baked Cookies: Hardening Cookie-Based Authentication for the Modern Web. Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. :675–685.

Modern websites use multiple authentication cookies to allow visitors to the site different levels of access. The complexity of modern web applications can make it difficult for a web application programmer to ensure that the use of authentication cookies does not introduce vulnerabilities. Even when a programmer has access to all of the source code, this analysis can be challenging; the problem becomes even more vexing when web programmers cobble together off-the-shelf libraries to implement authentication. We have assembled a checklist for modern web programmers to verify that the cookie based authentication mechanism is securely implemented. Then, we developed a tool, Newton, to help a web application programmer to identify authentication cookies for specific parts of the website and to verify that they are securely implemented according to the checklist. We used Newton to analyze 149 sites, including the Alexa top-200 and many other popular sites across a range of categories including search, shopping, and finance. We found that 113 of them–-including high-profile sites such as Yahoo, Amazon, and Fidelity–-were vulnerable to hijacking attacks. Many websites have already acknowledged and fixed the vulnerabilities that we found using Newton and reported to them.