Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

Posts

Collection: hacking

HITCON CTF 2019 Final

December 15, 2019

hacking @ Taipei New Horizon. No.88, Yanchang Rd., Xinyi Dist., Taipei City 110, Taiwan, China

Team: Tea-Deliverers
Rank: 1, 成功获取 DEFCON CTF 2020 决赛资格。
Core Players from NISL: Baozheng Liu , Kaiwen Shen , Yu Wang , Xingman Chen .

Collection: people

Baozheng Liu (刘保证)

Third-year master since 2017.
FIT 1-213 Tsinghua University, Beijing, China 100084
uromise # gmail.com

李冠成 (Atum)

Atum 腾讯安全玄武实验室 高级研究员
北京市 海淀区 腾讯北京总部大厦
lgcpku#gmail.com https://github.com/A7um

Guancheng Li (李冠成)

Atum
Senior reseacher, Tencent Security Xuanwu Lab, Tencent Inc.
Tencent Beijing headquarters building, Haidian District, Beijing
lgcpku#gmail.com
https://github.com/A7um

刘煜堃 (Yukun Liu)

阿里巴巴 云智能安全 高级安全工程师
浙江省 杭州市 西湖区 阿里巴巴-飞天园区
eadom666 # gmail#com

Yukun Liu (刘煜堃)

Security Engineer II, Cloud Computing Security Department, Alibaba Inc.
Apsara Park, Xihu District, Hangzhou, Zhejiang
eadom666 # gmail#com

裴中煜 (Zhongyu Pei)

阿里巴巴 猎户座实验室 安全研究员
北京市 朝阳区 阿里中心-望京A座
brieflyx # gmail.com

Zhongyu Pei (裴中煜)

Security reseacher, Orion Security Lab, Alibaba Inc.
Building 9, Block 4, Wangjing East Park, Chaoyang District, Beijing
brieflyx # gmail.com

王琰 (Yan Wang)

华为 未然实验室 安全研究员
北京市 海淀区 实创科技示范园-Q21
wangy0129 # gmail

Yan Wang (王琰)

Security reseacher, WeiRan Lab, Huawei Inc.
Building 21, No.156 Beiqing Road, Haidian District, Beijing
wangy0129 # gmail

Haochen Zeng (曾皓辰)

PhD student, University of California, Riverside.
465 Winston Chung Hall, Department of Computer Science and Engineering, University of California, Riverside
haochen.zeng10 # gmail.com
https://www.linkedin.com/in/haochen-z-a8109439
https://github.com/sgzeng

Evilhex (张少杰)

Security reseacher, Orion Security Lab, Alibaba Inc.
Haidian District, Beijing
zsjevilhex # gmail.com

Chao Zhang (张超)

清华大学 网络研究院 副教授
清华大学 华为冠名教授
清华大学FIT楼3-209
chaoz # tsinghua.edu.cn

Chao Zhang (张超)

Associate Professor
Huawei Endowed Professor
FIT 3-209 Tsinghua University, Beijing, China 100084
chaoz # tsinghua.edu.cn

Jia Zhang (张甲)

助理研究员
北京市海淀区清华大学FIT楼4-204,邮编:100084
zhangjia # cernet.edu.cn

Jia Zhang (张甲)

Assistant Resaerch Professor
FIT 4-204 Tsinghua University, Beijing, China 100084
zhangjia # cernet.edu.cn

邓楚云 (Chuyun Deng)

清华大学 网络与信息安全实验室;硕士研究生(2020级)
清华大学 FIT楼 1-213
dengcy20 # mails.tsinghua.edu.cn

Chuyun Deng (邓楚云)

Master (2020); Network and Information Security Lab, Tsinghua University
1-213 Room, FIT Building, Tsinghua University
dengcy20 # mails.tsinghua.edu.cn

