[InForSec Academic Forum Preview]The 2024 InForSec@BCS International Academic Research Exchange Conference on Cyberspace Security will be held soon. Welcome to register for the conference

In order to promote academic exchanges in cyberspace security research and understand the latest academic developments in international cyberspace security development, the International Academic Forum on Cybersecurity Research (InForSec) will be held on June 6, 2024 (Thursday) during the Beijing Cybersecurity Conference (BCS) “International Academic Research Exchange Conference on Cyberspace Security”.

The theme of this academic research exchange meeting is “Cyber ​​Security Technology Innovation and Application Frontier”. The latest international research results in artificial intelligence security, Internet infrastructure security, electromagnetic security, Internet of Things security and other related fields will be invited to exchange and share scholars' research. Inspiration, experience and understanding in the process.

Theme: Network security technology innovation and application frontier

Time: June 6, 2024 (Thursday) 13:30-17:10

Place: National Convention Center Conference Room 308

host:

International Academic Forum on Cyber ​​Security Research (InForSec)

Undertaken by:

Zhejiang University Intelligent System Security Laboratory (USSLAB)

Tsinghua University (Internet Research Institute)-Qi’anxin Joint Research Center

Co-organized by:

Baidu Security

Qi An Xin Group

Ant Group

InForSec, an international academic forum for network security research

May 22, 2024

Attached:

【Attendance Notice】

1. Registration is required to attend the conference. Please fill in the form according to the registration requirements. If the registration is successful, the conference affairs team will send an invitation letter. Please present the invitation letter to attend the conference. If you do not receive the invitation letter, please contact the conference affairs team (Fu Yufan: 18611943551 Wang Xinlei: 13718411604). For registration details, please scan the QR code at the end of the article;

2. Participants are requested to arrange their own food and accommodation.

Agenda

Speech topics and guest introductions

Zou Deqing, Executive Vice Dean of the School of Cyberspace Security, Huazhong University of Science and Technology

Speech topic: Clone code management and security vulnerability detection in open source communities

abstract:

In recent years, many open source communities such as Open Source China and Code Cloud have emerged in my country, providing developers with a wide range of communication and cooperation platforms, greatly promoting technological innovation and sharing. In the open source community, cloned code refers to similar or identical code fragments generated by copying and pasting during the software development process. The existence of cloned code can improve development efficiency, but it can also lead to difficulties in code maintenance and reduce code quality. Clone vulnerabilities are potential security vulnerabilities introduced by cloned code, which may be exploited by malicious attackers and cause serious security problems. In terms of the maintainability of the open source community, it is crucial to effectively manage and reduce cloned code. As the scale of open source code continues to expand and the semantics of open source code continues to enrich, the core demand for code clone detection technology for the open source community lies in large-scale clone detection and semantic clone detection. The report introduces the team's representative achievements from large-scale clone detection and semantic clone detection respectively; in terms of open source code security, in response to the security issues caused by clone vulnerabilities, the report introduces the representative achievements of the team's large-scale clone vulnerability detection.

Guest introduction:

Zou Deqing, Ph.D., is a second-level professor and doctoral supervisor at Huazhong University of Science and Technology, executive vice president of the Cyberspace Security Institute, legal person and executive deputy director of Wuhan Jinyin Lake Laboratory, president of Wuhan Cyber ​​Security Base School-Enterprise Association, Education He is a member of the Ministry of Cyberspace Security Education Steering Committee and a member of the National Cybersecurity Standardization Technical Committee. Changjiang Scholar Distinguished Professor, National Network Security Outstanding Teacher, and New Century Outstanding Talent of the Ministry of Education. Head of the Hubei Provincial May 4th Medal Collective “Huazhong University of Science and Technology System and Software Security Team”, he has long been conducting research in the direction of cyberspace security such as cloud computing security and software security. He has won 1 first-class technological invention award from the Ministry of Education and Hubei Provincial Science and Technology Progress Award. 2 first prizes and 1 second prize of China Electronics Society Scientific and Technological Progress Award.

