“软件智能分析”学术沙龙第三次活动将于2017年8月21日（星期一）下午两点半在中国科学院软件研究所5号楼334会议室举行。本次活动由中国科学院软件研究所软件智能分析协同创新团队和InForSec网安国际学术论坛共同举办，有幸邀请到了来自美国加州大学伯克利分校的“MacAuthur天才奖”“世界杰出青年创新家”等奖项获得者、国际四大安全会议论文数第一的Dawn Song教授，以及来自美国加州大学河滨分校的学术新星Chengyu Song博士，两位顶尖学者将带来精彩报告，分别介绍AI与安全的相辅相成、实用化防护方案的最新进展等。报告将通过InForSec论坛网上实时转播，敬请关注。
|14:30–15:30||学术报告||Dawn Song||AI and Security: lessons, challenges and future directions|
|15:30–16:30||学术报告||Chengyu Song||Efficient Protection of Path-Sensitive Control Security|
题目: AI and Security: lessons, challenges and future directions
In this talk, I will talk about challenges and exciting new opportunities at the intersection of AI and Security, how AI and deep learning can enable better security, and how Security can enable better AI. In particular, I will talk about secure deep learning and challenges and approaches to ensure the integrity of decisions made by deep learning. I will also give an overview on our work on using program analysis and transformation techniques to enable privacy-preserving data analytics and machine learning. I will also talk about how we can use deep learning for vulnerability detection. Finally, I will conclude with future directions at the intersection of AI and Security.
Dawn Song is a Professor in the Department of Electrical Engineering and Computer Science at UC Berkeley. Her research interest lies in deep learning and security. She has studied diverse security and privacy issues in computer systems and networks, including areas ranging from software security, networking security, database security, distributed systems security, applied cryptography, to the intersection of machine learning and security. She is the recipient of various awards including the MacArthur Fellowship, the Guggenheim Fellowship, the NSF CAREER Award, the Alfred P. Sloan Research Fellowship, the MIT Technology Review TR-35 Award, the George Tallman Ladd Research Award, the Okawa Foundation Research Award, the Li Ka Shing Foundation Women in Science Distinguished Lecture Series Award, the Faculty Research Award from IBM, Google and other major tech companies, and Best Paper Awards from top conferences. She obtained her Ph.D. degree from UC Berkeley. Prior to joining UC Berkeley as a faculty, she was a faculty at Carnegie Mellon University from 2002 to 2007.
题目: Efficient Protection of Path-Sensitive Control Security
Control-Flow Integrity (CFI), as a means to prevent control-flow hijacking attacks, enforces that each instruction transfers control to an address in a set of valid targets. The security guarantee of CFI thus depends on the definition of valid targets, which conventionally are defined as the result of a static analysis. Unfortunately, previous research has demonstrated that such a definition, and thus any implementation that enforces it, still allows practical control-flow attacks.
In this work, we present a path-sensitive variation of CFI that utilizes runtime path-sensitive point-to analysis to compute the legitimate control transfer targets. We have designed and implemented a runtime environment, PittyPat, that enforces path-sensitive CFI efficiently by combining commodity, low-overhead hardware monitoring and a novel runtime points-to analysis. Our formal analysis and empirical evaluation demonstrate that, compared to CFI based on static analysis, PittyPat ensures that applications satisfy stronger security guarantees, with acceptable overhead for security-critical contexts.
Chengyu Song is an Assistant Professor at the Computer Science and Engineering department of UC Riverside. His primary research interests are system and software security. He received his PhD from Georgia Tech supervised by Prof. Wenke Lee and Prof. Taesoo Kim. He has published 14 papers in top security and system conferences. One of his co-authored paper won the 2015 Internet defense prize ($100k) and another one won the CSAW’15 best applied security research paper. He received his M.Eng. and B.S. from Peking University in 2010 and 2007.
中国科学院软件研究所于2016年12月，经学术委员会论证成立了“软件智能分析”协同创新团队（Collaborative Research Group on Intelligent Software Analysis，ISA Group），该团队联合了所内可信计算与信息保障实验室、计算机科学国家重点实验室等多个部门的软件分析、软件基础理论、大数据分析等方面的科研人员，是一个跨部门的协同创新队伍。该团队将面向软件深度分析需求，探索新的方法和技术，提升软件分析能力。