Wende Tan

清华大学 计算机科学与技术系 硕士研究生
北京市清华大学信息科学技术大楼(FIT楼)1-213
twd2 $ 163.com

Wende Tan

Department of Computer Science and Technology, Tsinghua University
FIT 1-213 Tsinghua University, Beijing, China 100084
twd2 $ 163.com

倪远东 (Yuandong Ni)

清华大学 清华大学网络与信息安全实验室 17级硕士研究生
清华大学FIT楼4-204
nyd17#mails.tsinghua.edu.cn

Yuandong Ni (倪远东)

2017 master student of Tsinghua University
FIT 4-204 Tsinghua University, Beijing, China 100084
nyd17 # mails.tsinghua.edu.cn

岳力 (Li Yue)

清华大学 清华大学网络与信息安全实验室 18级硕士研究生
清华大学FIT楼4-206
sscoutxx#gmail.com

Li Yue (岳力)

2018 master student of Tsinghua University
FIT 4-206 Tsinghua University, Beijing, China 100084
sscoutxx#gmail.com

Fenglu Zhang (张丰露)

Tsinghua University, Network and Information Security Lab, Master candidate in 2020
Tsinghua University FIT Building 1-213
[email protected]
Network and Information Security Lab (NISL)
Institute for Network Science and Cyberspace
CTFer in Redbud, Bluelotus and Tea Deliverers

Kun Du

清华大学网络与信息安全实验室,2015级博士研究生
清华大学 FIT楼1-213

Kun Du

Network and Information Security Lab
Institute for Network Science and Cyberspace, Tsinghua University, Beijing
FIT 1-213 Tsinghua University, Beijing, China 100084

Run Guo

清华大学网络与信息安全实验室,2015级博士研究生
清华大学 FIT楼1-213

Run Guo

Network and Information Security Lab
Institute for Network Science and Cyberspace, Tsinghua University, Beijing
FIT 1-213 Tsinghua University, Beijing, China 100084

靳子豪 (Zihao Jin)

清华大学计算机科学与技术系 博士研究生
北京市 海淀区 清华大学

Kaiwen Shen (沈凯文)

Tsinghua University, Network and Information Security Lab, Ph.D.17, PhD candidate
Tsinghua University FIT Building 1-213
[email protected]
Network and Information Security Lab (NISL)
Institute for Network Science and Cyberspace
CTFer in #Redbud#, #Bluelotus# and #Tea Deliverers#

刘明烜 (Mingxuan Liu)

Master student, Institute for Network Sciences and Cyberspace, Network and Information Security Lab, Tsinghua University.
FIT 4-206, Tsinghua University, Beijing 100084, P.R.China
[email protected]

李哲铭 (Li Zheming)

清华大学 清华大学网络与信息安全实验室 20级博士研究生
清华大学FIT楼1-213
lizm20 #at mails.tsinghua.edu.cn

Li Zheming (李哲铭)

2020 Ph.D candidate of Tsinghua University
FIT 2-204 Tsinghua University, Beijing, China 100084
lizm20 #at mails.tsinghua.edu.cn

Baojun Liu (刘保君)

Network and Information Security Lab (NISL)
Postdoctoral Researcher, Tsinghua University
ICANN RSSAC Cause Member
FIT 4-204, Tsinghua University, Beijing 100084, P.R.China
Email: lbj [AT] tsinghua [dot] edu [dot] cn

Baojun Liu (刘保君)

Network and Information Security Lab (NISL)
Postdoctoral Researcher, Tsinghua University
ICANN RSSAC Cause Member
FIT 4-204, Tsinghua University, Beijing 100084, P.R.China
Email: lbj [AT] tsinghua [dot] edu [dot] cn

Qi Li (李琦)

Associate Professor, Tsinghua University
FIT 1-213 Tsinghua University, Beijing, China 100084

管云超 (Yunchao Guan)

北京邮电大学 网络空间安全学院 2017级本科生
Tea Deliverers 成员 / Nu1L 建立者之一
misty#bupt.edu.cn

郑林楷 (Linkai Zheng)

