計算機網絡和信息集成教育部重點實驗室（bet356手机版唯一官网）
bat365 首頁 實驗室概況 研究隊伍 人才培養 科學研究及主要成果 開放與交流 科研資源共享 運行管理
2014年學術報告 學術報告 開放課題設置 合作項目 舉辦學術會議 --- 2014年學術報告 --- Storage side channel attacks in modern OS and network stacks 時間： 地點：九龍湖校區計算機樓311室 報告簡介：   In this talk, I will introduce a class of practical storage side channel attacks against the Android OS and the TCP stacks. They lead to significant damage to user privacy, network security, application integrity. The attack in Android allows a background app to infer what the foreground app is doing without requiring any permission. Knowing the state of the foreground app, we are then able to hijack the foreground app and launch phishing attacks to steal sensitive information such as passwords and bank account info. The attack in TCP stacks allows an off-path attacker on the Internet to hijack TCP connections created between a legitimate client and server. For instance, we are able to hijack the browser's connection to facebook and replace it with a phishing login page to steal credentials. Prompted by our work, corresponding vendors (e.g., Checkpoint, Linux kernel) have proposed mitigation solutions and applied patches. 報告人簡介：   Dr. Zhiyun Qian is an assistant professor at University of California, Riverside. His research spans practical aspects of cyber-security, mobile computing and network systems. Topics that he is interested in include Internet security (e.g., TCP/IP), Android security, infrastructure security (e.g., cellular networks), security of network middleboxes such as firewalls, and security applications of side-channel-enabled network/system state inference. He obtained his Ph.D. degree in Computer Science and Engineering from University of Michigan in 2012.     bet356手机版唯一官网計算機網絡和信息集成教育部重點實驗室 版權所有