We cordially invite you to our next CASA Invited Talk on April 24, 2026. Talks typically run for about an hour and are followed by an open discussion with the audience. The talks aim to encourage dialogue and open new perspectives in cybersecurity research.
When: April 24, 2026, 2 PM
Where: Building MB, Seminar Room 1/84
Online Participation: Zoom, Meeting-ID: 682 2314 4735, Kenncode: 051330
Abstract: Trust is predicated upon risk. Accepting vulnerability to a socio-technical system such as the Domain Name System (DNS) means accepting the possibility of harms arising from both overreliance on technical components and misplaced trust in operators, registrars, and governing bodies. Failures in technical reliability may cause inconvenience or replanning, but failures by people and institutions evoke betrayal. When risk lies primarily in the technical layer, the security community often uses the language of trustworthiness, described as correctness, reliability, and security, though this usage has been critiqued as overly broad. In this sense, DNS largely works: Verisign processes roughly 450 billion queries every day, maintains more than 170 million records, and has sustained 100 percent uptime for .com. Protections including DNSSEC and encrypted DNS continue to improve authenticity, confidentiality, and integrity, with global adoption rates of 35 percent and 24 percent, respectively. In contrast, phishing, typo-, TLD-, and combo-squatting, and brand impersonation attacks undermine users’ trust not because DNS fails as infrastructure, but because of how the namespace is managed by operators, registrars, and governing bodies. These attacks strike at the heart of trust; in conditions of naming ambiguity, users are forced to depend on the benevolence of those who steward the namespace.
The key challenge in restoring trust lies in bridging the semantic gap: in DNS the space between a syntactically correct resolution and one aligned with the user’s intended destination, between what they typed and where they meant to go. When attackers exploit this gap, users blame the attacker but also feel betrayed by the institutions responsible for protecting naming. In this talk, we present recent work with Vinny Adjibi and Fabian Monrose on recognizing and addressing this gap. We show that user naming errors are not mostly typos; semantic and visual transformations are more frequent and, in many cases, more harmful. We show that existing coping methods, such as defensive registrations, cover only a small portion of this space, even when unprotected domains receive significant real traffic. We show that UDRP, intended as the backstop for protecting names, is complex and nuanced, full of misaligned incentives that often raise issues of fairness, inevitably undermining trust. Together, these results show where trust leaks occur in DNS and what may be required to bridge the semantic gap so that naming sustains trust.
Bio: Michael Bailey is a Professor in Georgia Tech’s School of Cybersecurity and Privacy and previously served as the school’s inaugural chair. Before joining Georgia Tech, he was a Professor of Electrical and Computer Engineering at the University of Illinois at Urbana–Champaign and a Research Associate Professor at the University of Michigan. In industry, he served as Director of Engineering at Arbor Networks, where he helped develop widely deployed defenses against large-scale DDoS attacks. His research focuses on the performance and security of large-scale distributed systems and the Internet. He has published more than 100 papers and his work has appeared primarily in venues focused on Internet measurement and networked systems security, including ACM IMC, ISOC NDSS, and USENIX Security. His work has been recognized with the IRTF Applied Networking Research Prize, the Google Security & Privacy Research Award, and multiple best paper awards. He is a Fellow of both ACM and IEEE, and a former member of the USENIX Board of Directors.