清华大学 网络与信息安全实验室 21 级硕士研究生
清华大学 FIT 楼 1-213
zhenglj17 # mails.tsinghua.edu.cn
Redbud / Tea_Deliverers 成员

Linkai Zheng (郑林楷)

Tsinghua University, Network and Information Security Lab, Master candidate. 2021
Tsinghua University FIT Building 1-213
zhenglj17 # mails.tsinghua.edu.cn
CTFer in Redbud / Tea_Deliverers

Jianwei Zhuge (诸葛建伟)

博士, 副研究员
FIT 4-204, 清华大学, 北京市海淀区, 100084
zhugejw [at] tsinghua -dot- edu -dot- cn
zhugejw [at] cernet -dot- edu -dot- cn

Jianwei Zhuge (诸葛建伟)

Associate Research Professor
FIT 4-204, Tsinghua University, Beijing, China 100084
zhugejw [at] tsinghua -dot- edu -dot- cn
zhugejw [at] cernet -dot- edu -dot- cn

Collection: projects

网络扫描器:XMap

Published:

摘要

XMap 是一款兼含 IPv6 与 IPv4 网络空间探测功能的快速扫描器,并且也是第一款学术界+工业界中专门用于 IPv6 资产快速扫描的工具。其参考 ZMap 的原理进行开发,从底层完全改写了 ZMap 的核心代码,将 ZMap 在 IPv4 网络空间的多种扫描优势移植到 IPv6 空间,并且结合我们自身最新的研究发现,增添了 IPv6 设备快速发现技术以及多端口扫描功能,且完全兼容 ZMap,具备“5分钟”扫描32位网络空间的能力。

XMap: The Internet Scanner

Published:

Abstract

XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the “5 minutes” probing speed and novel scanning techniques. XMap is capable of scanning the 32-bits address space in under 45 minutes. With a 10 gigE connection and PF_RING, XMap can scan the 32-bits address space in under 5 minutes. Moreover, leveraging the novel IPv6 scanning approach, XMap can discover the IPv6 Network Periphery fast. Furthermore, XMap can scan the network space randomly with any length and at any position, such as 2001:db8::/32-64 and 192.168.0.1/16-20. Besides, XMap can probe multiple ports simultaneously.

Collection: publications

Collection: seminars

Adversarial Text Generation

14:00-15:00pm March 05, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Mingxuan Liu .

Abstract:

A survey on existing adversarial text generation solutions and defense solutions.

The Broken Broker - MQTT

14:00-15:00pm March 26, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Yue Liu .

Abstract:

Security research on MQTT.

基于搜索引擎的漏洞分布测量

15:10-16:10pm April 09, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Yixiong Wu .

Abstract:

近年关于借助搜索引擎实现网络空间已知漏洞评估的相关研究综述。

NativeX: Native Executioner Freezes Android (ASIACCS’20)

15:10-16:10pm April 16, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Qinsheng Hou .

Abstract:

Android native process can exhaustively monopolize the system resources or the device computing resources in an unconfined manner.

差分隐私简介和研究综述

14:00-15:00pm April 16, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Deliang Chang .

Abstract:

关于差分隐私的简单介绍和相关研究的介绍。

Survey on Differential Privacy

14:00-15:00pm April 16, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Deliang Chang .

Abstract:

Brief introduction to differential privacy and related research.

FuzzGen: Automatic Fuzzer Generation (USENIX’20)

15:10-16:10pm May 07, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

本论文提出了一个自动化地为library生成fuzzer,且能够满足library function之间的依赖关系的方案。

FuzzGen: Automatic Fuzzer Generation (USENIX’20)

15:10-16:10pm May 07, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

This paper proposes a tool for automatically synthesising fuzzers for complex libraries in a given environment.

IPv6地址发现相关研究

14:00-15:00pm May 07, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Tianyu Gan, Xiang Li .