Li Bingyu Associate Professor, Beihang University

Speech Topic: Re-examining Certificate Transparency: Public Supervision of Third-Party Monitors

abstract:

Certificate Transparency (CT) has been widely used in Web PKI to detect fake certificates in a timely manner and improve the accountability of CA institutions. However, our preliminary analysis shows that CT Monitor, which provides certificate retrieval and fake certificate monitoring services on the Internet, lacks effective measures to ensure correct results and is at risk of being attacked, which fundamentally weakens the security protection provided by CT. This report will introduce how the team re-examined the CT design and introduced a new component of the CT framework – CT Watcher. Any stakeholder can act as a collaborative participant in checking the certificate retrieval services of multiple third-party monitors, detecting the consistency of the returned results, thereby discovering inappropriateness. Behavior. CT Watcher is committed to implementing lightweight, semi-automatic Monitor certificate monitoring service quality assessment and behavioral fault location analysis. The team deployed and ran the CT Watcher prototype system for nearly 2 months. The experiment involved 8.26 million certificates from about 6,000 domain names. 14 potential design or implementation flaws were detected from the results returned by 6 third-party monitors, proving its effectiveness. It can improve the overall reliability of the CT framework and enhance the credibility of Web PKI.

Guest introduction:

Li Bingyu, PhD, is an associate professor and doctoral supervisor at Beihang University. He received his PhD in Information Security from the University of Chinese Academy of Sciences in 2020. He was selected into the Beihang Young Talent Support Program in 2022. He has been engaged in research related to cryptographic applications such as trust management, network authentication, software supply chain security, and public key infrastructure. He has presided over 7 national and provincial and ministerial projects, and participated in many large-scale scientific research projects at home and abroad; published more than 20 academic papers in top network and information security conferences and journals, including CCS, NDSS, TDSC, TIFS, and IEEE/ACM ToN; led a study on cryptographic industry standards related to PKI transparency; applied for more than 10 invention patents, 5 of which have been authorized (including 2 US patents), realizing the transformation of results; participated in the development of 4 cryptographic devices to obtain the commercial cryptographic product model certificate of the National Cryptography Administration, and realized the export of national cryptographic products overseas.

Liu Mingxuan, Assistant Researcher, Zhongguancun Laboratory

Topic of speech: Research on new abuses of data-driven domain name infrastructure

abstract:

Domain name infrastructure is a core component of the Internet, but it is also often used in various cyberattacks, with significant impact. Therefore, identifying and managing domain name abuse is critical to ensuring network stability and protecting user interests. As network technology continues to advance, criminals are constantly developing new countermeasures, making identifying domain name abuse increasingly complex and difficult. This report will start from a data-driven perspective and combine active detection and passive data analysis to introduce security research on protective domain name resolution services based on domain name threat intelligence, as well as large-scale identification and analysis of new forms of domain name abuse based on massive domain name resolution logs. Results. We hope that these research results will promote in-depth discussions on domain name abuse governance. Relevant research results were published in top academic conferences such as NDSS 2024, USENIX Security 2024, and DSN 2024.

Guest introduction:

Liu Mingxuan is an assistant researcher at Zhongguancun Laboratory. He received his PhD from Tsinghua University in 2023. His main research directions are data-driven Internet infrastructure analysis and cybercrime governance. He is committed to discovering and understanding key security issues in Internet systems through data-oriented security analysis, and designing innovative methods to solve these problems. Recent research has focused on abuse of domain name infrastructure. Currently, he has published 14 papers in well-known international cybersecurity academic and journals such as ACM CCS, NDSS, USENIX Security, IEEE TDSC, etc., won the 2022 EthiCS Best Student Paper Award, and has obtained more than 10 CNVD high-risk vulnerability numbers. The academic research results have achieved certain practical impact, and have received bonuses from many security manufacturers. The research results have been deployed in well-known manufacturers such as Baidu, Tencent, Huawei, and Qi Anxin.

Yan Chen, Associate Researcher, Zhejiang University

Topic of speech: Research on electromagnetic security and privacy issues of sensors

abstract:

Sensors are not only the entrance for electronic information systems to interact with the physical world, but also an important source of sensitive data such as user location information, behavior patterns, and health data. They are widely used in industrial production, infrastructure, smart medical care, and autonomous driving. However, with the rapid development of artificial intelligence technology and electronic information technology, information security and privacy issues caused by electromagnetic vulnerabilities in sensors have become increasingly prominent. Attackers can not only tamper with or evenDirectional control of the measured values ​​of the sensor causes the sensor's “data to be tampered with,” thereby deceiving the recognition results of the artificial intelligence model; it is also possible to recover the sensor's measurement data with the support of artificial intelligence technology by collecting and analyzing the electromagnetic signals radiated outward when the sensor is working. , causing users’ “privacy to be stolen”. This report will introduce the team's research results from the aspects of sensor electromagnetic vulnerability mechanism analysis, electromagnetic attack technology, protection solutions, etc., and share thoughts on subsequent sensor security and privacy design.

