一、交流项目招收对象及招生人数
信电学院在读的优秀大二、大三年级学生,即2015、2016级本科生,共计14人。
二、项目介绍
1.NUS (Prof. Zhenkai Liang) 新加坡国立大学计算机系梁振凯教授
Link: http://www.comp.nus.edu.sg/~liangzk/
Position: 2 interns
Description:
随着物联网(IoT)设备的大量部署,IoT设备安全面临严峻的挑战。传统的软件安全的分析方法无法被直接应用到IoT环境中。本项目研究适用于IoT设备的分析方法,包括两个自方向:(一)建立基于模拟器的IoT运行环境,用以IoT设备固件的动态分析;(二)用基于模糊测试的方法找到IoT软件中的漏洞。
2.SUTD (Prof. Jun Sun) 新加坡科技设计大学孙军教授
Link: http://people.sutd.edu.sg/~sunjun/
Project: Learning-Guided Fuzzing for Cyber-Physical Systems
Position: 2-3 interns
Description:
Detecting security vulnerabilities systematically in complex systems like cyber-physical systems is highly nontrivial. Ideally, provided with an interface through which an attacker could interact with the system, we would like to test the system with all possible inputs from the attacker in order to check whether there is any exploitable system vulnerability. The challenge is that there are simply too many possible inputs. Given a limited budget, the question is then how to selectively generate inputs which are more likely to expose system vulnerability.
One simple yet effective technique for solving the problem is fuzzing. While fuzzing is an old idea, recent developing on “smart” fuzzing techniques have made tremendous progress. The most notable examples include grey-box fuzzing implemented in AFL and white-box fuzzing implemented in Microsoft SAGE. While these fuzzers have been used to successfully identify many program vulnerabilities, they are not suitable for cyber-physical systems. For instance, AFL requires us to recompile a target software system with instrumented code and SAGE is based on applying symbolic execution, both of which are infeasible for cyber-physical systems.
In this work, we aim to develop a “smart” fuzzer dedicated to real-world cyber-physical systems. Compared to AFL and SAGE, the fuzzer is black box so that it can be applied without modifying existing systems. The key idea of the smartness in the fuzzer is to guide the fuzzing process through machine learning techniques. That is, the fuzzer will actively learn correlation/causality between the generated inputs and physical observations of the system, and then strategically generate inputs which are optimized to drive systems towards hazardous states. Multiple machine learning techniques could be applied. For example, the learned model can be in the form of probabilistic processes and the fuzzing strategy can be importance sampling (which is a technique that drives a system towards certain goal gradually by adjusting the probabilistic distribution used when generating the inputs). Alternatively, the learned model can be neutral networks and the fuzzing technique can be based on generative adversarial networks.
The objectives of this project are
· To develop a completely automatic fuzzer for real-world systems, i.e. a software toolkit which, once connected to a target system, automatically generates inputs to the system and reports potential system vulnerabilities.
· To design/develop efficient fuzzing strategy based on machine-learning results to expose system vulnerability efficiently.
· To apply the developed fuzzer to identify vulnerabilities in iTrust testbeds.
3.SUTD (Prof. Jun Sun) 新加坡科技设计大学孙军教授
Link: http://people.sutd.edu.sg/~sunjun/
Project: Automatic System Attestation through Program Refactoring
Position: 2-3 interns
Description:
Recently, there have been promising development on trusted computing technology. Most noticeable is Intel SGX. Such technology can potentially solve the attestation problem. Applying them to real-world cyber-physical systems is however far from straightforward.
First, trusted computing technology often has practical limitations in order to achieve secure “isolation”. For instance, there is a size limit on the program which can be executed in the trusted memory region (a.k.a. enclave) when Intel SGX is applied. Secondly, programming with trusted computing technology is error-prone, i.e. secure isolation could be easily broken without care. For instance, when an enclave invokes functions from the untrusted memory (e.g. network API), an attacker can manipulate the untrusted memory and subsequently ‘trick’ the program inside the enclave. Lastly, PLCs in existing cyber-physical systems often lack the necessary hardware or programming interface to incorporate trusting computing.