Abstract:

IPv6地址发现相关安全问题介绍及研究。

基于深度学习的恶意流量检测

15:30-16:30pm May 14, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Shuqiang Lu, Ennan Zheng .

Abstract:

基于深度学习的恶意流量检测综述。

Research on DDoS Attacks

14:00-15:00pm May 21, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Run Guo, Weizhong Li .

Abstract:

Introduction to DDoS Attacks.

Machine Unlearning

15:10-16:10pm September 24, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Wenyu Zhu .

Abstract:

提出了针对深度神经网络的遗忘训练方法

Machine Unlearning

15:10-16:10pm September 24, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Wenyu Zhu .

Abstract:

SISA training, a framework designed to achieve the largest improvements for stateful algorithms like stochastic gradient descent for deep neural networks, reduces the computational overhead associated with unlearning.

IMP4GT: IMPersonation Attacks in 4G NeTworks

14:00-15:00pm October 08, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Xiang Li .

Abstract:

利用LTE网络中用户层面流量未被完整性保护的缺陷,可以任意伪造用户设备或者LTE网络进行通信

IMP4GT: IMPersonation Attacks in 4G NeTworks

14:00-15:00pm October 08, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Xiang Li .

Abstract:

A novel IMP4GT attack that completely breaks the mutual authentication of LTE network aim on the user plane.

Rust: Security and Efficiency

15:10-16:10pm October 15, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

对 Rust 编程语言的特点、使用场景、基本语言设计以及其实现编译期内存安全和线程安全的方法进行介绍

Rust: Security and Efficiency

15:10-16:10pm October 15, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

Introduction to Rust programming language

Topic: Automata Learning

14:00-15:10pm November 05, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Kaiwen Shen .

Abstract:

分享一些利用模型学习对网络协议形式化分析的方法

Topic: Automata Learning

14:00-15:10pm November 05, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Kaiwen Shen .

Abstract:

To simply share an overview of model learning on protocol state fuzzing

英文论文写作技巧

14:00-15:10pm November 12, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Chaoyi Lu .

Abstract:

介绍一些个人常用的英文论文写作技巧

Privacy Risks of General-Purpose Language Models

14:00-15:10pm November 12, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Mingxuan Liu .

Abstract:

通用语言模型中的文本嵌入从纯文本中捕获了大量的敏感信息,可以通过逆向工程来披露受害者的敏感信息,以便进一步骚扰。

Privacy Risks of General-Purpose Language Models

14:00-15:10pm November 12, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Mingxuan Liu .

Abstract:

Text embedding from the General Purpose Language Model captures a lot of sensitive information from plain text, which can be reverse-engineered to disclose sensitive information about the victim for further harassment.

域名流行度相关论文综述

14:00-15:10pm March 04, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Qinge Xie .

Abstract:

对域名流行度排名的研究工作进行综述

域名流行度相关论文综述

14:00-15:10pm March 04, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Qinge Xie .

Abstract:

An overview of domain popularity ranking studies.

NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities

14:00-15:10pm March 25, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Xiang Li .

Abstract:

作者提出了一种新型的 DNS DoS 漏洞及对应的攻击,NXNSAttack,即不存在的 NS 记录,比已有的 NXDomain 攻击(Negative cache)危害更大。攻击者通过控制一个 authority,回复不存在 glue 记录的 NS referral 包,将 referral 指向受害者域名,利用 resolver 发起众多的查询来造成放大攻击。

Detecting Probe-resistant Proxies

14:00-15:10pm April 01, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Tianyu Gao .

Abstract:

对隐蔽代理进行探测与测量

Detecting Probe-resistant Proxies

14:00-15:10pm April 01, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Tianyu Gao .

Abstract:

Detecting Probe-resistant Proxies

Fuzzing Hardware Like Software

15:10-16:10pm April 01, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Zheming Li .

