标题:《系统安全高端学术论坛》第一期
主讲人:张阳、武建亮
报告时间:2023年7月20日14:00 – 16:00
报告地点:淦昌苑D座320
腾讯会议地址:185-425-990
报告专家1: 张阳
报告题目: Attacking Machine Learning Models
报告时间:2023年7月20日14:00 – 15:00
专家简介:
Yang Zhang (https://yangzhangalmo.github.io/) is a tenured faculty (equivalent to full professor)) at CISPA Helmholtz Center for Information Security, Germany. His research concentrates on trustworthy machine learning. Moreover, he works on measuring and understanding misinformation and unsafe content like hateful memes on the Internet. Over the years, he has published multiple papers at top venues in computer science, including CCS, NDSS, Oakland, and USENIX Security. His work has received the NDSS 2019 distinguished paper award and the CCS 2022 best paper award runner-up.
报告摘要:
Machine learning has made tremendous progress during the past decade. While improving our daily lives, recent research shows that machine learning models are vulnerable to various security and privacy attacks. In this talk, I will cover our three recent works in this field. First, I will talk about some recent development in membership inference. Second, I will present link stealing attacks against graph neural networks. In the end, I will introduce model hijacking attacks.
报告专家2: 武建亮
报告题目: Securing IoT Systems via Protocol Formal Analysis and Debloating
报告时间:2023年7月20日15:00 – 16:00
专家简介:
Jianliang Wu obtained his Ph.D. degree from Purdue University, advised by Dongyan Xu and Antonio Bianchi. He also works closely with Dave (Jing) Tian. His research interest lies in Systems Security, with a focus on the security and privacy issues caused by the communication between different parties in a system. His research has been published in top-tier security conferences (e.g., S&P and Security) and received the Best Paper Award from WOOT, and was one of the CSAW Applied Research Competition finalists.
报告摘要:
Internet of Things (IoT) devices are now pervasive in our lives. Yet, they face increasing threats caused by security breaches and privacy leaks. Existing approaches to securing IoT devices tend to serve only one of the three main stakeholders of the IoT ecosystem: designer, developer, and user, with little consideration of the interplay between IoT protocol design, implementation, and usage. In this talk, I will describe my research on securing IoT devices, with the goal of bridging the three aspects of IoT protocol security. I will first present my work in bridging protocol design and implementation security, by discovering previously-unknown protocol design vulnerabilities via formal analysis that considers the assumptions of both protocol designers and implementers. I have developed a comprehensive formal model for Bluetooth security protocols, including Bluetooth Classic, Bluetooth Low Energy, and Bluetooth Mesh. To address the challenges arising from protocol complexity, the model adopts a modular design, where it abstracts each step within a protocol into an interface and implements different methods in each step as modules to instantiate the interface. Moreover, the model supports both the Dolev-Yao attack model (assumed by designers) and the semi-compromised device attack model (assumed by developers). My model is able to reveal five known design vulnerabilities as well as two new ones, as acknowledged by the Bluetooth SIG (the standard organization). Then, I will present LightBlue, a tool that “debloats” a Bluetooth protocol stack implementation to reduce its attack surface, driven by specific usage scenarios and functionalities. LightBlue bridges Bluetooth implementation and usage, via full-stack data and control flow analysis for both host code and controller firmware. Applicable to popular platforms, LightBlue is able to remove 20 CVEs and prevent multiple high-profile real attacks. Lastly, I will briefly present my future research plan to achieve IoT security synergistically.
邀请人:郭山清
审核人:魏普文