Detecting and Measuring Security Risks of Hosting-Based Dangling Domains

Q4 Computer Science
Mingming Zhang, Xiang Li, Baojun Liu, JianYu Lu, Yiming Zhang, Jianjun Chen, Haixin Duan, Shuang Hao, Xiaofeng Zheng
{"title":"Detecting and Measuring Security Risks of Hosting-Based Dangling Domains","authors":"Mingming Zhang, Xiang Li, Baojun Liu, JianYu Lu, Yiming Zhang, Jianjun Chen, Haixin Duan, Shuang Hao, Xiaofeng Zheng","doi":"10.1145/3606376.3593534","DOIUrl":null,"url":null,"abstract":"Public hosting services offer a convenient and secure option for creating web applications. However, adversaries can take over a domain by exploiting released service endpoints, leading to hosting-based domain takeover. This threat has affected numerous popular websites, including the subdomains of microsoft.com. However, no effective detection system for identifying vulnerable domains at scale exists to date. This paper fills the research gap by presenting a novel framework, HostingChecker, for detecting domain takeovers. HostingChecker expands detection scope and improves efficiency compared to previous work by: (i) identifying vulnerable hosting services using a semi-automated method; and (ii) detecting vulnerable domains through passive reconstruction of domain dependency chains. The framework enables us to detect the subdomains of Tranco sites on a daily basis. It discovers 10,351 vulnerable subdomains under Tranco Top-1M apex domains, which is over 8× more than previous findings, demonstrating its effectiveness. Furthermore, we conduct an in-depth security analysis on the affected vendors (e.g., Amazon, Alibaba) and gain a suite of new insights, including flawed domain ownership validation implementation. In the end, we have reported the issues to the security response centers of affected vendors, and some (e.g., Baidu and Tencent) have adopted our mitigation. The full paper is provided in [2].","PeriodicalId":35745,"journal":{"name":"Performance Evaluation Review","volume":"99 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Performance Evaluation Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3606376.3593534","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 0

Abstract

Public hosting services offer a convenient and secure option for creating web applications. However, adversaries can take over a domain by exploiting released service endpoints, leading to hosting-based domain takeover. This threat has affected numerous popular websites, including the subdomains of microsoft.com. However, no effective detection system for identifying vulnerable domains at scale exists to date. This paper fills the research gap by presenting a novel framework, HostingChecker, for detecting domain takeovers. HostingChecker expands detection scope and improves efficiency compared to previous work by: (i) identifying vulnerable hosting services using a semi-automated method; and (ii) detecting vulnerable domains through passive reconstruction of domain dependency chains. The framework enables us to detect the subdomains of Tranco sites on a daily basis. It discovers 10,351 vulnerable subdomains under Tranco Top-1M apex domains, which is over 8× more than previous findings, demonstrating its effectiveness. Furthermore, we conduct an in-depth security analysis on the affected vendors (e.g., Amazon, Alibaba) and gain a suite of new insights, including flawed domain ownership validation implementation. In the end, we have reported the issues to the security response centers of affected vendors, and some (e.g., Baidu and Tencent) have adopted our mitigation. The full paper is provided in [2].
基于主机的悬空域安全风险检测与度量
公共托管服务为创建web应用程序提供了方便和安全的选择。然而,攻击者可以通过利用已释放的服务端点来接管域,从而导致基于主机的域接管。这种威胁已经影响了许多流行的网站,包括microsoft.com的子域名。然而,目前还没有有效的检测系统来大规模识别脆弱域。本文通过提出一个新的框架HostingChecker来填补研究空白,该框架用于检测域名接管。与以前的工作相比,HostingChecker扩展了检测范围并提高了效率:(i)使用半自动方法识别易受攻击的托管服务;(ii)通过被动重构领域依赖链来检测脆弱领域。该框架使我们能够每天检测Tranco站点的子域。在Tranco Top-1M顶级域名下发现了10351个易受攻击的子域名,比之前发现的数量增加了8倍以上,证明了其有效性。此外,我们对受影响的供应商(如亚马逊、阿里巴巴)进行了深入的安全分析,并获得了一套新的见解,包括有缺陷的域名所有权验证实现。最后,我们已经向受影响厂商的安全响应中心报告了这些问题,一些厂商(例如百度和腾讯)已经采用了我们的缓解措施。全文见[2]。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Performance Evaluation Review
Performance Evaluation Review Computer Science-Computer Networks and Communications
CiteScore
1.00
自引率
0.00%
发文量
193
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信