TVD 2021
The First TechForum on Vulnerability Detection
Melbourne, Australia
| 1 September 2021
About TVD 2021
The 2021 TechForum on Vulnerability Detection is scheduled to take place on 1st September 2021 in Melbourne, Australia. Due to the COVID-19 restrictions, the event will be virtual. The event will be co-hosted by Swinburne University of Technology and CSIRO Data61.
The purpose of the TechForum is to facilitate in depth discussions on the topic of Vulnerability Detection and related applications. We will bring together the leading researchers, industry thought leaders, research students, and others interested parties to provide a platform for information exchange and advancement of the field of Vulnerability Detection.
Cyber Security has grown into one of the most important fields in the last few years as it has now become integrated in the daily lives of everyone. Cyberspace has grown into a borderless environment. Everyday, more and more data is stored in Cyberspace, and more and more systems and applications operate in Cyberspace. People all over the world have become inevitably dependent on Cyberspace, that it is impossible to operate without it. In parallel with the growth of Cyberspace, we have seen the uncontrolled growth of Cybercrime exploiting weaknesses in Cyberspace and causing untold grief and problems to governments, enterprises, and ordinary people. The essential and strategic role and importance of Cyber Security, such as Vulnerability Detection, can therefore never be overemphasized.
This workshop focuses the research and techniques of Vulnerability Detection, including but not limited to Fuzz testing (Fuzzing) and machine learning-based methods. Fuzzing is a successful and widely used technique to detect vulnerabilities. It generates inputs based on some efficient strategies, and monitors the executions to capture exceptions. On the other hand, machine learning-based methods include the ones using machine learning to detect vulnerabilities and those detecting vulnerabilities in machine learning models.
9:30 - 9:35
Openning
Prof. Yang Xiang
Dean, Digital Research & Innovation Capability Platform
Swinburne University of Technology
Australia
9:35 - 9:55
Automated software security assessment using ML/NLP
Seyit Camtepe
Data 61 CSIRO
Australia
Abstract
Many organizations and agencies receive a large amount of software as source codes from their external providers. Unfortunately, these codes often come with exploitable vulnerabilities and malicious or unauthorized features. Hence, the automatic detection of software vulnerabilities and features is a significant research problem, and at the same time, a very challenging one. NLP language models provide an effective way of extracting information from naturally occurring languages. Since software codes are more repetitive and predictable than written or spoken human language, language models are expected to be effective for software security assessment with the additional benefit of robustness against code obfuscation and beautification. In this talk, we will be presenting our preliminary evaluation study on the effectiveness of the popular NLP deep learning transformer-based models with sizes varying from 110M parameters to 1.5B parameters on detecting vulnerabilities and unauthorized features such as cryptographic constructs.
Biography
Dr Seyit Camtepe is a Principal Research Scientist at CSIRO Data61. He received the PhD degree in Computer Science from Rensselaer Polytechnic Institute, New York, USA, in 2007. From 2007 to 2013, he was with the Technische Universitaet Berlin, Germany, as a Senior Researcher and Research Group Leader in Security. From 2013 to 2017, he worked as a Lecturer at the Queensland University of Technology, Australia. His research interests include topics from cyber security and ML, and applied and malicious cryptography.
9:55 - 10:15
Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference
Sheng Wen
Swinburne University of Technology
Australia
Abstract
The growing emphasis on digital transformation is encouraging more organizations to adopt initiatives driven by the Internet of Things (IoT). However, the frequent security incidents related to IoT devices in recent years are also constantly reminding us that we need to pay attention to the research on the security of IoT devices. We present a novel fuzzing test framework, Snipuzz, which can test whether IoT devices contain security risks through the network. Snipuzz's testing method is accurate and efficient, and we have found 5 zero-day vulnerabilities in 20 consumer-grade devices. Research in this field is an important step for the future IoT device safety inspection industry, providing a strong guarantee for ensuring life and production safety.
Biography
Dr Wen received his PhD degree from Deakin University, Melbourne, in October 2014. Since Oct. 2017, He has been working full-time as a senior lecturer in Swinburne University of Technology. He managed several research projects in the last few years. Since early 2015, he has received over five million Australia Dollars’ funding from both academia and industries, including three ARC Linkage Projects, one Discovery projects, CSRIO-Defence Joint Projects as well as many industry-initiated research projects. He is the leading participant for many of the projects. Dr Wen is the Deputy Director of Swinburne Cybersecurity Lab in Swinburne University, and he is now leading a medium-sized research team with co-/supervised PhD students in the system security area. He has also published over 100 high-quality papers, including top conference papers such as papers in ACM CCS and IEEE ICDCS, as well as many papers in IEEE/ACM transactions series journals. Some of these papers are with high impact factors or become highly cited papers.
