Vetting SSL Usage in Applications with SSLINT

Vetting SSL Usage in Applications with SSLINT[1]

作者:Boyuan He (Zhejiang University)

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols have become the security backbone of the Web and Internet today. Many systems including mobile and desktop applications are protected by SSL/TLS protocols against network attacks. However, many vulnerabilities caused by incorrect use of SSL/TLS APIs have been uncovered in recent years. Such vulnerabilities, many of which are caused due to poor API design and inexperience of application developers, often lead to confidential data leakage or man-in-the-middle attacks.

Continue reading

Anonymous Communication

作者:Xinwen Fu(Department of Computer Science University of Massachusetts Lowell)

Anonymity protects the identity of a participant in a networked application. Sender anonymity protects the identity of the sender. Anonymous web browsing is such an application. Receiver anonymity protects the identity of the receiver. Broadcasting achieves receiver anonymity. Mutual anonymity guarantees that both parties of a communication remain anonymous to each other. Tor’s hidden service provides mutual anonymity [1]. One popular strategy for anonymity is pseudonyms. However, pseudonyms alone cannot achieve anonymity since traceback strategies can be applied to trace communication traffic from a pseudonym to the origin, the entity with that pseudonym. Continue reading

Killed by Proxy: Analyzing Client-end TLS Interception Software

Killed by Proxy: Analyzing Client-end TLS Interception Software [1]

Summarized by Mohammad Mannan

To filter SSL-protected traffic, some antivirus and parental-control applications interpose a SSL proxy in the middle of the host’s communications. However, the use of such a proxy may weaken TLS security in several ways, including:

Continue reading

InForSec2016年“网络空间安全”大学生夏令营暨国际XCTF总决赛现场活动

一,活动简介:

网络安全研究国际学术论坛(InForSec)将于2016年7月17日至18日在北京举办“网络空间安全大学生夏令营”活动。夏令营将通过招生导师及实验室介绍、导师面谈交流、参观实验室与知名企业等形式促进中国高校网络空间安全专业大学生的互动交流,增强科研兴趣,拓展学术视野,明确研究和工作方向。 Continue reading

Using Hardware Features for Increased Debugging Transparency

Using Hardware Features for Increased Debugging Transparency [1]

 

作者:Fengwei Zhang (Wayne State University)

With the rapid proliferation of malware attacks on the Internet, understanding these malicious behaviors plays a critical role in crafting effective defense. Advanced malware analysis relies on virtualization or emulation technology to run samples in a confined environment, and to analyze malicious activities by instrumenting code execution. However, virtual machines and emulators inevitably create artifacts in the execution environment, making these approaches vulnerable to detection or subversion [2].

Continue reading

网安国际学术论坛在西安电子科技大学举办学术讲座

  李晖、顾国飞、王晓峰、张玉清分别做学术报告,并探讨如何开展学术研究工作

网安国际讯 2016年5月29日,网安国际论坛InForSec在西安电子科技大学举办学术讲座。此次学术论坛由西安电子科技大学主办,西安电子科技大学网络与信息安全学院执行院长李晖、美国德州农工大学(TAMU)计算机科学与工程系副教授顾国飞、美国印第安纳大学教授王晓峰、中科院国家计算机网络入侵防范中心主任张玉清分别做了精彩报告。学术讲座由清华大学网络科学与网络空间安全研究院段海新教授主持。

Continue reading