Speaker(s): Dr. Haixin Duan
The most popular protocols, like HTTP and TLS, are designed following the End-to-End principle, which was cherished by most pioneers of Internet. However, with the evolutionary development of the Internet, middle boxes (firewall, cache, proxy, CDN and etc.) have been extensively deployed in current Internet communication, especially in web applications. While Box-In-The-Middle(BITM) improves security, performance and availability, it introduces many new vulnerabilities as well. Professor Duan will introduce security threats of BITM in web communications, including injection of Ads or malicious content, leakage of privacy, cache poisoning and denial of service. He will also give some mitigation solutions for the threats which might be helpful for Internet applications designers, developers and service providers.
Dr. Haixin Duan is a professor at the Institute for Network Science and Cyberspace, Tsinghua University.He was once a visiting scholar at UC Berkeley and a senior scientist in International Computer Science Institute(ICSI). Dr. Duan has been working on network security for more than 20 years. His recent research interests include protocol security, intrusion detection, underground economy detection and etc. Some of his research results were deployed by industries like Baidu, and published in top security conferences like Security & Privacy, USENIX Security, CCS and NDSS.