10:15 - 10:35
An Exploration of Adversarial Attacks in IoT Networks
Salil Kanhere
University of New South Wales
Australia
Abstract
Machine learning has been extensively used in Internet of Things (IoT) applications, including traffic profiling, network security, and IoT device identification. However, machine learning models are vulnerable to adversarial examples/attacks leading to misclassification and system malfunction. Though these attacks have been studied in domains such as computer vision, a comprehensive exploration in the IoT context is lacking. This work takes the first step in evaluating the adversarial attacks in this setting and particularly focuses on IoT device identification. To this end, our empirical analyses considering various attack techniques, including Fast Gradient Sign Methods and Jacobian-based Saliency Map, on a real-world IoT device classification dataset demonstrate that the ML-based IoT device classification is vulnerable to these attacks in both white box and black box scenarios. Moreover, these attacks are highly imperceptible in IoT networks and remain stealthy as demonstrated by applying the Kolmogorov-Smirnov goodness-of-fit test and ability to evade network intrusion detection systems.
Biography
Salil Kanhere received the MS and PhD degrees from Drexel University, Philadelphia, USA. He is a Professor of Computer Science and Engineering at UNSW Sydney, Australia. His research interests include the Internet of Things, cyber-physical systems, blockchain, pervasive computing, cybersecurity, and applied machine learning. Salil is also affiliated with CISRO’s Data61 and the Cybersecurity Cooperative Research Centre. He is a Senior Member of the IEEE and ACM, an ACM Distinguished Speaker and an IEEE Computer Society Distinguished Visitor. He has received the Friedrich Wilhelm Bessel Research Award (2020) and the Humboldt Research Fellowship (2014), both from the Alexander von Humboldt Foundation in Germany. He has held visiting positions at I2R Singapore, Technical University Darmstadt, University of Zurich and Graz University of Technology. He serves as the Editor in Chief of the Ad Hoc Networks Journal and as an Associate Editor of IEEE Transactions On Network and Service Management, Computer Communications, and Pervasive and Mobile Computing. He has served on the organising committee of several IEEE/ACM international conferences including IEEE PerCom, IEEE/ACM IPSN, IEEE ICBC, IEEE WoWMoM, ACM MSWiM, etc. He has co-authored a book titled Blockchain for Cyberphysical Systems published by Artech House in 2020.
10:35 - 11:00 Morning tea break
11:00 - 11:20
Detecting System-level Vulnerabilities
Carsten Rudolph
Monash University
Australia
Abstract
While a lot of vulnerabilities of IT systems are caused by vulnerabilities in individual software or hardware components, there is another class of system-level vulnerabilities that can be exploited by exploiting other properties of the systems. Ideally, these vulnerabilities should be considered in the design phase. However, they often arise through the interplay of different systems or are overseen until they are actively exploited or identified by researchers.
This talk presents two examples of system-level vulnerabilities, one in the context of blockchain technology and one giving attackers financial advantages in demand-response optimisation for smart energy networks. Then, it discusses possible approaches to systematically evaluate systems for vulnerabilities that do not rely on exploiting software/hardware vulnerabilities and that cannot always be easily mitigated by additional security controls.
Biography
Dr. Carsten Rudolph is Associate Professor for cybersecurity at the Faculty of IT at Monash University, Head of Department for Software Systems and Cybersecurity and Director of Research of the Oceania Cyber Security Centre OCSC in Melbourne, Australia. His research concentrates on information security, formal methods, cryptographic protocols, security of machine learning and human aspects of security with a strong focus inter-disciplinary topics. He contributes to the development of secure solutions for digital health as well as future energy networks. Further, he drives scientific exchange between cybersecurity, law and organisational informatics. Another focus of his research is on nation-level cybersecurity maturity and policy development. In his role as Director of Research of the OCSC he collaborates with Oxford University to carry out cybersecurity maturity reviews with nations in the Pacific region.
11:20 - 11:40
Incremental Vulnerability Detection
Toby Murray
University of Melbourne
Australia
Abstract
Traditional vulnerability techniques like fuzzing and symbolic execution have shown themselves to be incredibly effective at finding subtle vulnerabilities in large programs. Yet I argue that these methods could be far more useful if only they were compositional. Imagine being able to analyse the individual parts of a piece of software and combine those analysis results to draw conclusions about what vulnerabilities provably exist in the software as a whole. I will explain how compositionality enables precise, incremental analyses that can provide near-instant feedback to developers at commit time as new vulnerabilities are introduced.
