|专家报告||李晓宁 阿里云安全架构师||NEVER LET YOUR GUARD DOWN: FINDING UNGUARDED GATES TO BYPASS CONTROL FLOW GUARD WITH BIG DATA|
|专家报告||梁振凯 新加坡国立大学教授||Open and Intelligent Binary Analysis|
|专家报告||时磊 中科院软件所软件智能分析协同创新团队副研究员||Visual Analytics and Its Applications to Software Anomaly Detection|
1、 演讲嘉宾：李晓宁 阿里云安全架构师
演讲主题：NEVER LET YOUR GUARD DOWN: FINDING UNGUARDED GATES TO BYPASS CONTROL FLOW GUARD WITH BIG DATA
Control Flow Guard (CFG) is a security mechanism to prevent indirect branches (indirect call/jmp) to redirect control flow to unexpected locations. It was originally released by Microsoft with Windows 8.1 and currently implemented in Window 10 as an enhanced security feature. CFG works by inserting a control-flow check-function before each critical indirect branch at compiling time, while the check-function will validate the target address using CFG bitmap at runtime.
Although there have been multiple updates of CFG which fixed most of the vulnerabilities reported, our study is able to find more weak spots that can lead to CFG’s bypass under the most recently updated Windows 10, using a very efficient tool set we developed.
We use performance-monitor-unit (PMU) based instrumentation tool to collect the context information of all indirect calls at runtime by triggering interrupt when each indirect call takes place. Then SPARK-based big data approach is used for data screening and analysis.
In summary, with such method and toolset, we are able to find multiple vulnerabilities that can lead to CFG’s bypass in different applications running under Windows 10. This talk will present not only the results, but also the methodology and tools used to find such vulnerabilities.
Xiaoning Li is chief security architect at Alibaba cloud and previously worked as security research and architect at Intel labs focused on analyzing/detecting/preventing 0 day/malware with existing/new processor features. For the past 10+ years, his work has been focusing on both hardware/software security system co-design and advanced threat research. Xiaoning holds 20+ grant/filling patents in security areas including processor/system security and has published more than 20+ conference/invited talks including BlackHat, CanSecWest, ShmooCon, Source etc.
2、 演讲嘉宾：梁振凯 新加坡国立大学教授
演讲主题：Open and Intelligent Binary Analysis
内容摘要：Binary analysis helps to understand binary programs and make connections about program behaviors. It is a fundamental technique for system security. However, the advancement of binary analysis techniques cannot match the pace at which attacks are evolving in sophistication. We examine the challenges faced by binary analysis and new potentials of binary analysis to address the challenges. In particular, we focus on the dimensions of openness and intelligence. To make better reasoning about security problems, binary analysis tools need better interoperability. We discuss the difficulty faced in our research and the need for an open architecture. Meanwhile, machine-learning techniques have shown their potential in understanding binaries. We will examine the potential and limitations of adopting such techniques in binary analysis.
Zhenkai Liang is an Associate Professor of the School of Computing, National University of Singapore. His main research interests are in system and software security, web security, mobile security, and program analysis. He has served as the technical program committee members of many system security conferences, including the ACM Conference on Computer and Communications Security (CCS), USENIX Security Symposium and the Network and Distributed System Security Symposium (NDSS). He is also an associate editor of the IEEE Transaction on Dependable and Secure Computing. As a co-author, he received the Best Paper Award in ICECCS 2014, the Best Paper Award in W2SP 2014, the ACM SIGSOFT Distinguished Paper Award at ESEC/FSE 2009, the Best Paper Award at USENIX Security Symposium 2007, and the Outstanding Paper Award at ACSAC 2003. He also won the Annual Teaching Excellence Award of NUS in 2014 and 2015. He received his Ph.D. degree in Computer Science from Stony Brook University in 2006, and B.S. degrees in Computer Science and Economics from Peking University in 1999.
3、 演讲嘉宾：时磊 中科院软件所软件智能分析协同创新团队副研究员
演讲主题：Visual Analytics and Its Applications to Software Anomaly Detection
Visual analytics is an interdisciplinary research area blending information science, graphic design, software engineering, and human-computer interaction. The fundamental methodology is to bridge the cutting edge computational data analysis techniques (e.g., machine learning and data mining) with the gifted analytics capability of human through intuitive and interactive visualization interfaces. In the past decade, the prolific research outputs in this area have demonstrated its success in solving “hard” data analysis problems, notably, the exploratory analysis task over big and complex data sets. On the other hand, anomaly detection is known as a generic research problem in many domains, whose goal is to find patterns in data that do not conform to normal behaviors. Anomaly detection is hard mainly because there is often no well-defined model of normality and the potential states to check grow exponentially in number as the scope of anomaly detection expands. In many ways, visual analytics based methods have shown their superiority than both algorithm-only and visualization-only solutions. In this talk, after brief introductions on visual analytics and anomaly detection, I will focus on the application of visual analytics techniques to software anomaly detection in domains such as Internet of Things, social media and security. Several real-life examples are described to illustrate the effectiveness of this technique. Future directions are also discussed.
Lei Shi is an associate research professor in the State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences. Before that, he was a research staff member and research manager at IBM Research – China. He holds B.S. (2003), M.S. (2006) and Ph.D. (2008) degrees from Department of Computer Science and Technology, Tsinghua University. His research interests span Information Visualization, Visual Analytics, Data Mining and Networked Systems, with more than 70 papers published in interdisciplinary venues, such as IEEE TVCG, TC, VIS, ICDM, Infocom, ACM Sigcomm and CSCW. He is the recipient of IBM Research Accomplishment Award on “Visual Analytics” and the IEEE VAST Challenge Award twice in 2010 and 2012.