来源:软件工程学院

3月26日:陈恺&周俊&肖亮&刘翔宇

来源:华东师范大学软件工程学院发布时间:2021-03-22浏览次数:4756

报告一:陈恺

报告题目:智能化漏洞检测与Skill的恶意行为分析

报告人:陈恺 研究员  中国科学院大学

主持人:张磊 研究员

报告时间:2021326  14:10 - 14:50

报告地点:腾讯会议(ID:640 192 500,密码:202103)

报告摘要:Recently, AI techniques have shown great potential to strengthen the capability of traditional software analysis approaches. This talk will show how deep learning facilitates software testing and how NLP helps to analyze voice apps (skills). Firstly, we talk about fuzzing. Recently, directed grey-box fuzzing (DGF) becomes popular in the field of software testing. We propose a deep-learning-based approach to predict the reachability of inputs (i.e., miss the target or not) before executing the target program, helping DGF filtering out the unreachable ones to boost the performance of fuzzing. Evaluations on 45 real vulnerabilities show that FuzzGuard boosts the fuzzing efficiency of the vanilla AFLGo up to 17.1×. Secondly, we talk about skills. Smart speakers have been popularly used worldwide, mainly due to the convenience brought from the virtual personal assistant (VPA) which offers interactive actions through the convenient voice commands from users. However, to the best of our knowledge, there is no prior research that systematically explores the interaction behaviors of skills, mainly due to the challenges in handling skills' inputs/outputs in natural languages. We propose a systematic study on behaviors of skills and finds thousands of suspicious skills.

报告人简介:陈恺,男,博士。中国科学院信息工程研究所,研究员、博士生导师,中国科学院大学教授。信息安全国家重点实验室副主任,《信息安全学报》编辑部主任。中国计算机学会系统软件专委会常委。主要研究领域包括软件与系统安全、人工智能安全。在S&P、USENIX Security、CCS等高水平会议期刊发表论文100余篇;曾主持国家自然科学基金重点项目等40余项。入选国家“万人计划”青年拔尖人才、北京市“杰青”、北京市智源青年科学家等

 

报告二:周俊

报告题目:云计算的轻量级数据隐私保护新方法

报告人:周俊 副教授  华东师范大学

主持人:张磊 研究员

报告时间:2021326  14:50 - 15:30

报告地点:腾讯会议(ID:640 192 500,密码:202103)

报告摘要:当前,云计算中用户数据隐私保护多是通过数据扰动或公钥全同态加密技术来实现,但无法同时满足云计算对资源受限用户的高效性、计算结果的正确性及各类数据隐私保护的要求。本报告将介绍不依赖公钥全同态加密技术,通过减少公钥加密/解密次数(最优时一次),构建面向大数据的计算轻量级数据隐私保护新型密码原语:单密钥(单用户)和多密钥(多用户)全同态数据封装机制。并在此基础上,尝试解决基于物联网的多种新兴网络应用服务(如:隐私保护的数据聚合、隐私保护的模式匹配、隐私保护的推荐系统等)中的数据隐私保护轻量化应用密码学问题

报告人简介:周俊,华东师范大学密码与网络安全系副教授,毕业于上海交通大学计算机科学与工程系,获工学博士学位。主要研究方向:公钥密码学、云计算安全、人工智能安全与大数据隐私保护等,主要工作以第一作者或通讯作者在国际密码或安全领域权威期刊或会议上发表20余篇,包括IEEE TDSC、IEEE TIFS、IEEE TPDS、IEEE TCC、IEEE JSTSP、IEEE IoT Journal、INFOCOM、ESORICS、ICDCS、IEEE Commun. Magazine等项目“密码算法若干关键问题研究”获2016年度党政密码科学技术进步二等奖(省部级、排名第二);项目“云安全的关键理论与方法研究”获2018年度教育部自然科学一等奖(省部级、排名第五);外包系统安全与隐私的关键问题研究2016年度ACM上海分部优秀博士学位论文奖。应邀担任了多个国际密码与安全领域权威期刊或会议的程序委员会委员、客座编辑和审稿人

 

报告三:肖亮

报告题目:基于强化学习的无人机抗干扰通信技术研究

报告人:肖亮 教授  厦门大学

主持人:张磊 研究员

报告时间:2021326  15:40 - 16:20

报告地点:腾讯会议(ID:640 192 500,密码:202103)

报告摘要:Wireless communication systems have to resist smart jammers that apply machine learning to choose their jamming channels and powers based on the estimated ongoing network states. In this talk, we present an unmanned aerial vehicle (UAV) aided secure communication framework against jamming, in which UAVs use reinforcement learning to select their relay policy for mobile users attacked by smart jammers. More specifically, each UAV applies reinforcement learning to help wireless systems resist smart jamming without knowing their network topology, the message generation model, the server computation model and jamming model based on the previous anti-jamming relay experiences and the observed current communication status. This scheme enables the wireless system to converge to the optimal performance in terms of the bit error rate and the UAV energy consumption after sufficient relay experiences. Simulation results show that this scheme can reduce the bit error rate and save the UAV energy consumption in comparison with the benchmark.

报告人简介:肖亮,厦门大学信息学院教授、网络空间安全系主任,从事无线通信安全等方向的研究。出版5部英文学术专著/章节,获得ICC等6个国际会议最佳论文奖、中国通信学会青年科技奖。担任7个国际SCI期刊和《中国通信》等3个国内期刊编委。美国Rutgers大学电子与计算机工程系博士,普林斯顿大学访学。

 

报告四:刘翔宇

报告题目:紧致安全且显示认证的两步认证密钥交换协议

报告人:刘翔宇 博士生  上海交通大学

主持人:张磊 研究员

报告时间:2021326  16:20 - 17:00

报告地点:腾讯会议(ID:640 192 500,密码:202103)

报告摘要:Authenticated Key Exchange (AKE) is the most widely used technique of cryptography on the Internet. It allows two parties to obtain a pseudorandom session key after sever rounds of interactions, which can be used to build secure channels later. Existing AKE protocols with tight security all need three passes. We propose a generic construction of 2-pass authenticated key exchange (AKE) scheme with explicit authentication from key encapsulation mechanism (KEM) and signature (SIG) schemes. We improve the security model due to Gjøsteen and Jager [Crypto2018] to a stronger one to prevent replay attacks. We define a new security notion named IND-mCPA with adaptive reveals" for KEM. When the underlying KEM has such a security and SIG has unforgeability with adaptive corruptions, our construction of AKE is secure in the strong model. We also present a KEM possessing tight IND-mCPA security with adaptive reveals security from the Computation Diffie-Hellman assumption in the random oracle model. At last, we present two concrete instantiations in the random oracle and the standard model, respectively, and achieve 2-Pass AKE with explicit authentication and tight security for the first time.

报告人简介:刘翔宇,男,海交通大学计算机系博士三年级,主要研究兴趣为公钥密码学,尤其是密钥交换协议,其有关密钥交换协议的研究成果发表在AISACRYPT 2020上。