“软件智能分析”学术沙龙第三次活动将于2017年8月21日(星期一)下午两点半在中国科学院软件研究所5号楼334会议室举行。本次活动由中国科学院软件研究所软件智能分析协同创新团队和InForSec网安国际学术论坛共同举办,有幸邀请到了来自美国加州大学伯克利分校的“MacAuthur天才奖”“世界杰出青年创新家”等奖项获得者、国际四大安全会议论文数第一的Dawn Song教授,以及来自美国加州大学河滨分校的学术新星Chengyu Song博士,两位顶尖学者将带来精彩报告,分别介绍AI与安全的相辅相成、实用化防护方案的最新进展等。报告将通过InForSec论坛网上实时转播,敬请关注。
主办:中国科学院软件研究所软件智能分析协同创新团队
InForSec网安国际学术论坛
时间:2017年8月21日(周一)下午14:30-16:30
地点:中国科学院软件研究所5号楼334会议室
时间 | 主讲嘉宾 | 主题 | |
14:30–16:30 | 主持人:张超 清华大学 | ||
14:30–15:30 | 学术报告 | Dawn Song | AI and Security: lessons, challenges and future directions |
15:30–16:30 | 学术报告 | Chengyu Song | Efficient Protection of Path-Sensitive Control Security |
内容摘要及嘉宾介绍
Dawn Song教授,加州大学伯克利分校
题目: AI and Security: lessons, challenges and future directions
摘要:
In this talk, I will talk about challenges and exciting new opportunities at the intersection of AI and Security, how AI and deep learning can enable better security, and how Security can enable better AI. In particular, I will talk about secure deep learning and challenges and approaches to ensure the integrity of decisions made by deep learning. I will also give an overview on our work on using program analysis and transformation techniques to enable privacy-preserving data analytics and machine learning. I will also talk about how we can use deep learning for vulnerability detection. Finally, I will conclude with future directions at the intersection of AI and Security.
个人介绍:
Dawn Song is a Professor in the Department of Electrical Engineering and Computer Science at UC Berkeley. Her research interest lies in deep learning and security. She has studied diverse security and privacy issues in computer systems and networks, including areas ranging from software security, networking security, database security, distributed systems security, applied cryptography, to the intersection of machine learning and security. She is the recipient of various awards including the MacArthur Fellowship, the Guggenheim Fellowship, the NSF CAREER Award, the Alfred P. Sloan Research Fellowship, the MIT Technology Review TR-35 Award, the George Tallman Ladd Research Award, the Okawa Foundation Research Award, the Li Ka Shing Foundation Women in Science Distinguished Lecture Series Award, the Faculty Research Award from IBM, Google and other major tech companies, and Best Paper Awards from top conferences. She obtained her Ph.D. degree from UC Berkeley. Prior to joining UC Berkeley as a faculty, she was a faculty at Carnegie Mellon University from 2002 to 2007.
Chengyu Song博士,加州大学河滨分校
题目: Efficient Protection of Path-Sensitive Control Security
摘要:
Control-Flow Integrity (CFI), as a means to prevent control-flow hijacking attacks, enforces that each instruction transfers control to an address in a set of valid targets. The security guarantee of CFI thus depends on the definition of valid targets, which conventionally are defined as the result of a static analysis. Unfortunately, previous research has demonstrated that such a definition, and thus any implementation that enforces it, still allows practical control-flow attacks.
In this work, we present a path-sensitive variation of CFI that utilizes runtime path-sensitive point-to analysis to compute the legitimate control transfer targets. We have designed and implemented a runtime environment, PittyPat, that enforces path-sensitive CFI efficiently by combining commodity, low-overhead hardware monitoring and a novel runtime points-to analysis. Our formal analysis and empirical evaluation demonstrate that, compared to CFI based on static analysis, PittyPat ensures that applications satisfy stronger security guarantees, with acceptable overhead for security-critical contexts.
个人介绍:
Chengyu Song is an Assistant Professor at the Computer Science and Engineering department of UC Riverside. His primary research interests are system and software security. He received his PhD from Georgia Tech supervised by Prof. Wenke Lee and Prof. Taesoo Kim. He has published 14 papers in top security and system conferences. One of his co-authored paper won the 2015 Internet defense prize ($100k) and another one won the CSAW’15 best applied security research paper. He received his M.Eng. and B.S. from Peking University in 2010 and 2007.
软件智能分析协同创新团队介绍
中国科学院软件研究所于2016年12月,经学术委员会论证成立了“软件智能分析”协同创新团队(Collaborative Research Group on Intelligent Software Analysis,ISA Group),该团队联合了所内可信计算与信息保障实验室、计算机科学国家重点实验室等多个部门的软件分析、软件基础理论、大数据分析等方面的科研人员,是一个跨部门的协同创新队伍。该团队将面向软件深度分析需求,探索新的方法和技术,提升软件分析能力。
该团队以苏璞睿研究员课题组为主体,联合了计算机科学国家重点室蔡彦副研究员课题组、时磊副研究员课题组,并聘请了清华大学张超副教授,李琦副教授作为客座研究员,共有研究人员30余人。团队在软件动态逆向分析、恶意软件深度分析、软件漏洞分析与利用、软件分析与测试、可视化分析与程序异常检测等已方面形成了丰富的技术积累。
“软件智能分析”学术沙龙是由软件智能分析协同创新团队组织的学术交流平台,将邀请国内外学者共同研讨软件分析面临的问题、最新的进展、研究的思路等,促进软件智能分析学术交流。
关注团队科研动态,请扫描附后二维码。