Storage side channel attacks in modern OS and network stacks

Storage side channel attacks in modern OS and network stacks

时间： 地点：九龙湖校区计算机楼311室

报告简介：

In this talk, I will introduce a class of practical storage side channel attacks against the Android OS and the TCP stacks. They lead to significant damage to user privacy, network security, application integrity. The attack in Android allows a background app to infer what the foreground app is doing without requiring any permission. Knowing the state of the foreground app, we are then able to hijack the foreground app and launch phishing attacks to steal sensitive information such as passwords and bank account info. The attack in TCP stacks allows an off-path attacker on the Internet to hijack TCP connections created between a legitimate client and server. For instance, we are able to hijack the browser's connection to facebook and replace it with a phishing login page to steal credentials. Prompted by our work, corresponding vendors (e.g., Checkpoint, Linux kernel) have proposed mitigation solutions and applied patches.

报告人简介：

Dr. Zhiyun Qian is an assistant professor at University of California, Riverside. His research spans practical aspects of cyber-security, mobile computing and network systems. Topics that he is interested in include Internet security (e.g., TCP/IP), Android security, infrastructure security (e.g., cellular networks), security of network middleboxes such as firewalls, and security applications of side-channel-enabled network/system state inference. He obtained his Ph.D. degree in Computer Science and Engineering from University of Michigan in 2012.

计算机网络和信息集成教育部重点实验室（东南大学）