Abstract:

Translate RTL hardware to a software model and fuzz that model

Collection: talks

Security Protocols: Model Checking Standards

10:00-11:00am January 15, 2020

academic talk @ FIT Building, Room 3-225, Tsinghua University, Beijing

Speaker: Prof. David Basin, ETH Zurich

Abstract:

The design of security protocols is typically approached as an art, rather than a science, and often with disastrous consequences. But this need not be so! I have been working for ca. 20 years on foundations, methods, and tools, both for developing protocols that are correct by construction and for the post-hoc verification of existing designs. In this talk I will introduce my work in this area and describe my experience analyzing, improving, and contributing to different industry standards, both existing and upcoming.

Security Risks in Zero Knowledge Proof Cryptocurrencies

14:00-15:00pm April 09, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 彭峙酿,360高级安全专家

Abstract:

零知识证明技术目前被广泛应用于包括以太坊、门罗币、Zcash等多个区块链项目中。但其在实际应用中的安全和隐私隐患并不被大众所熟知。本议题主要通过对门罗币、Zcash上一些安全事件和漏洞的分析,和分享我们发现的一些零知识证明具体实现中的漏洞和隐患,来介绍零知识证明技术在区块链应用中存在的一些安全和隐私问题。

Thoughts on Applying Machine Learning in Security

14:00-15:00pm April 23, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 王思丁,360网络安全研究院

Abstract:

机器学习学科融合了数学中的多个领域,包括统计学、概率论、以及线性代数。机器学习能够深入挖掘大数据价值,被广泛用于电影推荐、饮食及产品购买推荐等各方面。众多大型互联网公司也运用机器学习来改进其产品及服务。将机器学习应用到网络安全已成为近年来安全领域的研究热点,为人们在决策制定、任务执行方面提供建议对策与技术支持,将专业分析人员从复杂度高且耗时巨大的工作中释放。但是,安全领域具有自己独特的数据,场景和应用特征,本次分享主要介绍机器学习在网络安全中的实际应用以及应用过程中我们需要注意的问题。

Attack XNU via Userspace Library Hijacking

14:00-15:30pm May 14, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 周智,蚂蚁金服

Abstract:

内存破坏时至今日仍然是漏洞利用的主流战场,而操作系统为了提升安全性也引入了随机化等缓解措施来提高利用门槛。本议题另辟蹊径,仅靠用户态代码劫持的逻辑漏洞,完全避开通用缓解措施,在 macOS High Sierra 上实现 100% 稳定内核提权。更为有趣的是,系统重要的安全机制 sandbox 在这里变成了漏洞利用至关重要的帮凶。

iOS/macOS 漏洞挖掘经验谈之温故知新

14:00-15:30pm June 11, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 王铁磊,盘古

Abstract:

iOS/macOS系统的漏洞挖掘是当前业界的热点。这个议题里我将分享自己在iOS/macOS 安全研究工作中的一些经验和心得,回顾我们在公开报告中埋藏过的一些彩蛋,希望对刚刚进入iOS/macOS系统漏洞挖掘领域的同学有所帮助和启发。

Revisited AI Security: From Adversarial Attacks to Application and Foundation

14:00-15:30pm July 09, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 纪守领,浙江大学

Abstract:

Recently, AI security has drawn significant attention from the academia and industry. Various kinds of adversarial attacks and defenses spring up like bamboo shoots. Now, considering more and more AI systems have been deployed and are being deployed, it is the time to comprehensively understand what is the performance of the attacks against real world systems? Furthermore, in security-critical applications, in addition to empirical evaluation, how to understand/quantify the security space of deep models is also important. In this talk, based on our previous research, I will introduce some AI security projects, as well as some recent interesting results from the adversarial example transferability and robustness quantification perspectives.

