Patches and related information about software vulnerabilities are often made available to the public, aiming to facilitate timely fixes. Unfortunately, the slow paces of system updates (30 days on average) often present to the attackers enough time to recover hidden bugs for attacking the unpatched systems. We seek to generate proof-of-concept (PoC) exploits for the vulnerability types never automatically attacked. Unlike an input validation flaw that is often patched by adding missing sanitization checks, fixing other vulnerability types is more complicated, usually involving replacement of the whole chunk of code. To address this challenge, we present SemFuzz, a novel technique leveraging vulnerability related text (e.g., CVE reports and Linux git logs) to guide automatic generation of PoC exploits. Such an end-to-end approach is made possible by natural-language processing (NLP) based information extraction and a semantics-based fuzzing process guided by such information.
On the other hand, machine learning algorithm (e.g., deep learning) may also have flaws. The popularity of ASR (automatic speech recognition) systems, like Google Voice, Cortana, brings in security concerns, as demonstrated by recent attacks. We find that the voice commands can be stealthily embedded into songs, which, when played, can effectively control the target system through ASR without being noticed. We also demonstrate that such CommanderSongs can be spread through Internet (e.g., YouTube) and radio, potentially affecting millions of ASR users.
陈恺，中国科学院信息工程研究所，研究员、博导；中国科学院大学教授。信息安全国家重点实验室副主任、《Cybersecurity》编辑部主任。国家“万人计划”青年拔尖人才、北京市“科技新星”。2010年获中国科学院研究生院博士学位，美国宾州立大学博士后。中国保密协会隐私保护专业委员会委员，中国计算机学会系统软件专委会委员。主要研究领域包括软件与系统安全、人工智能对抗、隐私保护。在IEEE S&P、USENIX Security、ACM CCS、ICSE、ASE、TIFS、TDSC、TMC、TRE、RAID、DSN、MobiSys等发表论文70余篇；曾主持和参加国家重点研发计划、国家自然科学基金、863计划、国家发改委信息安全专项、中科院战略性先导科技专项等国家部委课题40余项。