|9:00 – 12:00||主持人：苏璞睿 中科院软件所研究员|
|9:00 – 10:00||专家报告||尹恒||Towards Scalable and Accurate Cross-Architecture Binary Code Search|
|10:00 – 11:00||专家报告||贾相堃||Towards Efficient Heap Overflow Discovery|
|11:00 – 12:00||专家报告||李康||Thoughts about Evaluating Autonomous Hacking|
演讲主题：Towards Scalable and Accurate Cross-Architecture Binary Code Search
内容摘要：Given a binary code function, we would like to quickly find a set of binary code functions that are semantically equivalent or similar to it. These functions may come from different architectures and platforms. This problem is known as cross-architecture binary code search, and has many security applications, such as plagiarism detection, malware detection, vulnerability search. Recent studies have demonstrated that control-flow graph (CFG) based binary code search techniques can be effective and accurate across different architectures. However, these CFG-based binary code search approaches are far from being scalable, due to their expensive graph matching overhead. Inspired by rich experience in image and video search, we propose a codebook based search scheme which addresses the scalability challenge and further improves search accuracy. Unlike existing techniques that directly conduct searches based upon raw features (CFGs) from the binary code, we convert the CFGs into high-level numeric feature vectors. Compared with the CFG feature, high-level numeric feature vectors are more robust to code variation across different architectures, and can easily achieve realtime search by using state-of-the-art hashing techniques. To further improve the search accuracy and encoding efficiency, we propose a deep neural network based approach, which outperforms the state-of-the-art approaches by large margins with respect to accuracy. Further, this deep learning based approach can speed up prior art’s encoding time by 3 to 4 orders of magnitude and reduce the required training time from more than 1 week down to 30 minutes to 10 hours.
嘉宾简介：Dr. Heng Yin is an associate professor in the department of Computer Science and Engineering at University of California, Riverside. He obtained his PhD degree from College of William and Mary in 2009, and MS and BS from Huazhong University of Science and Technology in 2002 and 1999. His research interests lie in computer security, with emphasis on binary code analysis. His publications appear in top-notch technical conferences and journals, such as ACM CCS, USENIX Security, NDSS, TSE,TDSC, etc. His research is sponsored by National Science Foundation(NSF), Defense Advanced Research Projects Agency (DARPA), Air Force Office of Scientific Research (AFOSR), and Office of Navy Research (ONR). In 2011, he received prestigious NSF Career award. He was the technical co-lead of CodeJitsu, one of the seven finalists in DARPA Cyber Grand Challenge.
演讲主题：Towards Efficient Heap Overflow Discovery
内容摘要：Heap overflow is a prevalent memory corruption vulnerability, playing an important role in recent attacks. Finding such vulnerabilities in applications is thus critical for security. Many state-of-art solutions focus on runtime detection, requiring abundant inputs to explore program paths in order to reach a high code coverage and luckily trigger security violations. It is likely that the inputs being tested could exercise vulnerable program paths, but fail to trigger (and thus miss) vulnerabilities in these paths. Moreover, these solutions may also miss heap vulnerabilities due to incomplete vulnerability models. We propose a new solution HOTracer to discover potential heap vulnerabilities. We model heap overflows as spatial inconsistencies between heap allocation and heap access operations, and perform an in-depth offline analysis on representative program execution traces to identify heap overflows. Combining with several optimizations, it could efficiently find heap overflows that are hard to trigger in binary programs.
演讲者简介：贾相堃，中科院软件所软件智能分析协同创新团队博士生，研究方向系统和软件安全、二进制逆向分析、漏洞挖掘和分析等。曾对多款常用软件进行分析，挖掘出未知漏洞47个，获得2个CVE漏洞编号，并获得厂商的奖励和感谢。论文《Towards Efficient Heap Overflow Discovery》被USENIX Security 2017录用。
演讲主题：Thoughts about Evaluating Autonomous Hacking
内容摘要：The recent CTF competitions between human and machines have brought a hype of combining artificial intelligence with cyber security tasks. Autonomous hacking is a noticeable one of such AI and security fusion. Although autonomous hacking has been considered as a research goal by DARPA and other research agencies, it is still unclear how to systematically evaluate autonomous hacking capabilities, and thus it is hard to define the success and progress of autonomous hacking.
In order to consider systematic methods to evaluate autonomous hacking, the speaker first attempts to define hacking as an unique programming activity — coding on unintended computing artifacts. Consequently, fully autonomous hacking becomes computing artifact discovery along with autonomous programming over these artifacts. The breaking down of tasks allow us to consider realistic evaluation metrics for individual hacking tasks, such as measuring vulnerability discovery efficiency and exploitation generation capability. Whereas, wholistic evaluation of a complete autonomous systems is considered more challenging and difficulty to design. Based on a few initial effort of developing and testing autonomous hacking platforms, the speaker summarizes the current evaluation practice and limitations, and the speaker advocates for a deeper discussion about how to setup platforms to evaluate autonomous hacking capabilities.
嘉宾简介：Kang Li is a Professor of Computer Science at the University of Georgia and the Director of Georgia Institute for Cyber Security and Privacy. Dr. Li received a B.S. degree in computer science from Tsinghua University, a Master of Legal Study from Yale Law School, and a Ph.D in computer science and engineering from Oregon Graduate Institute at Portland, Oregon. Professor Kang Li’s research interests are in the areas of Computer Systems, Networking, and Cyber Security. His research results have been published at academic venues, such as IEEE S&P, ACM CCS and NDSS, as well as industrial meetings, such as BlackHat, SyScan, and ShmooCon. Dr. Kang Li is the founder and mentor of multiple CTF security teams, including SecDawg and Blue-Lotus. He was the leader and player of Team Disekt, one of the finalist teams in DARPA Cyber Grand Challenge.