网络空间安全学院

英文站|

学术交流
当前位置:    首页 > 学术交流 > 学术看板 >    正文
Cache-based Attack and Defense on IoT Systems

日期:2019-07-16                   来源:                   作者:               关注:

报告题目:Cache-based Attack and Defense on IoT Systems

报告人:Ziming Zhao

报告时间:201971915:30-17:30

报告地点:望江研究生楼三区127

报告内容:

While decades of research and deployment, such as stack cookies, W norX, address space layout randomization, etc., have successfully reducedthe attack surface of memory corruptions in IoT systems, a new attacksurface, the CPU caches, has emerged. In particular, cache residentmalware and cache side-channel attacks have shown their destructivepower: 1) cache resident malware evades memory inspection by usingCache-as-RAM techniques to load malicious code only in cache but notin RAM. Leveraging the cache incoherence of mobile and IoT trustedexecutionenvironments (TEE), such as ARM TrustZone, new stealthycache resident malware can even bypass the introspection from thehighest privilege level; 2) cacheside-channel attacks exploit thetime differences between a cache hit and a cache miss to infersensitive information to which attackers otherwise do not have accessto. These attacks are effective in stealing cryptographic keys fromvictim programs and virtual machines, tracing the execution ofprograms, and performing other malicious actions. In this talk, I willdiscuss my recent research on advancing both the attack and defense ofcache resident malware and cache side-channel attacks on mobile andIoT systems.

报告人简介:

Ziming Zhao is an Assistant Professor at Rochester Institute ofTechnology, USA. He directs the CyberspACe securiTy and forensIcs lab(CactiLab, http://cactilab.rit.edu; http://zimingzhao.info). Hereceived his PhD degree in Computer Science from Arizona StateUniversity. His research foci include system and software security,network security, usable and user-centric security, cybercrime andthreat intelligence analytics. His research has led to 50+publications in security conferences and journals, including IEEE S&P,USENIX Security, NDSS, CCS, ACSAC, ESORICS, TISSEC, etc. He was thegeneral co-chair of ACM CODASPY 2018 and co-founder of ACM Workshop onAutomobile Cybersecurity. He is recruiting self-motivated PhD studentsto work on cybersecurity.

欢迎广大师生踊跃参加!

 

网络空间安全学院

2019716

 

关闭