As a first step towards this vision, I will present very recent work that applies these ideas to develop a new kind of incremental symbolic execution for detecting memory-safety and information leakage vulnerabilities in C programs, without false alarms. I also hope to sketch a vision for how these ideas can integrate alongside traditional fuzz testing, while harnessing AI search techniques to make vulnerability discovery far more efficient.
Biography
Toby Murray is an Associate Professor in the School of Computing and Information Systems at the University of Melbourne. He holds a DPhil (PhD) from the University of Oxford, and previously worked for both NICTA (now Data61) and DST Group. His research focuses on how to build highly secure computing systems, including software assurance and vulnerability discovery, by leveraging rigorous analysis methods. His achievements include leading the team that completed the world’s first proof of information flow security for a general-purpose operating system kernel, seL4; co-leading the collaborative development of the award-winning Cross Domain Desktop Compositor (CDDC) system between Data61 and DST Group.
11:40 - 12:00
Learn Software Security: Automatic Detection & Repair
Siqi Ma
University of Queensland
Australia
Abstract
Vulnerability becomes a major threat to the security of many systems. Attackers can steal private information and perform harmful actions by exploiting unpatched vulnerabilities. Vulnerabilities often remain undetected for a long time as they may not affect typical systems’ functionalities. Furthermore, it is often difficult for a developer to fix a vulnerability correctly if he/she is not a security expert. To assist developers to deal with vulnerabilities, approaches such as program analysis and machine learning are applied to analyze each program code. Thus, a series of tools targeting detecting and patching different types of vulnerabilities are proposed. Rely on the tools, developers not only identify the vulnerabilities in the execution program but also learn the way to patch them and the corresponding side effects that might be caused because of the patch.
Biography
Dr. Siqi Ma joins the University of Queensland in July 2021. Before joining UQ, she was a postdoctoral research fellow from CSIRO, Data61. She has several research interests including IoT security, mobile security, etc. Within these areas, she mainly focuses on detecting bugs and vulnerabilities from their implementation codes. She has published lots of top conference and journal papers in Cybersecurity and software engineering areas such as S&P, ICSE, TIFS.
12:00 - 13:00 Lunch break
13:00 - 13:20
Security and Privacy Issues in Bluetooth-Based Contact Tracing Apps
Alwen Tiu
Australian National University
Australia
Abstract
In response to the COVID-19 pandemic, a number of mobile applications have been created to assist with contact tracing. Many of these apps use Bluetooth Low Energy (BLE) in smartphones as a way for a phone to detect other phones (users) in proximity, provided those phones run the same app. There are two main approaches to the use of BLE in this context: one is what I call a connection-based approach, where one device (client) connects to another device to query its unique identifier; the other is a connectionless approach, where each phone acts as a beacon, broadcasting its own unique rolling identifiers, which are then picked up by nearby phone, without having to establish a connection. The former was adopted by a number of countries, notably Singapore (TraceTogether) and Australia (COVIDsafe), while the latter was jointly developed by Apple and Google, resulting in a common framework known as the Google-Apple Exposure Notification (GAEN) framework, that has now enjoyed a wide adoption across many countries. The use of BLE for contact tracing poses a number of challenges from a security and especially a privacy perspective, as it invalidates some of the security assumptions underlying the intended deployment of BLE devices. To make the matter worse, there are numerous security bugs in BLE protocol stack implementations in various mobile devices, most notably Android devices, that are amplified due to the mass adoption of the apps. I will present some security and privacy bugs affecting both the connection-based approach and the connectionless (GAEN) approach, breaking the privacy guarantees of the apps.
Biography
I am an Associate Professor at the School of Computing, The Australian National University. My main research interests span theoretical as well as practical aspects of computer science; these include formal methods, computational logic, automated theorem proving and computer security. More specifically, I am interested in modelling aspects of computational systems (such as parts of operating systems, communication protocols, simple authentication devices, etc) as mathematical theories, and developing tools and techniques to prove their correctness or to find potential flaws.
13:20 - 13:40
Software Security Analysis from Automation to Intelligence
Yulei Sui
University of Technology Sydney
Australia
Abstract
I will share our past experience in developing precise and scalable software security analysis techniques for analysing large-scale software. I will start with some real-world software vulnerabilities, and then introduce the background knowledge of static and dynamic program analysis. After that, I will present our past research projects, particularly SVF (https://github.com/SVF-tools/SVF), an open-source framework based on a years-long effort. Next, I will introduce our recent experience in learning-based software security analysis. Finally, I will discuss some future research opportunities.