软件漏洞挖掘方法探索

10:00-11:30am August 22, 2020

academic talk @ tencent, Tsinghua University, Beijing

Speaker: 张超,清华大学

Download slides

Abstract:

模糊测试近年来成为安全研究人员的必备的漏洞挖掘工具。实践中最有效的模糊测试工具通常包含种子测试例生成、选择、变异、测试、评估、反馈等多个环节,每个环节都可以被优化改进以提升漏洞挖掘效率。我们通过改进经典模糊测试方案,提出了多个新的漏洞挖掘方案,在四大安全会议发表多篇论文,取得了不错的效果。本次报告中,演讲者将与大家分享其部分研究成果。

PeX: A Permission Check Analysis Framework for Linux Kernel

14:00-15:30pm October 08, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 申文博,浙江大学

Abstract:

Permission checks play an essential role in operating system security by providing access control to privileged functionalities. However, it is particularly challenging for kernel developers to correctly apply new permission checks and to scalably verify the soundness of existing checks due to the large code base and complexity of the kernel. In fact, Linux kernel contains millions of lines of code with hundreds of permission checks, and even worse its complexity is fast-growing.

On Manually Reverse Engineering Communication Protocols of Linux Based IoT Systems

14:00-15:30pm December 10, 2020

academic talk @ tencent, Tsinghua University, Beijing

Speaker: 凌振(东南大学)

Abstract:

IoT security and privacy has raised grave concerns. Efforts have been made to design tools to identify and understand vulnerabilities of IoT systems. Most of the existing protocol security analysis techniques rely on a well understanding of the underlying communication protocols. In this talk, we systematically present the first manual reverse engineering framework for discovering communication protocols of embedded Linux based IoT systems. We have successfully applied our framework to reverse engineer a number of IoT systems. The discovered protocols expose severe design flaws that allow attackers to control or deny the service of victim IoT devices. Our manual reverse engineering framework is generic and can be applied to both read-only and writable Embedded Linux filesystems.

软件供应链视角下的漏洞攻防

14:00-15:30pm May 13, 2021

academic talk @ 腾讯会议, Tsinghua University, Beijing

Speaker: 张源(复旦大学)

Abstract:

漏洞攻防是软件安全领域的经典研究主题。然而,随着软件行业的飞速发展,软件的研发过程已经演进为上下游紧密依赖的软件供应链模式。在软件供应链生态中,下游软件系统的漏洞管理和防护非常重要,但是却存在诸多挑战。本次报告将从漏洞的修复评估方法出发,系统性的介绍软件供应链视角下漏洞攻防研究面临的若干困难并分享目前已取得的一些初步进展。

软硬协同的系统隔离机制

14:00-15:30pm May 20, 2021

academic talk @ 腾讯会议, Tsinghua University, Beijing

Speaker: 夏虞斌(上海交通大学)

Abstract:

CPU厂商不断推出新的硬件安全与隔离的特性,Intel在最近6年发布的相关特性数量已经超过了之前的总和,利用好这些特性需要软硬件协同的设计。本次报告首先介绍了系统隔离机制作为信息产业基础设施,在云端、移动端等场景下对故障隔离和数据保护的基础性作用,然后介绍底层相关软硬件的发展现状、面临的挑战与机遇,最后介绍我们应对这些挑战所作的一些研究工作,包括已开源的RISC-V平台Enclave系统——“蓬莱”等。

实用型可搜索加密被动式攻击方法

14:00-15:30pm June 10, 2021

academic talk @ tencent, Tsinghua University, Beijing

Speaker: 宁建廷(福建师范大学)

Abstract:

实用型可搜索加密在允许一定信息泄露的前提下实现了对存储在云端密态数据的高效搜索。当前实用型密态数据搜索应用系统(如ShadowCrypt等)的构建主要基于一种名为“efficiently deployable, efficiently searchable encryption”(EDESE)的可搜索加密方案。针对EDESE方案所泄露的信息,本报告将介绍一种针对此类信息泄露的新型被动式攻击方法,进一步揭露了实用型可搜索加密信息泄露的危害。

Collection: teaching