Guest introduction:

Yan Chen, PhD, is an associate researcher at Zhejiang University. He received his PhD in control theory and control engineering from Zhejiang University in 2021. His main research direction is Internet of Things security and embedded system security. He has published more than 30 papers, including 17 papers at the “Big Four” international security conferences. He serves as co-vice chairman of USENIX Security 2024, and is a TPC member of ACM CCS, ACM SenSys and other conferences. Reviewer for IEEE TIFS, IEEE TDSC and other journals. He has won the 2021 ACM China Excellent Paper Award, the ACM CCS 2017 Best Paper Award, and was selected into the Tesla Automotive Safety Researchers Hall of Fame.

Wu Haoqi, Ant Group’s lingo algorithm expert

Speech topic: Implementing efficient large model dense state reasoning based on the lingo SPU framework

abstract:

Research on large models is in full swing, and significant progress has been made in the field of dialogue. However, its actual implementation, such as providing inference services and dialogue interfaces (such as ChatGPT), involves potential data leakage risks. In response to this problem, the Ant Group Linguistic SPU team implemented the SPU dense state computing engine based on secure multi-party computation (MPC), providing a feasible solution for large-model secure reasoning that protects data and achieves privacy protection. This speech will share how to implement secure reasoning for large models based on SPU, seamlessly switch from plaintext reasoning to dense state reasoning, and introduce performance optimization methods combined with quantification.

Guest introduction:

Wu Haoqi, an expert on lingo algorithms at Ant Group and a lingo open source SPU Maintainer, focuses on AI algorithm security and is mainly responsible for the research and development of the lingo cryptographic engine SPU. He has submitted more than ten invention patents related to privacy computing. In recent years, he has worked in USENIX ATC, ICML, USENIX Security, ACM CCS, etc. Published relevant papers at well-known international academic conferences. Master of Software Engineering from Fudan University.

Zhou Man, associate researcher at Huazhong University of Science and Technology

Speech title:Research on fingerprint inference based on finger friction sound perception

abstract:

Due to its excellent performance and ease of use, fingerprint recognition has been widely used in contemporary authentication systems. The universality of fingerprint recognition also means that fingerprint leakage may lead to the theft of sensitive user information, causing huge economic losses and personal privacy leaks. As a fingerprint sample that can coincidentally match a specific proportion of user fingerprints, universal fingerprints have sounded the alarm for the security of fingerprint authentication. This report will introduce a new side-channel attack against fingerprint recognition, called PrintListener. It uses the subtle friction sound generated by the user's fingertip sliding on the screen, extracts interpretable audio features through pre-processing such as background noise isolation, signal compensation, friction event detection, and data enhancement, and infers first-level fingerprint features through weighted joint prediction. , and then use the random restart climbing algorithm to synthesize a more targeted universal fingerprint. PrintListener's attack scenarios are widespread and covert, and can record the friction of users' fingertips through a large number of social media platforms. Test results on three fingerprint data sets show that PrintListener can further improve the attack power of universal fingerprints. Under high security settings with a fingerprint authentication error acceptance rate of 0.01%, the attack success rate against complete fingerprints in 5 attempts is 9.3 %, the attack success rate for partial fingerprints is 27.9%. Compared with universal fingerprints, the attack success rate is approximately 2 times higher.

Guest introduction:

Zhou Man is an associate researcher and master's tutor at Huazhong University of Science and Technology. He obtained his bachelor's degree and doctorate degree from Wuhan University in 2016 and 2021 respectively. With the security of mobile smart terminals as the core, we have long been paying attention to various novel identity authentication and perception communication systems using smart terminals as carriers, and studying the security issues therein. Recently, we have focused on research on secure and automatic terminal device identity authentication for all intelligent scenarios. Driving environment perception safety and other directions. In recent years, he has published more than 20 papers in well-known international academic conferences and journals such as ACM CCS, NDSS, ACM MobiCom, IEEE INFOCOM, IEEE TDSC, IEEE TMC, IEEE TIFS, IEEE TWC, and IEEE TCSVT.