Biography
Yulei Sui is a Senior Lecturer at School of Computer Science, University of Technology Sydney (UTS). He is broadly interested in Program Analysis, Secure Software Engineering and Machine Learning. In particular, his research focuses on building fundamental static and dynamic analysis techniques and tools to improve the reliability and security of modern software systems. His recent interest lies at the intersection of programming languages, natural languages and machine learning. Specifically, his current research projects include secure machine learning, program analysis for bug detection and repair through data mining and deep learning.
His papers have been published in the top-tier conferences and journals in the field of software engineering and program analysis such as TSE, TOSEM, ICSE, FSE, OOPSLA, ECOOP, ISSTA, ASE, SAS, CGO and CC. He was a plenary talk speaker at EuroLLVM 2016, and has been awarded a 2021 ICSE Distinguished Reviewer, 2020 OOPSLA Distinguished Paper, a 2019 SAS Best Paper, a 2018 ICSE Distinguished Paper, a 2013 CGO Best Paper, and an ARC Discovery Early Career Researcher Award (2017-2019).
13:40 - 14:00
Stateful Network Protocol Fuzzing
Thuan Pham
University of Melbourne
Australia
Abstract
Stateful network protocol fuzzing is difficult. Unlike simple command-line tools, network servers feature a massive state space that can be traversed effectively only with well-defined sequences of input messages. Valid sequences are specified in a protocol. In this talk, we present AFLNet, the first greybox fuzzer for protocol implementations. Unlike existing protocol fuzzers, AFLNet takes a mutational approach and uses state-feedback to guide the fuzzing process. AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client. No protocol specification or message grammars are required. AFLNet acts as a client and replays variations of the original sequence of messages sent to the server and retains those variations that were effective at increasing the coverage of the code or state space. To identify the server states that are exercised by a message sequence, AFLNet uses the server’s response codes. From this feedback, AFLNet identifies progressive regions in the state space, and systematically steers towards such regions.
Biography
Thuan Pham is a Lecturer in Cyber Security at the University of Melbourne (UoM). He has been working on scalable and high-performance fuzz testing to improve the reliability & security of software systems. Before joining UoM, he worked with Dr. Marcel Böhme at Monash University and Provost's Chair Professor Abhik Roychoudhury at National University of Singapore (NUS) as a postdoctoral Research Fellow. He received his Ph.D. degree in Computer Science from NUS in July 2017. His research, in collaboration with companies and government agencies, has led to many papers published at premier journals and conferences (e.g., TSE, ICSE, CCS) and one U.S. patent. He has developed several open-source automated security testing tools (e.g., AFLGo, AFLSmart, AFLNet, AFLTeam) that are responsible for 100+ (critical) vulnerabilities discovered in large real-world software systems. His research has been featured on media channels like Theregister.co.uk and Securityweek.com.
14:00 - 14:30 Afternoon tea break
14:30 - 14:50
Towards a transactive energy grid: Vulnerabilities, Cybersecurity Risks and Challenges
Shamsul Huda
Deakin University
Australia
Abstract
With the rapid enforcement of the carbon emission reduction and green energy policy implementation, conventional power grids are being transformed to decentralized girds where a large number of energy consumers have been changed to prosumers. This paradigm shift has created a complex communication infrastructure which connects high number of distributed energy resources (DER) and prosumers’ home networks using heterogeneous medium including power line carrier, wired connection, cellular, satellite communication and a wide range of protocols such as DNP3.0, Modbus, IEC61850, ICCP (IEC69870-5), Zigbee, WiMAX, WiFi. Due to the transactive nature of the connected microgrids with a deregulated market, data flows among the grid devices are not only limited to energy parameters or settings, but also includes financial information which are related to competitive electricity market. This has made the grid a primary target to cyber-attackers. Due to the very large attack surface, nature of the non-conventional multilevel protocols and resources constrained devices, conventional security controls have limited ability to protect the grids from cyberattacks. In this short talk, speaker will discuss the challenges of complex communication infrastructure and protocols of new generation smart grid, their vulnerabilities, related cyber security risks and some recent researches of the speaker.
