报告人:陈恺 研究员  中国科学院大学

主持人:张磊 研究员

报告时间:2021326  14:10 - 14:50

报告地点:腾讯会议(ID:640 192 500,密码:202103)

报告摘要:Recently, AI techniques have shown great potential to strengthen the capability of traditional software analysis approaches. This talk will show how deep learning facilitates software testing and how NLP helps to analyze voice apps (skills). Firstly, we talk about fuzzing. Recently, directed grey-box fuzzing (DGF) becomes popular in the field of software testing. We propose a deep-learning-based approach to predict the reachability of inputs (i.e., miss the target or not) before executing the target program, helping DGF filtering out the unreachable ones to boost the performance of fuzzing. Evaluations on 45 real vulnerabilities show that FuzzGuard boosts the fuzzing efficiency of the vanilla AFLGo up to 17.1×. Secondly, we talk about skills. Smart speakers have been popularly used worldwide, mainly due to the convenience brought from the virtual personal assistant (VPA) which offers interactive actions through the convenient voice commands from users. However, to the best of our knowledge, there is no prior research that systematically explores the interaction behaviors of skills, mainly due to the challenges in handling skills' inputs/outputs in natural languages. We propose a systematic study on behaviors of skills and finds thousands of suspicious skills.

报告人简介:陈恺,男,博士。中国科学院信息工程研究所,研究员、博士生导师,中国科学院大学教授。信息安全国家重点实验室副主任,《信息安全学报》编辑部主任。中国计算机学会系统软件专委会常委。主要研究领域包括软件与系统安全、人工智能安全。在S&P、USENIX Security、CCS等高水平会议期刊发表论文100余篇;曾主持国家自然科学基金重点项目等40余项。入选国家“万人计划”青年拔尖人才、北京市“杰青”、北京市智源青年科学家等




报告人:周俊 副教授  华东师范大学

主持人:张磊 研究员

报告时间:2021326  14:50 - 15:30

报告地点:腾讯会议(ID:640 192 500,密码:202103)


报告人简介:周俊,华东师范大学密码与网络安全系副教授,毕业于上海交通大学计算机科学与工程系,获工学博士学位。主要研究方向:公钥密码学、云计算安全、人工智能安全与大数据隐私保护等,主要工作以第一作者或通讯作者在国际密码或安全领域权威期刊或会议上发表20余篇,包括IEEE TDSC、IEEE TIFS、IEEE TPDS、IEEE TCC、IEEE JSTSP、IEEE IoT Journal、INFOCOM、ESORICS、ICDCS、IEEE Commun. Magazine等项目“密码算法若干关键问题研究”获2016年度党政密码科学技术进步二等奖(省部级、排名第二);项目“云安全的关键理论与方法研究”获2018年度教育部自然科学一等奖(省部级、排名第五);外包系统安全与隐私的关键问题研究2016年度ACM上海分部优秀博士学位论文奖。应邀担任了多个国际密码与安全领域权威期刊或会议的程序委员会委员、客座编辑和审稿人




报告人:肖亮 教授  厦门大学

主持人:张磊 研究员

报告时间:2021326  15:40 - 16:20

报告地点:腾讯会议(ID:640 192 500,密码:202103)

报告摘要:Wireless communication systems have to resist smart jammers that apply machine learning to choose their jamming channels and powers based on the estimated ongoing network states. In this talk, we present an unmanned aerial vehicle (UAV) aided secure communication framework against jamming, in which UAVs use reinforcement learning to select their relay policy for mobile users attacked by smart jammers. More specifically, each UAV applies reinforcement learning to help wireless systems resist smart jamming without knowing their network topology, the message generation model, the server computation model and jamming model based on the previous anti-jamming relay experiences and the observed current communication status. This scheme enables the wireless system to converge to the optimal performance in terms of the bit error rate and the UAV energy consumption after sufficient relay experiences. Simulation results show that this scheme can reduce the bit error rate and save the UAV energy consumption in comparison with the benchmark.





报告人:刘翔宇 博士生  上海交通大学

主持人:张磊 研究员

报告时间:2021326  16:20 - 17:00

报告地点:腾讯会议(ID:640 192 500,密码:202103)

报告摘要:Authenticated Key Exchange (AKE) is the most widely used technique of cryptography on the Internet. It allows two parties to obtain a pseudorandom session key after sever rounds of interactions, which can be used to build secure channels later. Existing AKE protocols with tight security all need three passes. We propose a generic construction of 2-pass authenticated key exchange (AKE) scheme with explicit authentication from key encapsulation mechanism (KEM) and signature (SIG) schemes. We improve the security model due to Gjøsteen and Jager [Crypto2018] to a stronger one to prevent replay attacks. We define a new security notion named IND-mCPA with adaptive reveals" for KEM. When the underlying KEM has such a security and SIG has unforgeability with adaptive corruptions, our construction of AKE is secure in the strong model. We also present a KEM possessing tight IND-mCPA security with adaptive reveals security from the Computation Diffie-Hellman assumption in the random oracle model. At last, we present two concrete instantiations in the random oracle and the standard model, respectively, and achieve 2-Pass AKE with explicit authentication and tight security for the first time.

报告人简介:刘翔宇,男,海交通大学计算机系博士三年级,主要研究兴趣为公钥密码学,尤其是密钥交换协议,其有关密钥交换协议的研究成果发表在AISACRYPT 2020上。


