演讲人:Zhiyun Qian, Assistant Professor
Department of Computer Science, UC Riverside, zhiyunq@cs.ucr.edu时间: 11 月 21 日(周五)上午 10:00-11:30地点: 张江校区 Z2102联系人:韩伟力 wlhan@fudan.du.cnAbstractIn this talk, I will introduce a class of practical storage side channel attacks against the Android OS and the TCP stacks. They lead to significant damage to user privacy, network security, application integrity. The attack in Android allows a background app to infer what the foreground app is doing without requiring any permission. Knowing the state of the foreground app, we are then able to hijack the foreground app and launch phishing attacks to steal sensitive information such as passwords and bank account info. The attack in TCP stacks allows an off-path attacker on the Internet to hijack TCP connections created between a legitimate client and server.
For instance, we are able to hijack the browser's connection to Facebook and replace it with a phishing login page to steal credentials. Prompted by our work, corresponding vendors (e.g., Checkpoint, Linux kernel) have proposed mitigation solutions and applied patches. BiographyDr. Zhiyun Qian is an assistant professor at University of California, Riverside. His research spans practical aspects of cyber-security, mobile computing and network systems. Topics that he is interested in include Internet security (e.g., TCP/IP), Android security, infrastructure security (e.g., cellular networks), security of network middleboxes such as firewalls, and security applications of side-channel-enabled network/system state inference. He obtained his Ph.D. degree in Computer Science and Engineering from University of Michigan in 2012.