Biography
Shamsul Huda is a Senior Lecturer in School of Information Technology, Deakin University, Australia. Prior to join Deakin, he worked as a research fellow and lecturer in School of IT in Federation University, Australia. Dr Huda is a Certified Information System Security Professional (CISSP) by The International Information System Security Certification Consortium, (ISC)² and full member of (ISC)². He is also a member of Cyber Security Research and Innovation Centre (CSRI) at Deakin University. His main research areas are Communication and network security, strategies for secure operations for Industrial Control systems (SCADA), connected microgrids and Critical infrastructure, detection of data breaches through the darknet, IoT security, Malware analysis and detection, reverse engineering. He has published more than 70 journal and conference papers in well reputed journals and conferences papers.
14:50 - 15:10
Regression Greybox Fuzzing
Xiaogang Zhu
Swinburne University of Technology
Australia
Abstract
In this talk, I will talk about how to improve the efficiency of bug discovery. We discover that regression bugs are prevalent in programs. Therefore, we developed regression greybox fuzzing to detect bugs in programs. Because regression bugs are introduced during the development of programs, we steer computing resources towards code regions that are changed more recently or more frequently. The result is pretty promising!
Biography
Dr. Xiaogang Zhu is a research fellow at Swinburne University of Technology. He is interested in vulnerability detection techniques, especially fuzzing. He has published articles on top journals and conferences, such as the ACM Conference on Computer and Communications Security (CCS) and IEEE Transactions on Dependable and Secure Computing (TDSC). His research has exposed many (severe) vulnerabilities in real-world applications.
15:10 - 15:30
Analyzing vulnerabilities and security issues in mobile applications
Muhammad Ikram
Macquarie University
Australia
Abstract
Smartphone applications that listen for network connections introduce significant security and privacy threats for users. In this talk, we focus on techniques for vetting and analyzing the potential vulnerabilities and security issues in mobile applications. We will overview the discovered security issues and the vulnerabilities that open up the mobile phones to a host of possible attacks, including data leakage, remote command execution, and denial-of-service attacks. We have disclosed identified vulnerabilities and received acknowledgments from vendors.
Biography
Muhammad Ikram is a lecturer at the Department of Computing, Macquarie University. He received the Ph.D. degree from the University of New South Wales in 2018. He was a joint Post-Doctoral Research Fellow at the University of Michigan, U.S.A and at Cyber Security Hub Macquarie University. He was a visiting scientist at CSIRO from 2018 to 2020. His current research interests include large-scale measurements, analytics, and analyzing security and privacy issues in Web and mobile platforms. Over the last couple of years, he has been thinking and working to build techniques leveraging machine-learning algorithms to fight against security and privacy issues and fraud detection targeting online services. He has several publications in prestigious measurement, security, and privacy conferences such as USENIX Security Symposium, NDSS, PETS, and IMC and journals such as BMJ and ACM TOPS. His research contributions are featured by several news and media outlets reaching to millions of audiences world-wide.
15:30 - 15:50
Source Inference Attacks: Beyond Membership Inference Attacks in Federated Learning
Xuyun Zhang
Macquarie University
Australia
Abstract
Federated learning (FL) has emerged as a promising privacy-aware paradigm that allows multiple clients to jointly train a model without sharing their private data. Recently, many studies have shown that FL is vulnerable to membership inference attacks (MIAs) that can distinguish the training members of the given model from the non-members. MIAs on machine learning models can directly lead to a privacy breach and have recently been shown effective on a variety of machine learning models. In this talk, we briefly survey the existing MIAs on FL. Then, we discuss our preliminary exploration of a new type of inference attacks beyond MIAs, i.e., source inference attacks in federated learning.
Biography
Dr Xuyun Zhang is currently working as a senior lecturer in the Department of Computing at Macquarie University (Sydney, Australia). Besides, he has working experience in University of Auckland and NICTA (now Data61, CSIRO). He received his PhD degree in Computer and Information Science from University of Technology Sydney (UTS) in 2014, and his MEng and BSc degrees from Nanjing University in 2011 and 2008 respectively. His research interests include scalable and secure machine learning, big data privacy and cyber security, big data mining and analytics, cloud/edge/service computing and IoT, etc. His research work has been published in high quality venues such as TPDS, TC, TKDE, TDSC, ICDE, CIKM, etc. He is the recipient of the 2021 ARC DECRA Award and several other prestigious awards.
15:50 - 15:55
Closing Remarks
Prof. Yang Xiang
Dean, Digital Research & Innovation Capability Platform
Swinburne University of Technology
Australia
Registration Information
TBA
Organising Committee
General Co-Chairs
Yang Xiang, Swinburne University of Technology, Australia
Surya Nepal, CSIRO Data 61, Australia
Sheng Wen, Swinburne University of Technology, Australia
Seyit Camtepe, CSIRO Data 61, Australia
