PragSec Lab, one of the security research labs in the Department of Computer Science directed by Assistant Professor Nick Nikiforakis, had three papers accepted for the 2017 ACM Conference on Computer and Communications Security (CCS). CCS is one of the most prestigious academic conferences of computer security and privacy, with a paper acceptance rate of only 18%.

"For several security research projects to be recognized at such a well-respected conference is a major accomplishment for Nikiforakis and all of the PragSec researchers. We are proud of this impressive group," said Samir Das, Interim Chair and Professor of Computer Science at Stony Brook.

In their first paper titled Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers doctoral researchers Meng Luo and Oleksii Starov, guided by Assistant Professor Nima Honarmand and Nikiforakis, present their work on the first browser-agnostic framework for assessing the vulnerability of modern mobile browsers. By analyzing thousands of mobile browsers and exposing them to tens of thousands of attacks, the authors discovered that mobile browsers are becoming less secure with each passing year and warned about their potential abuse by attackers.

PragSec Lab’s second paper titled The Wolf of Name Street: Hijacking Domains Through Their Nameservers PhD student Timothy Barron and Nikiforakis collaborated with three authors from KU Leuven (Thomas Vissers, Tom Van Goethem, and Wouter Joosen). The research showed that simple configuration errors (such as typos) when setting up name servers for domain names can be used to hijack tens of thousands of domain names and usurp control from their rightful owners.

Finally, in the third paper to be accepted at CCS 2017, Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse, doctoral researcher Najmeh Miramirkhani and Nikiforakis collaborated with authors from London South Bank University (Nikolaos Pitropakis) and Georgia Tech (Panagiotis Kintis, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, and Manos Antonakakis). This paper documented research which showed that attackers are actively engaging in "combosquatting", the act of registering domains that include popular trademarks (e.g. facebook-members.com and youtube-live.com) as a way of increasing user trust in their malicious domains. The authors performed a large-scale, longitudinal study of the phenomenon, quantified the abuse, and provided advice to companies and registrars.

Nikiforakis and his entire lab will be attending CCS 2017, which takes place Oct 30-Nov 3 in Dallas, TX. According to Nikiforakis, “The students and I are eager to discuss our new research with colleagues from academia and industry.”