• Explore
    • Contact Us
  • Faculty
  • Research
    • Research Areas
    • Research Centers
  • Graduate Degrees
    • Computer Science Programs
    • Current Graduate Students
  • Undergraduate Degrees
  • News & Events
    • News
    • Seminar Series
    • Distinguished Lecture Series
    • Research Showcase
  • Apply Now
    • Undergraduate Admissions
    • Graduate Admissions
    • Faculty Candidates

CS/NetSys Seminar Series – Prof. Zhiyun Qian (UC Riverside) – Off-path TCP Exploits: An Oversight Yesterday, A Lingering Threat Today

Date: December 9, 2016

Speaker: Prof. Zhiyun Qian, UC Riverside

Location: DBH 6011

Time: 11am – 12pm

Host: Ardalan Amiri Sani

Title: Off-path TCP Exploits: An Oversight Yesterday, A Lingering Threat Today

Abstract: In this talk, I will discuss the history of off-path TCP attacks and their relationship with side channels. I will demonstrate the multitude of different ways realistic and powerful off-path TCP attacks can be conducted using a variety of side channels. Very recently, we show that a pure off-path attack can be carried out against Linux hosts without being able to run any malicious code on either the client or server. Essentially the attacker can infer if any two arbitrary hosts on the Internet are communicating using a TCP connection. Further, if the connection is present, such an off-path attacker can also infer the TCP sequence numbers in use, from both sides of the connection; this in turn allows the attacker to cause connection termination and perform data injection attacks. I will conclude by giving the insights on how to systematically discover and fix such problems.

Bio: Dr. Zhiyun Qian is an assistant professor at University of California, Riverside. His research interest is on system and network security, including Internet security (e.g., TCP/IP), Android security, side channels, infrastructure security (e.g., cellular networks). He has a passion to discover real-world security flaws with insights and help from program analysis tools. His recent TCP work has been awarded the “most creative idea” at GeekPwn and one of the three Facebook Internet Defense Prize finalists at USENIX Security 2016. He obtained his Ph.D. degree in CSE from University of Michigan in 2012.


Return to the Fall 2016 CS Seminar Series Schedule

Latest news

  • Wired: “Google Has a Plan to Stop Its New AI From Being Dirty and Rude” (Sameer Singh quoted) May 12, 2022
  • NSF Announces 2022 Graduate Research Fellows May 2, 2022
  • Alumni Spotlight: Ludovico Verniani ’21 Rewards Adventure With Quadra App April 28, 2022
  • UCI Celebration of Teaching Honors Three ICS Faculty Members April 26, 2022
  • UCI Machine Learning Repository to Host 2022 ML Hackathon April 26, 2022
  • © 2022 UC Regents
  • Feedback
  • Privacy Policy