文章来源: | 发布时间:2015-12-07 | 【字号: 小 中 大 】 |
题 目:Storage side channel attacks in modern OS and network stacks
报告人:Dr. Zhiyun Qian (University of California, Riverside)
时 间:2015年12月10日(星期四), 下午13:30
地 点:中国科学院信息工程研究所3号楼3224室
Abstract:
In this talk, I will introduce a class of practical storage side channel attacks against the Android OS and the TCP stacks. They lead to significant damage to user privacy, network security, application integrity. The attack in Android allows a background app to infer what the foreground app is doing without requiring any permission. Knowing the state of the foreground app, we are then able to hijack the foreground app and launch phishing attacks to steal sensitive information such as passwords and bank account info. The attack in TCP stacks allows an off-path attacker on the Internet to hijack TCP connections created between a legitimate client and server. For instance, we are able to hijack the browser's connection to facebook and replace it with a phishing login page to steal credentials. Prompted by our work, corresponding vendors (e.g., Checkpoint, Linux kernel) have proposed mitigation solutions and applied patches.
Bio:
Dr. Zhiyun Qian is an assistant professor at University of California, Riverside. His research interest is on system and network security, including Android security, Internet security (e.g., TCP/IP), side-channel security, infrastructure security (e.g., cellular networks). He obtained his Ph.D. degree in Computer Science and Engineering from University of Michigan in 2012.
附件: |
©中国科学院信息工程研究所信息安全国家重点实验室 备案序号:京ICP备12047326-1号 电话:010-82546611 传真:010-82546564 地址:北京市海淀区闵庄路甲89号 100093 |