| 周数 | 张志聪 | 徐少文 |
|---|---|---|
| 1 | secureTF: A Secure TensorFlow Framework | CLARION Sound and Clear Provenance Tracking for Microservice Deployments |
| Undo Workarounds for Kernel Bugs | LightBox: Full-statck Protected Stateful Middlebox at Lightning Speed | |
| 2 | (Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization | Formally Verified Memory Protection for a Commodity Multiprocessor Hypervisor |
| Iago attacks: why the system call API is a bad untrusted RPC interface | Automatic Policy Generation for Inter-Service Access Control of Microservices | |
| BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof | TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves | |
| 3 | KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel | Доверя́й, но проверя́й: SFI safety for native-compiled Wasm |
| Emilia: Catching Iago in Legacy Code | CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs | |
| 4 | C^2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis | DOVE: A Data-Oblivious Virtual Environment |
| ARBITRAR: User-Guided API Misuse Detection | A Formally Verified Configuration for Hardware Security Modules in the Cloud | |
| SmashEx: Smashing SGX Enclaves Using Exceptions | ||
| 5 | ExpRace: Exploiting Kernel Races through Raising Interrupts | DECAF: Automatic, Adaptive De-bloating and Hardening of COTS Firmware |
| Blinder: Partition-Oblivious Hierarchical Scheduling | Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86 | |
| Preventing Use-After-Free Attacks with Fast Forward Allocation | SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening |
-
CLARION Sound and Clear Provenance Tracking for Microservice Deployments
-
LightBox: Full-statck Protected Stateful Middlebox at Lightning Speed
- secureTF: A Secure TensorFlow Framework
- Undo Workarounds for Kernel Bugs
- Formally Verified Memory Protection for a Commodity Multiprocessor Hypervisor
- Automatic Policy Generation for Inter-Service Access Control of Microservices
- TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves
- (Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization
- Iago attacks: why the system call API is a bad untrusted RPC interface
- BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof
- KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel
- Emilia: Catching Iago in Legacy Code
-
Доверя́й, но проверя́й: SFI safety for native-compiled Wasm
-
CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs
- C^2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis
- ARBITRAR: User-Guided API Misuse Detection
- DOVE: A Data-Oblivious Virtual Environment
- A Formally Verified Configuration for Hardware Security Modules in the Cloud
- SmashEx: Smashing SGX Enclaves Using Exceptions
- ExpRace: Exploiting Kernel Races through Raising Interrupts
- Blinder: Partition-Oblivious Hierarchical Scheduling
- Preventing Use-After-Free Attacks with Fast Forward Allocation
- DECAF: Automatic, Adaptive De-bloating and Hardening of COTS Firmware
- Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86
- SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening
Firecracker: Lightweight Virtualization for Serverless Applications
Blending Containers and Virtual Machines: A Study of Firecracker and gVisor【对比了gvisor和firecracker】
Chiron: Privacy-preserving Machine Learning as a Service
Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data【Chiron的background】
Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services
Towards Application Security on Untrusted Operating Systems
Warmonger: Inflicting Denial-of-Service via Serverless Functions in the Cloud
Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land
Which Privacy and Security Attributes Most Impact Consumers’ Risk Perception and Willingness to Purchase IoT Devices?
| 周数 | 题目 | 分享人 |
|---|---|---|
| 6 | 安全容器架构 | 徐少文 |
| 7 | kdump使用和原理 | 张志聪 |
-
ARM TrustZone
-
AMD SEV
-
熔断、幽灵漏洞介绍
-
WASM技术
-
内核内存分配机制
-
Serverless无服务计算
-
程序分析方法
-
UEFI
-
Secure boot
列表进行到 CCS 2021的系统安全