報告題目:Cache-based Attack and Defense on IoT Systems
報告人:Ziming Zhao
報告時間:2019年7月19日15:30-17:30
報告地點:望江研究生樓三區(qū)127
報告內(nèi)容:
While decades of research and deployment, such as stack cookies, W norX, address space layout randomization, etc., have successfully reducedthe attack surface of memory corruptions in IoT systems, a new attacksurface, the CPU caches, has emerged. In particular, cache residentmalware and cache side-channel attacks have shown their destructivepower: 1) cache resident malware evades memory inspection by usingCache-as-RAM techniques to load malicious code only in cache but notin RAM. Leveraging the cache incoherence of mobile and IoT trustedexecutionenvironments (TEE), such as ARM TrustZone, new stealthycache resident malware can even bypass the introspection from thehighest privilege level; 2) cacheside-channel attacks exploit thetime differences between a cache hit and a cache miss to infersensitive information to which attackers otherwise do not have accessto. These attacks are effective in stealing cryptographic keys fromvictim programs and virtual machines, tracing the execution ofprograms, and performing other malicious actions. In this talk, I willdiscuss my recent research on advancing both the attack and defense ofcache resident malware and cache side-channel attacks on mobile andIoT systems.
報告人簡介:
Ziming Zhao is an Assistant Professor at Rochester Institute ofTechnology, USA. He directs the CyberspACe securiTy and forensIcs lab(CactiLab, http://cactilab.rit.edu; http://zimingzhao.info). Hereceived his PhD degree in Computer Science from Arizona StateUniversity. His research foci include system and software security,network security, usable and user-centric security, cybercrime andthreat intelligence analytics. His research has led to 50+publications in security conferences and journals, including IEEE S&P,USENIX Security, NDSS, CCS, ACSAC, ESORICS, TISSEC, etc. He was thegeneral co-chair of ACM CODASPY 2018 and co-founder of ACM Workshop onAutomobile Cybersecurity. He is recruiting self-motivated PhD studentsto work on cybersecurity.
歡迎廣大師生踴躍參加�!
永利yl23411官網(wǎng)
2019年7月16日
當(dāng)前位置: