时间:2019年9月22日 14:00~18:10
地点:国家会议中心306A会议室
主办:清华大学网络科学与网络空间研究院
承办:中国科学院软件所
网络安全研究国际学术论坛InForSec
协办:北京信息科学与技术国家研究中心
奇安信集团
第22届网络攻防国际学术会议(The 22nd International Symposium on Research in Attacks, Intrusions, and Defenses,RAID 2019)将于2019年9月23-25日在北京召开。这是RAID国际会议创办22年以来,第一次进入中国。
RAID2019 workshop将于9月22日下午,由清华大学网络科学与网络空间研究院主办,中科院软件所和网络安全研究国际学术论坛InForSec联合承办,邀请俄亥俄州立大学张殷乾、加州大学尔湾分校李洲、新加坡国立大学蔡镇隆、清华大学网研院李琦、清华大学吕勇强、加州大学河滨分校尹恒等国内外知名学人分享网络攻防最新研究成果和国际最新技术进展。内容涉及芯片安全、IoT漏洞挖掘、手机通信安全、人工智能攻击等主题,清华大学信息国家中心副研究员吕勇强还将分享他在CCS19上发布的关于CPU安全的最新成果。
(注:本次学术会议免费,不直播。)
1、张殷乾 俄亥俄州立大学教授
演讲主题:
Enhancing Intel SGX with Better Security and Privacy
内容摘要:
Intel Software Guard Extensions (SGX) is an emerging hardware feature available in modern Intel processors, which provides software applications a Trusted Execution Environment (TEE) to protect their code and data from untrusted system software. Being one of the most game-changing technologies, SGX has attracted considerable interests from both academia and industry since its debut. However, the security promises of SGX do not directly lead to strong security and privacy of software running in the TEEs. This talk will cover two research directions for enhancing Intel SGX with better security and privacy. First, it presents a set of compiler-assisted tools for protecting against side-channel attacks; second, it presents an open remote attestation framework for enhancing the openness, privacy, and performance of Intel’s current attestation model.
演讲嘉宾简介:
Prof. Yinqian Zhang is an Associate Professor of the Department of Computer Science and Engineering at The Ohio State University. His research interests span across multiple domains of computer security, including cloud security, mobile security, IoT security, software security, trusted computing, user authentication, etc. His research has been frequently published at top-tier security venues, such as IEEE S&P, ACM CCS, USENIX Security, and NDSS. Prof. Zhang was a recipient of the Google Ph.D. Fellowship in Security in 2013, CAREER Award from the National Science Foundation in 2018, Lumley Research Award and Outstanding Teaching Award from the Ohio State University in 2019, and Rising Star Award from the Association of Chinese Scholars in Computing in 2019.
2、李洲 加州大学尔湾分校(University of California, Irvine) 助理教授
演讲主题: 探索恶意蓝牙外部设备对手机安全的影响
内容摘要:
蓝牙(Bluetooth)协议已被广泛的应用于各种通信场景,例如手机和物联网。虽然蓝牙协议本身考虑到了安全问题并且说明了验证,加密,授权该如何实现,蓝牙设备(手机和外设)是否正执行这些标准并没有被系统地研究过。我们在今年NDSS的研究中发现在手机端(主要是Android),问题存在,并且不少。由于安卓对于蓝牙配置(Bluetooth Profile)的粗粒度管理,一个恶意的外设可以轻易地获得各种安卓系统权限,并且用户很难发现。基于此我们实现了各种蓝牙攻击(命名为BadBluetooth)并且在安卓上测试成功。同时,我们实现了一个细粒度的蓝牙配置管理模型来解决这些问题。通过与Google和高通的沟通,部分问题已经得到修复。
演讲嘉宾简介:
李洲是加州大学尔湾分校(University of California, Irvine)的助理教授。他的主要研究方向是大数据安全分析,侧信道,互联网测量以及物联网(IoT)安全。他在四大顶级安全会议(IEEE S&P,ACM CCS,Usenix Security,NDSS)都有文章发表,总计17篇。他同时常年在这些会议的评审委员会任职。在加入尔湾分校之前,他在安全公司RSA Security担任首席研究科学家接近五年。多项研究成果已被集成入公司产品。
3、蔡镇隆 新加坡国立大学助理研究员
演讲主题: Towards a knowledge-oriented future for binary analysis
内容摘要:
Binary analysis is a fundamental technique in software and system security. It has a wide range of applications, such as vulnerability discovery, attack response, malware analysis, and software testing and debugging. Due to the lack of high-level semantics and complex program behaviors, it is challenging for binary analysis solutions to scale up to large real-world binaries in practice. Existing solutions are often task-driven and bounded by a practical time limit, hindering a comprehensive understanding of programs and making it difficult to integrate different solutions. In this talk, we discuss our solutions, reflections, and ongoing efforts in scaling up binary analysis in a knowledge-oriented manner. We believe knowledge accumulation is the key to scale up binary analysis, where binary analysis solutions generate understandings that can be shared and reused in other solutions. Our investigation includes techniques for knowledge extraction, tools for knowledge integration, and platforms for knowledge accumulation and sharing. The accumulated knowledge not only allows broader and deeper analysis into binaries, but it also enables emerging data-driven and learning techniques to be effectively adopted in binary analysis tasks.
