Page Not Found
Page not found. Your pixels are in another canvas.
Sitemap
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Pages
Homepage
About me
Page not in menu
This is a page not in th emain menu
Posts
portfolio
publications
Discovering Hidden Properties to Attack Node.js Ecosystem
Published in BlackHat USA 2020, 1900
PatternListener: Cracking Android Pattern Lock Using Acoustic Signals
Published in The 25th ACM Conference on Computer and Communications Security, 1900
CHAOS: An SDN-Based Moving Target Defense System
Published in Security and Communication Networks, 2017
Abstract
Moving target defense (MTD) has provided a dynamic and proactive network defense to reduce or move the attack surface that is available for exploitation. However, traditional network is difficult to realize dynamic and active security defense effectively and comprehensively. Software-defined networking (SDN) points out a brand-new path for building dynamic and proactive defense system. In this paper, we propose CHAOS, an SDN-based MTD system. Utilizing the programmability and flexibility of SDN, CHAOS obfuscates the attack surface including host mutation obfuscation, ports obfuscation, and obfuscation based on decoy servers, thereby enhancing the unpredictability of the networking environment. We propose the Chaos Tower Obfuscation (CTO) method, which uses the Chaos Tower Structure (CTS) to depict the hierarchy of all the hosts in an intranet and define expected connection and unexpected connection. Moreover, we develop fast CTO algorithms to achieve a different degree of obfuscation for the hosts in each layer. We design and implement CHAOS as an application of SDN controller. Our approach makes it very easy to realize moving target defense in networks. Our experimental results show that a network protected by CHAOS is capable of decreasing the percentage of information disclosure effectively to guarantee the normal flow of traffic.
Enabling Secure Location Authentication in Drone
Published in The 23th Annual International Conference on Mobile Computing and Networking, 2017
A Security-Enhanced vTPM 2.0 for Cloud Computing
Published in International Conference on Information and Communications Security, 2017
Abstract
Virtual Trusted Platform Module is required in cloud due to the scalability and migration of virtual machine. Through allocating a vTPM (Virtual Trusted Platform Module) to a VM (Virtual Machine), users of VM can use the vTPM’s crypto and measurement function, like using the physical TPM. However, current vTPM still faces some key challenges, such as lacking runtime protection for the vTPM keys and code, lacking the mechanism of vTPM keys management, and lacking the support for the new TPM 2.0 specification. To address these limitations, we design vTPM 2.0 system and then propose a runtime protection approach for vTPM 2.0 based on SGX. Furthermore, we present vTPM key distribution and protection mechanism. We have implemented vTPM 2.0 system and the security-enhanced protection mechanism. As far as we know, the vTPM 2.0 system based on KVM and its security-enhanced mechanism are designed and implemented for the first time.
Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller
Published in DEFCON Security Conference, 2018
Unexpected Data Dependency Creation and Chaining: A New Attack to SDN
Published in IEEE Symposium on Security and Privacy 2020, 1900
LinkBait: Active Link Obfuscation to Thwart Link-flooding attack
Published in IEEE/ACM Transactions on Networking (ToN), 1900
Active link obfuscation to thwart link-flooding attacks for Internet of Things
Published in TrustCom 2020, 1900
Abusing Hidden Properties to Attack Node.js Ecosystem
Published in USENIX SECURITY 2021, 1900