学术报告

English Talks

2020

申文博,浙江大学

PeX: A Permission Check Analysis Framework for Linux Kernel

14:00-15:30pm October 08, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 申文博,浙江大学

Abstract:

Permission checks play an essential role in operating system security by providing access control to privileged functionalities. However, it is particularly challenging for kernel developers to correctly apply new permission checks and to scalably verify the soundness of existing checks due to the large code base and complexity of the kernel. In fact, Linux kernel contains millions of lines of code with hundreds of permission checks, and even worse its complexity is fast-growing.

张超,清华大学

软件漏洞挖掘方法探索

10:00-11:30am August 22, 2020

academic talk @ tencent, Tsinghua University, Beijing

Speaker: 张超,清华大学

Download slides

Abstract:

模糊测试近年来成为安全研究人员的必备的漏洞挖掘工具。实践中最有效的模糊测试工具通常包含种子测试例生成、选择、变异、测试、评估、反馈等多个环节,每个环节都可以被优化改进以提升漏洞挖掘效率。我们通过改进经典模糊测试方案,提出了多个新的漏洞挖掘方案,在四大安全会议发表多篇论文,取得了不错的效果。本次报告中,演讲者将与大家分享其部分研究成果。

纪守领,浙江大学

Revisited AI Security: From Adversarial Attacks to Application and Foundation

14:00-15:30pm July 09, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 纪守领,浙江大学

Abstract:

Recently, AI security has drawn significant attention from the academia and industry. Various kinds of adversarial attacks and defenses spring up like bamboo shoots. Now, considering more and more AI systems have been deployed and are being deployed, it is the time to comprehensively understand what is the performance of the attacks against real world systems? Furthermore, in security-critical applications, in addition to empirical evaluation, how to understand/quantify the security space of deep models is also important. In this talk, based on our previous research, I will introduce some AI security projects, as well as some recent interesting results from the adversarial example transferability and robustness quantification perspectives.

王铁磊,盘古

iOS/macOS 漏洞挖掘经验谈之温故知新

14:00-15:30pm June 11, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 王铁磊,盘古

Abstract:

iOS/macOS系统的漏洞挖掘是当前业界的热点。这个议题里我将分享自己在iOS/macOS 安全研究工作中的一些经验和心得,回顾我们在公开报告中埋藏过的一些彩蛋,希望对刚刚进入iOS/macOS系统漏洞挖掘领域的同学有所帮助和启发。

周智,蚂蚁金服

Attack XNU via Userspace Library Hijacking

14:00-15:30pm May 14, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 周智,蚂蚁金服

Abstract:

内存破坏时至今日仍然是漏洞利用的主流战场,而操作系统为了提升安全性也引入了随机化等缓解措施来提高利用门槛。本议题另辟蹊径,仅靠用户态代码劫持的逻辑漏洞,完全避开通用缓解措施,在 macOS High Sierra 上实现 100% 稳定内核提权。更为有趣的是,系统重要的安全机制 sandbox 在这里变成了漏洞利用至关重要的帮凶。

王思丁,360网络安全研究院

Thoughts on Applying Machine Learning in Security

14:00-15:00pm April 23, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 王思丁,360网络安全研究院

Abstract:

机器学习学科融合了数学中的多个领域,包括统计学、概率论、以及线性代数。机器学习能够深入挖掘大数据价值,被广泛用于电影推荐、饮食及产品购买推荐等各方面。众多大型互联网公司也运用机器学习来改进其产品及服务。将机器学习应用到网络安全已成为近年来安全领域的研究热点,为人们在决策制定、任务执行方面提供建议对策与技术支持,将专业分析人员从复杂度高且耗时巨大的工作中释放。但是,安全领域具有自己独特的数据,场景和应用特征,本次分享主要介绍机器学习在网络安全中的实际应用以及应用过程中我们需要注意的问题。

彭峙酿,360高级安全专家

Security Risks in Zero Knowledge Proof Cryptocurrencies

14:00-15:00pm April 09, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 彭峙酿,360高级安全专家

Abstract:

零知识证明技术目前被广泛应用于包括以太坊、门罗币、Zcash等多个区块链项目中。但其在实际应用中的安全和隐私隐患并不被大众所熟知。本议题主要通过对门罗币、Zcash上一些安全事件和漏洞的分析,和分享我们发现的一些零知识证明具体实现中的漏洞和隐患,来介绍零知识证明技术在区块链应用中存在的一些安全和隐私问题。