演讲嘉宾简介:
Dr CHUA Zheng Leong is currently a research fellow working at National University of Singapore (NUS). He co-founded NUSGreyhats, a security special interest group in NUS, participating in CTFs and vulnerability research in his free time. His publications range from data-oriented attacks and side channels to applications of learning on binary analysis. His thesis work aims to alleviate the pain of binary analysis through the introduction of an alternate, knowledge-oriented, paradigm for binary analysis where traditional binary analysis techniques are combined with machine learning and community effort to provide and manage large, diverse sources of knowledge about a binary. He received his Ph.D. degree in Computer Science from NUS in 2019 and his B.Comp in Computer Science from NUS in 2012.
4、李琦 清华大学网研院副教授
演讲主题: 声纳信号:安卓图案锁的“噩梦”
内容摘要:
手机图案锁是保护移动设备用户隐私的一种重要防护手段。然而,我们发现利用手机的硬件传感器可以非常容易突破这道防护。在这个报告中,我将展示了一种利用声纳信号破解安卓图案锁的新型方法。这种方法的破解效果不受手机所在环境的影响,而且可以同时远程破解大量用户的手机图案锁。基于真实商用手机的实验验证表明我们提出方法的攻击准确率超过90%以上。
演讲嘉宾简介:
李琦目前为清华大学副教授,研究兴趣包括互联网和云安全、移动安全以及大数据安全。研究成果被谷歌和腾讯等采纳,曾获得了2017年北京市科学技术二等奖等荣誉。发表论文包括USENIX Security、ACM CCS和IEEE/ACM汇刊等会议和期刊论文。目前是IEEE TDSC和ACM DTRAP等国际期刊的编委,国际会议RAID 2019会议副主席、以及NDSS和ACSAC等会议的程序或组织委员会委员。
5、吕勇强 清华大学信息国家中心副研究员
演讲主题:CPU安全区不安全——VoltJockey:基于电压故障注入的CPU攻击
内容摘要:
由于CPU设计初衷在安全性方面的疏忽,针对各种CPU、计算硬件的安全攻击近年来不断涌现,例如大家已经熟知的“熔断”与“幽灵”攻击,对CPU和系统安全性带来了强大的冲击。本文将和大家分享我们在安全CPU攻击方面的最新研究成果,展现如何采用硬件故障对CPU的硬件隔离设施(如TrustZone)进行攻击。不同于传统采用编程接口漏洞的攻击方式,该方法完全采用CPU的硬件漏洞,防御起来相对困难,且对于类似TrustZone的其它CPU的硬件安全扩展也有类似效果,该攻击样态也很有可能成为下一个CPU安全面临的“幽灵“,亟待业界的关注和解决。
演讲嘉宾简介:
吕勇强,1979年出生,博士,清华大学信息国家中心副研究员,主要研究认知与安全计算,围绕人机融合系统安全发表高水平论文70余篇,包括多篇领域顶级会议和期刊论文,获领域顶级会议论文奖,2014年教育部科技进步奖一等奖、2015年国家科技进步奖二等奖。
6、尹恒 加州大学河滨分校教授
演讲主题:Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
内容摘要:
Cyber attacks against IoT devices are a severe threat. These attacks exploit software vulnerabilities in IoT firmware. Fuzzing is an effective software testing technique for finding these vulnerabilities so they can be patched. In this work, we present FIRM-AFL, the first high-throughput greybox fuzzer for IoT firmware. FIRM-AFL addresses two fundamental problems in IoT fuzzing. First, it addresses compatibility issues by enabling fuzzing for POSIX-compatible firmware that can be emulated in a system emulator. Second, it addresses the performance bottleneck caused by system-mode emulation with a novel technique called augmented process emulation. By integrating system-mode emulation and usermode emulation, augmented process emulation provides high compatibility as system-mode emulation and high throughput as user-mode emulation. Our evaluation results show that (1)FIRM-AFL is fully functional and capable of finding real world vulnerabilities in IoT programs and (2) the throughput of FIRM-AFL is on average 10 times higher than system-mode emulation based fuzzing; and (3) FIRM-AFL is able to find 1-day vulnerabilities much faster than system-mode emulation based fuzzing, and is able to find 0-day vulnerabilities.
演讲嘉宾简介:
Dr. Heng Yin is an associate professor in the department of Computer Science and Engineering at University of California, Riverside. He is the director of CRESP (Center for Research and Education in Cyber Security and Privacy) at UCR. He obtained his PhD degree from College of William and Mary in 2009, and MS and BS from Huazhong University of Science and Technology in 2002 and 1999. His research interests lie in computer security, with emphasis on binary code analysis. His publications appear in top-notch technical conferences and journals, such as ACM CCS, USENIX Security, NDSS, TSE,TDSC, etc. His research is sponsored by National Science Foundation (NSF), Defense Advanced Research Projects Agency (DARPA), Air Force Office of Scientific Research (AFOSR), and Office of Navy Research (ONR). In 2011, he received prestigious NSF Career award. He was the technical co-lead of CodeJitsu, one of the seven finalists in DARPA Cyber Grand Challenge.