周数 张志聪 徐少文
1 secureTF: A Secure TensorFlow Framework CLARION Sound and Clear Provenance Tracking for Microservice Deployments
Undo Workarounds for Kernel Bugs LightBox: Full-statck Protected Stateful Middlebox at Lightning Speed
2 (Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization Formally Verified Memory Protection for a Commodity Multiprocessor Hypervisor
Iago attacks: why the system call API is a bad untrusted RPC interface Automatic Policy Generation for Inter-Service Access Control of Microservices
BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves
3 KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel Доверя́й, но проверя́й: SFI safety for native-compiled Wasm
Emilia: Catching Iago in Legacy Code CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs
4 C^2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis DOVE: A Data-Oblivious Virtual Environment
ARBITRAR: User-Guided API Misuse Detection A Formally Verified Configuration for Hardware Security Modules in the Cloud
SmashEx: Smashing SGX Enclaves Using Exceptions
5 ExpRace: Exploiting Kernel Races through Raising Interrupts DECAF: Automatic, Adaptive De-bloating and Hardening of COTS Firmware
Blinder: Partition-Oblivious Hierarchical Scheduling Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86
Preventing Use-After-Free Attacks with Fast Forward Allocation SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening

Week 1

Xu

  • CLARION Sound and Clear Provenance Tracking for Microservice Deployments

  • LightBox: Full-statck Protected Stateful Middlebox at Lightning Speed

Zhang

  • secureTF: A Secure TensorFlow Framework
  • Undo Workarounds for Kernel Bugs

Week 2

Xu

  • Formally Verified Memory Protection for a Commodity Multiprocessor Hypervisor
  • Automatic Policy Generation for Inter-Service Access Control of Microservices
  • TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves

Zhang

  • (Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization
  • Iago attacks: why the system call API is a bad untrusted RPC interface
  • BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof

Week 3

Zhang

  • KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel
  • Emilia: Catching Iago in Legacy Code

Xu

  • Доверя́й, но проверя́й: SFI safety for native-compiled Wasm

  • CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs

Week 4

Zhang

  • C^2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis
  • ARBITRAR: User-Guided API Misuse Detection

Xu

  • DOVE: A Data-Oblivious Virtual Environment
  • A Formally Verified Configuration for Hardware Security Modules in the Cloud
  • SmashEx: Smashing SGX Enclaves Using Exceptions

Week 5

Zhang

  • ExpRace: Exploiting Kernel Races through Raising Interrupts
  • Blinder: Partition-Oblivious Hierarchical Scheduling
  • Preventing Use-After-Free Attacks with Fast Forward Allocation

Xu

  • DECAF: Automatic, Adaptive De-bloating and Hardening of COTS Firmware
  • Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86
  • SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening

Waiting List

Firecracker: Lightweight Virtualization for Serverless Applications

Blending Containers and Virtual Machines: A Study of Firecracker and gVisor【对比了gvisor和firecracker】

Chiron: Privacy-preserving Machine Learning as a Service

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data【Chiron的background】

Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services

Towards Application Security on Untrusted Operating Systems

Warmonger: Inflicting Denial-of-Service via Serverless Functions in the Cloud

Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land

Which Privacy and Security Attributes Most Impact Consumers’ Risk Perception and Willingness to Purchase IoT Devices?

技术分享

周数 题目 分享人
6 安全容器架构 徐少文
7 kdump使用和原理 张志聪

技术分享waiting list

  • ARM TrustZone

  • AMD SEV

  • 熔断、幽灵漏洞介绍

  • WASM技术

  • 内核内存分配机制

  • Serverless无服务计算

  • 程序分析方法

  • UEFI

  • Secure boot

进展

列表进行到 CCS 2021的系统安全