Graduation Year
2025
Document Type
Dissertation
Degree
Ph.D.
Degree Name
Doctor of Philosophy (Ph.D.)
Degree Granting Department
Computer Science and Engineering
Major Professor
Yao Liu, Ph.D.
Committee Member
Tempestt Neal, Ph.D.
Committee Member
Hao Zheng, Ph.D.
Committee Member
Jing Wang, Ph.D.
Committee Member
Mingkui Wei, Ph.D.
Committee Member
Lingyao Li, Ph.D.
Keywords
Cloud Computing, Edge Computing, Serverless Functions, Denial-of-Service, Content Subversion, PDF, Malicious Font, Digital Signature Spoofing
Abstract
Emerging network security threats, ranging from cloud-based infrastructure attacks to web-based content subversion, pose significant challenges to modern computing environments. In this dissertation, we explore two novel attack vectors that disrupt both cloud-based infrastructures and web-based content systems.
In this dissertation, we first introduce the Warmonger attack, a novel attack vector that can cause denial-of-service between a serverless computing platform and an external content server. The Warmonger attack exploits the fact that a serverless computing platform shares the same set of egress IPs among all serverless functions, which belong to different users, to access an external content server. As a result, a malicious user on this platform can purposefully misbehave and cause these egress IPs to be blocked by the content server, resulting in a platform-wide denial of service. To validate the Warmonger attack, we ran months-long experiments, collected and analyzed the egress IP usage pattern of four major serverless service providers (SSPs). We also conducted an in-depth evaluation of an attacker’s possible moves to attack an external server and cause IP blockage. We demonstrate that some SSPs use surprisingly small numbers of egress IPs and share them among their users, and that the serverless platform provides sufficient leverage for a malicious user to conduct well-known misbehaviors and cause IP-blockage. Our study unveiled a potential security threat on the emerging serverless computing platform, and shed light on potential mitigation approaches.
In the second part of this work, we investigate security vulnerabilities in the use of fonts in digital documents and web pages, focusing on PDF documents and web-based emails. We find multiple attack surfaces that can be exploited by an adversary using malicious fonts. We conduct a comprehensive evaluation of Portable Document Format (PDF) documents collected from the real world to investigate how an attacker can bypass PDF signatures. We further evaluate the potential security threats that an attacker can bring to web-based emails. Our study shows that various security issues may be caused by the inappropriate use of fonts, which have nevertheless been overlooked in the past years. As such, guidelines promoting the secure use of fonts could be beneficial in reinforcing the security measures for digital documents and web pages.
Scholar Commons Citation
Xiong, Junjie, "New Attack Surfaces Against Emerging Cloud and Web Based Infrastructures and Defenses" (2025). USF Tampa Graduate Theses and Dissertations.
https://digitalcommons.usf.edu/etd/11025
