Aqsa Kashaf

Aqsa Kashaf

(she/her/hers)

Carnegie Mellon University

Internet Resilience, DDoS attacks, Network Reconnaisance 

Aqsa is a PhD student in Carnegie Mellon University co-advised by Vyas Sekar and Yuvraj Agarwal.


Her research focuses on Network Security, particularly Distributed Denial of Service (DDoS) attacks. Currently, she is working on building reconnaisance techniques to profile the defense capabilities of DDoS defense systems. Previously, she has worked on understanding the prevalence of third-party service dependencies in modern web services. Her work on third-party dependencies also received the IETF/IRTF Applied Networking Research Prize (ANRP).The overall focus of her research is to understand the resilience of the Internet against DDoS attacks.

Tools and Metrics to Measure Web Infrastructure Health with a Focus on Availability

The web ecosystem has become increasingly complex. First, there is an increased reliance on third party managed service providers, which increase the attack surface of a website and creates single-points-of-failure in the web ecosystem. Secondly, websites use complex network functions in their infrastructure that perform critical security tasks to handle the emerging security threats. However, these network functions become single-points-of-failure in the face of an attack, causing an outage or performance degradation of the website. Hence, there is a need to identify these single-points-of-failure in the web ecosystem to ensure its resilience.

To this end, in my research, I first study the prevalence of third party service dependencies in modern web services. We focus on three critical services: DNS, CDN and certificate revocation by CAs. This helps in identifying potential single-points-of-failure resulting from consolidation in third party dependencies. We also take two snapshots in 2016 and 2020 to understand how the dependencies evolved. Moreover, I also study these dependencies in an African context to see how dependencies vary across regions and provide Africa specific insights.


In addition to studying third party service dependencies, I propose techniques to estimate the processing capacity of network functions deployed by website operators or service providers. This helps in identifying bottlenecks in their network. This knowledge will enable network operators to properly provision various network functions in their deployment such that the bottlenecks are minimized.

This proposed set of metrics and tools are meant to be used by policy makers and governments to analyze a state's resilience to web outages and direct policy efforts towards ensuring availability of services. In addition to policy makers, these  tools can also be used by service providers (e.g. websites, DNS providers, CDNs etc.) to understand their outage risks and make decisions accordingly. This work is a useful step towards establishing actionable metrics that can assist policymakers,
websites and service providers in making informed choices about their security.