On Jan. 22, Apple released a security content update for its mac Operating System (macOS) and acknowledged UCR grad student and doctoral candidate Fatemah Alharbi for her contributions to the patch.
Alharbi’s contributions are attributed to test attacks on computer operating systems (OS); the tests revealed flaws in many OS types, including Windows, macOS and Ubuntu Linux, that could allow attackers to steal OS caches and the personal information they contain. The full paper explaining the study can be found online, titled “Collaborative Client-Side DNS Cache Poisoning Attack”.
Alharbi’s doctoral advisor Nael Abu-Ghazaleh co-authored the study’s paper alongside Zhiyun Qian, both professors of computer science and engineering. The Highlander reached out to all three of them for comments on the acknowledgements, with Qian unavailable to offer response.
Ghazaleh wrote that the attacks focused on the Domain Naming System (DNS), elaborating that it is “a critical service on the internet responsible for translating domain names such as ucr.edu to their equivalent IP address which is used in establishing connections.” Alharbi’s studies showed that attackers can inject their own translation, noted by Ghazaleh as a “cache poison attack.”
The attack would allow hackers to “hijack connections to any domain and point them at their own webserver (sic), where they can capture passwords and other critical information.” Ghazaleh pointed out that while poison attacks are not new, the attacks of the study target OS caches on end devices, which send out or receive information in a network, such as computers, phones and tablets. He noted that UCR can benefit from the improved security, referring for example to his lab, which contains macOS and Linux-powered machines, both of which were found vulnerable during research.
Alharbi mentioned that the study was performed as part of her dissertation; “The most difficult part of a Ph.D (sic) study is to find an idea that has never been studied before,” she said. “I have always had a passion for cybersecurity, so I started reading lots of papers related to this field, but this was not enough especially for a student who just started Ph.D.” To better find her research topic she spoke with several students and professors, some of who co-authored the research paper.
“Consequently, we found that the client-side DNS cache poisoning attack has never been technically and practically studied before; thus, I decided to choose this project as my first project in my Ph.D (sic) study,” she said.
Ghazaleh later called attention to the praise that Alharbi has received in both the U.S. and her home country of Saudi Arabia, as well as across the “Arab World.” Specifically, “she was featured on many major TV channels (including Alarabiya (a popular news channel in the Middle East)) and in print.”
Alharbi mentioned that because of her work, she has received job offers from various companies, including Facebook, Google, Microsoft and others; she’s even heard from companies in Saudi Arabia. When asked about the recognition, she responded that “I think anyone of us hopes to add his (or her) own fingerprint in his (or her) field of specialty. I personally haven’t thought that a big company like Apple would acknowledge by my name as a contributor in one of its security updates. I am very honored for that and this gives me the courage and commitment to continue in this path, the path of scientific and applied research.”
Alharbi finds that anyone has the capability to do what she’s done: “No matter if you are a student, professor, or any other person, if you have the passion to do research, you will always try to make a change that would have an impact,” she said.
Ghazaleh also stated that because of Alharbi’s accomplishments, “she is a role model for young women in Saudi Arabia.” With the title in mind Alharbi gave a message to her “Saudi Arabian sisters … the government is moving toward a more modernized society, especially in the technology sector, and this comes after the announcement of the Saudi Vision 2030 in 2016 by the Crown Prince Mohammed Bin Salman (colloquially known as MbS). There is tremendous work and effort to empower Saudi women in technology. I think we are capable to be part of this change (sic) that would have a good impact not only to Saudi Arabia but also to the whole world.”
Apple is currently the only one to have addressed Alharbi’s findings, even though vulnerabilities were found in Windows and Linux systems; “there are sometimes reasons such as potential impact of defenses on other software that uses the service which companies weigh against their perception of the threat,” Ghazaleh explained. Alharbi did say that Microsoft and Ubuntu are considering “mitigation strategies.”
Alharbi and Ghazaleh wrote that the research and its findings will be presented at the IEEE International Conference on Computer Communications (INFOCOM), called a “top tier conference in computer networks” by Ghazaleh, in Paris this coming May.