一年一度的

ACM计算机与通信安全会议（CCS）

召开在即

这次我们又带着3篇论文去参会啦

让我们一起来看看这次的论文信息

欢迎大家前来交流探讨~

时间：Oct 15 3:30 PM – 3:45 PM

地点：Deer Valley

作者：

Shuai Li (Fudan University)
Zhemin Yang (Fudan University)
Yuhong Nan (Sun Yat-sen University)
Shutian Yu (Fudan University)
Qirui Zhu (Fudan University)
Min Yang (Fudan University)

摘要：

时间：Oct 15 2:45 PM – 3:00 PM

地点：Grand Ballroom Salon E

作者：

Yifan Lu (Fudan University)
Wenxuan Li (Fudan University)
Mi Zhang (Fudan University)
Xudong Pan (Fudan University)
Min Yang (Fudan University)

摘要：

To protect the intellectual property of well-trained deep neural networks (DNNs), black-box watermarks, which are embedded into the prediction behavior of DNN models on a set of specially-crafted samples and extracted from suspect models using only API access, have gained increasing popularity in both academy and industry. Watermark robustness is usually implemented against attackers who steal the protected model and obfuscate its parameters for watermark removal. However, current robustness evaluations are primarily performed under moderate attacks or unrealistic settings. Existing removal attacks could only crack a small subset of the mainstream black-box watermarks, and fall short in four key aspects: incomplete removal, reliance on prior knowledge of the watermark, performance degradation, and high dependency on data.

In this paper, we propose a watermark-agnostic removal attack called Neural Dehydration (abbrev. Dehydra), which effectively erases all ten mainstream black-box watermarks from DNNs, with only limited or even no data dependence. In general, our attack pipeline exploits the internals of the protected model to recover and unlearn the watermark message. We further design target class detection and recovered sample splitting algorithms to reduce the utility loss and achieve data-free watermark removal on five of the watermarking schemes. We conduct a comprehensive evaluation of Dehydra against ten mainstream black-box watermarks on three benchmark datasets and DNN architectures. Compared with existing removal attacks, Dehydra achieves strong removal effectiveness across all the covered watermarks, preserving at least 90% of the stolen model utility, under the data-limited settings, i.e., less than 2% of the training data or even data-free. Our work reveals the vulnerabilities of existing black-box DNN watermarks in realistic settings, highlighting the urgent need for more robust watermarking techniques. To facilitate future studies, we open-source our code in the following repository: https://github.com/LouisVann/Dehydra.

时间：Oct 17 11:45 AM – 12:00 PM

地点：Grand Ballroom Salons A, B, C

作者：

Haoyu Xiao (Fudan University)
Yuan Zhang (Fudan University)
Minghang Shen (Fudan University)
Chaoyang Lin (Fudan University)
Can Zhang (The State Key Laboratory of Mathematical Engineering and Advanced Computing)
Shengli Liu (The State Key Laboratory of Mathematical Engineering and Advanced Computing)
Min Yang (Fudan University)

摘要：

IoT firmware faces severe threats to security vulnerabilities.  As an important method to detect vulnerabilities, recurring vulnerability detection has not been systematically studied in IoT firmware.  In fact, existing methods would meet significant challenges from two aspects.  First, firmware vulnerabilities are usually reported in texts without too much code-level information, e.g., security patches.  Second, firmware images are released as binaries, making the analysis of known vulnerabilities and the detection of unknown vulnerabilities quite difficult.

This paper presents FirmRec, the first recurring vulnerability detection approach for IoT firmware. FirmRec features several new techniques to enable accurate and efficient vulnerability detection. First, it proposes a new exploitation-based vulnerability signature representation for firmware, which does not use syntactic code features but the semantic features along the dynamic vulnerability exploitation procedure (thus is more resilient to binary code changes and fits the context of binary-only firmware).  Second,  given a vulnerability report, it designs concolic execution-based vulnerability signature extraction to understand the vulnerability exploitation procedure and generate an exploitation-based vulnerability signature.  Third, based on known vulnerability signatures, it employs a two-stage pipeline to accurately and efficiently detect recurring vulnerabilities.

With a dataset of 320 firmware images, FirmRec efficiently detects 642 vulnerabilities. Till now, 53 CVEs have been assigned. Compared with SaTC, jTrans, and Greenhouse, FirmRec detects more vulnerabilities and is more accurate.

Our study shows that recurring vulnerabilities are quite prevalent in IoT firmware but require new techniques to detect.