Detecting and Measuring Security Risks of Hosting-Based Dangling Domains-Reference-Cited by-同舟云学术

Detecting and Measuring Security Risks of Hosting-Based Dangling Domains

Published:2023-02-27 Issue:1 Volume:7 Page:1-28
ISSN:2476-1249
Container-title:Proceedings of the ACM on Measurement and Analysis of Computing Systems
language:en
Short-container-title:Proc. ACM Meas. Anal. Comput. Syst.

Author:

Zhang Mingming¹^ORCID,Li Xiang¹^ORCID,Liu Baojun²^ORCID,Lu Jianyu³^ORCID,Zhang Yiming¹^ORCID,Chen Jianjun⁴^ORCID,Duan Haixin²^ORCID,Hao Shuang⁵^ORCID,Zheng Xiaofeng⁶^ORCID

Affiliation:

1. Tsinghua University, Beijing, China

2. Tsinghua University and Quan Cheng Laboratory, Beijing, China

3. QI-ANXIN Technology Research Institute, Beijing, China

4. Tsinghua University and Zhongguancun Laboratory, Beijing, China

5. University of Texas at Dallas, Dallas, TX, USA

6. Tsinghua University and QI-ANXIN Technology Research Institute, Beijing, China

Abstract

Public hosting services provide convenience for domain owners to build web applications with better scalability and security. However, if a domain name points to released service endpoints (e.g., nameservers allocated by a provider), adversaries can take over the domain by applying the same endpoints. Such a security threat is called "hosting-based domain takeover''. In recent years, a large number of domain takeover incidents have occurred; even well-known websites like the subdomains of microsoft.com have been impacted. However, until now, there has been no effective detection system to identify these vulnerable domains on a large scale. In this paper, we fill this research gap by presenting a novel framework, HostingChecker, for detecting domain takeovers. Compared with previous work, HostingChecker expands the detection scope and improves the detection efficiency by: (i) systematically identifying vulnerable hosting services using a semi-automated method; and (ii) effectively detecting vulnerable domains through passive reconstruction of domain dependency chains. The framework enables us to detect the subdomains of Tranco sites on a daily basis. We evaluate the effectiveness of HostingChecker and eventually detect 10,351 subdomains from Tranco Top-1M apex domains vulnerable to domain takeover, which are over 8× more than previous findings. Furthermore, we conduct an in-depth security analysis on the affected vendors, like Amazon and Alibaba, and gain a suite of new insights, including flawed implementation of domain ownership validation. Following responsible disclosure processes, we have reported issues to the security response centers of affected vendors, and some (e.g., Baidu and Tencent) have adopted our mitigation.

Funder

National Natural Science Foundation of China

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Hardware and Architecture,Safety, Risk, Reliability and Quality,Computer Science (miscellaneous)

Link

https://dl.acm.org/doi/pdf/10.1145/3579440

Reference67 articles.

1. 2018. HackerOne: A Guide To Subdomain Takeovers. https://www.hackerone.com/application-security/guide-subdomain-takeovers. 2018. HackerOne: A Guide To Subdomain Takeovers. https://www.hackerone.com/application-security/guide-subdomain-takeovers.

2. 2020. 670 Subdomains of Microsoft are Vulnerable to Takeover. https://vullnerability.com/blog/microsoft-subdomain-account-takeover. 2020. 670 Subdomains of Microsoft are Vulnerable to Takeover. https://vullnerability.com/blog/microsoft-subdomain-account-takeover.

3. 2020. American News Site's Subdomains Left Open for Takeover. https://www.wizcase.com/blog/cbslocal-vulnerabilty-research/. 2020. American News Site's Subdomains Left Open for Takeover. https://www.wizcase.com/blog/cbslocal-vulnerabilty-research/.

4. 2021. Alibaba Cloud. https://www.alibabacloud.com/. 2021. Alibaba Cloud. https://www.alibabacloud.com/.

5. 2021. Amazon Web Services. https://aws.amazon.com/. 2021. Amazon Web Services. https://aws.amazon.com/.

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Detecting Subdomain TakeOver Threats and Real-Time Alerting for Rapid Response;2023 26th International Conference on Computer and Information Technology (ICCIT);2023-12-13

2. Detecting and Measuring Security Risks of Hosting-Based Dangling Domains;ACM SIGMETRICS Performance Evaluation Review;2023-06-26

3. Detecting and Measuring Security Risks of Hosting-Based Dangling Domains;Abstract Proceedings of the 2023 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems;2023-06-19

4. A Survey on X.509 Public-Key Infrastructure, Certificate Revocation, and Their Modern Implementation on Blockchain and Ledger Technologies;IEEE Communications Surveys & Tutorials;2023