学术报告

English Talks

2021

1-xiayubin.jpeg-2

软硬协同的系统隔离机制

14:00-15:30pm May 20, 2021

academic talk @ 腾讯会议, Tsinghua University, Beijing

Speaker: 夏虞斌(上海交通大学)

Abstract:

CPU厂商不断推出新的硬件安全与隔离的特性,Intel在最近6年发布的相关特性数量已经超过了之前的总和,利用好这些特性需要软硬件协同的设计。本次报告首先介绍了系统隔离机制作为信息产业基础设施,在云端、移动端等场景下对故障隔离和数据保护的基础性作用,然后介绍底层相关软硬件的发展现状、面临的挑战与机遇,最后介绍我们应对这些挑战所作的一些研究工作,包括已开源的RISC-V平台Enclave系统——“蓬莱”等。

1-yuanzhang.png-2

软件供应链视角下的漏洞攻防

14:00-15:30pm May 13, 2021

academic talk @ 腾讯会议, Tsinghua University, Beijing

Speaker: 张源(复旦大学)

Abstract:

漏洞攻防是软件安全领域的经典研究主题。然而,随着软件行业的飞速发展,软件的研发过程已经演进为上下游紧密依赖的软件供应链模式。在软件供应链生态中,下游软件系统的漏洞管理和防护非常重要,但是却存在诸多挑战。本次报告将从漏洞的修复评估方法出发,系统性的介绍软件供应链视角下漏洞攻防研究面临的若干困难并分享目前已取得的一些初步进展。

2020

凌振(东南大学)

On Manually Reverse Engineering Communication Protocols of Linux Based IoT Systems

14:00-15:30pm December 10, 2020

academic talk @ tencent, Tsinghua University, Beijing

Speaker: 凌振(东南大学)

Abstract:

IoT security and privacy has raised grave concerns. Efforts have been made to design tools to identify and understand vulnerabilities of IoT systems. Most of the existing protocol security analysis techniques rely on a well understanding of the underlying communication protocols. In this talk, we systematically present the first manual reverse engineering framework for discovering communication protocols of embedded Linux based IoT systems. We have successfully applied our framework to reverse engineer a number of IoT systems. The discovered protocols expose severe design flaws that allow attackers to control or deny the service of victim IoT devices. Our manual reverse engineering framework is generic and can be applied to both read-only and writable Embedded Linux filesystems.

申文博,浙江大学

PeX: A Permission Check Analysis Framework for Linux Kernel

14:00-15:30pm October 08, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 申文博,浙江大学

Abstract:

Permission checks play an essential role in operating system security by providing access control to privileged functionalities. However, it is particularly challenging for kernel developers to correctly apply new permission checks and to scalably verify the soundness of existing checks due to the large code base and complexity of the kernel. In fact, Linux kernel contains millions of lines of code with hundreds of permission checks, and even worse its complexity is fast-growing.

1-chao2017.jpg-2

软件漏洞挖掘方法探索

10:00-11:30am August 22, 2020

academic talk @ tencent, Tsinghua University, Beijing

Speaker: 张超,清华大学

Download slides

Abstract:

模糊测试近年来成为安全研究人员的必备的漏洞挖掘工具。实践中最有效的模糊测试工具通常包含种子测试例生成、选择、变异、测试、评估、反馈等多个环节,每个环节都可以被优化改进以提升漏洞挖掘效率。我们通过改进经典模糊测试方案,提出了多个新的漏洞挖掘方案,在四大安全会议发表多篇论文,取得了不错的效果。本次报告中,演讲者将与大家分享其部分研究成果。

纪守领,浙江大学

Revisited AI Security: From Adversarial Attacks to Application and Foundation

14:00-15:30pm July 09, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 纪守领,浙江大学

Abstract:

Recently, AI security has drawn significant attention from the academia and industry. Various kinds of adversarial attacks and defenses spring up like bamboo shoots. Now, considering more and more AI systems have been deployed and are being deployed, it is the time to comprehensively understand what is the performance of the attacks against real world systems? Furthermore, in security-critical applications, in addition to empirical evaluation, how to understand/quantify the security space of deep models is also important. In this talk, based on our previous research, I will introduce some AI security projects, as well as some recent interesting results from the adversarial example transferability and robustness quantification perspectives.

1-tielei.jpg-2

iOS/macOS 漏洞挖掘经验谈之温故知新

14:00-15:30pm June 11, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 王铁磊,盘古

Abstract:

iOS/macOS系统的漏洞挖掘是当前业界的热点。这个议题里我将分享自己在iOS/macOS 安全研究工作中的一些经验和心得,回顾我们在公开报告中埋藏过的一些彩蛋,希望对刚刚进入iOS/macOS系统漏洞挖掘领域的同学有所帮助和启发。

1-zhouzhi.jpeg-2

Attack XNU via Userspace Library Hijacking

14:00-15:30pm May 14, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 周智,蚂蚁金服

Abstract:

内存破坏时至今日仍然是漏洞利用的主流战场,而操作系统为了提升安全性也引入了随机化等缓解措施来提高利用门槛。本议题另辟蹊径,仅靠用户态代码劫持的逻辑漏洞,完全避开通用缓解措施,在 macOS High Sierra 上实现 100% 稳定内核提权。更为有趣的是,系统重要的安全机制 sandbox 在这里变成了漏洞利用至关重要的帮凶。

1-SidingWang.jpeg-2

Thoughts on Applying Machine Learning in Security

14:00-15:00pm April 23, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 王思丁,360网络安全研究院

Abstract:

机器学习学科融合了数学中的多个领域,包括统计学、概率论、以及线性代数。机器学习能够深入挖掘大数据价值,被广泛用于电影推荐、饮食及产品购买推荐等各方面。众多大型互联网公司也运用机器学习来改进其产品及服务。将机器学习应用到网络安全已成为近年来安全领域的研究热点,为人们在决策制定、任务执行方面提供建议对策与技术支持,将专业分析人员从复杂度高且耗时巨大的工作中释放。但是,安全领域具有自己独特的数据,场景和应用特征,本次分享主要介绍机器学习在网络安全中的实际应用以及应用过程中我们需要注意的问题。

1-ZhiniangPeng.jpg-2

Security Risks in Zero Knowledge Proof Cryptocurrencies

14:00-15:00pm April 09, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 彭峙酿,360高级安全专家

Abstract:

零知识证明技术目前被广泛应用于包括以太坊、门罗币、Zcash等多个区块链项目中。但其在实际应用中的安全和隐私隐患并不被大众所熟知。本议题主要通过对门罗币、Zcash上一些安全事件和漏洞的分析,和分享我们发现的一些零知识证明具体实现中的漏洞和隐患,来介绍零知识证明技术在区块链应用中存在的一些安全和隐私问题。