In this work, we aim to develop practical techniques/tools which would allow us to systematically apply trusted computing technology to attest real-world cyber-physical systems. The usage scenario is as follows. Given a PLC of a cyber-physical system, our toolkit would take its program and automatically refactor it to instrument an attestation procedure (which would be based on trusted computing) into the program. Furthermore, if the PLC has available trusted computing technology, the instrumented program will be installed on the PLC. Otherwise, the instrumented program will be installed in a device with trusted computing, which will then execute in parallel with the PLC. By comparing the input/output of the device and the PLC, we attest the PLC.
The objectives of this project are
· To design a protocol for attesting PLC programs based on trusted computing, which should withstand a range of attacks.
· To design and develop an approach for refactoring a give PLC program so that the attestation protocol is incorporated automatically.
· To implement a software toolkit and a hardware solution which allows us to attest PLCs without trusted computing hardware.
4.SUTD (Prof. Jianying Zhou) 新加坡科技设计大学周建英教授
Link: https://itrust.sutd.edu.sg/people/faculty/jianying-zhou/
Project: Vulnerability discovery for the Internet of Things
Position: 1 intern
Description:
Within this research project, you will help in security analysis of various IoT device - web cameras, network printers, fitness trackers, smart lighting systems and others available in our lab. In iTrust- SUTD’s multidisciplinary research center for cyber security, we use a wide range of techniques and special appliance to assess those devices, such as: firmware analysis, wireless signal interception, electromagnetic isolation, and network traffic inspection. This helps us to discover new threats in IoT world, to raise awareness in this field and to help vendors to improve their products.
Requirements:
- Understands computer architecture, common network protocols
- Uses Python or Bash for own automation purposes
- Understands the concept of common security vulnerabilities in Web, Networks, Mobile applications
A big plus:
- Electrical engineering background - understanding of embedded architectures, how to interact with the hardware
- Software reverse engineering experience
- Background in wireless communications, Software Defined Radio
- Any practical cryptanalysis or light-weight crypto knowledge
We can accept one intern student for each proposal, and cover the cost of TEP application. The minimum period is 3 months for TEP application.
5.SUTD (Prof. Jianying Zhou) 新加坡科技设计大学周建英教授
Link: https://itrust.sutd.edu.sg/people/faculty/jianying-zhou/
Position: 1 intern
Description:
Goal: Build a piece of software that reads PLC programs and simulates its behavior.
Description:
An important part of modelling the behavior of a Cyber-Physical System is to abstract the control strategy. This project aims to develop and deploy a piece of software that reads and runs source code from controllers (reads programs written in Structured Text, Ladder Logic or Function Block Diagram and interprets in Python). This module should run the piece of software, reads/writes values from other modules (inputs/outputs) and communicates with controllers (using MiniCPS or any other ad-hoc implementation).
Requirement:
- Python
We can accept one intern student for each proposal, and cover the cost of TEP application. The minimum period is 3 months for TEP application.
6.NTU (Dr. Bhasin Shivam) 新加坡南洋理工大学
Position: 1 intern
Description:
Modern smartphones are equipped with various sensors, to enhance the user experience. Most of these sensors are accessible without a user’s permission and thus known as zero- permission sensors. Commonly available zero-permission sensors include accelerometer, gyroscope, magnetometer, barometer etc. The sensors constantly detect user activity, which is then fed back to user applications for intelligent processing. However, these sensors could also detect sensitive user data of private and confidential nature leading to potential attacks.
Previous works have explored various vulnerabilities of sensor side-channel leading to user privacy compromise. These attacks include behavioral profiling, geo-localization, and PIN recovery. A recent work pushed the PIN recovery capabilities to as high as 99.5%, enabling cross user exploitation.
The objective of this internship will be to explore new vulnerabilities exploiting sensor side-channel for user privacy exploitation. The main challenge of the work will be to explore vulnerabilities in real settings. The ideal candidate would require working knowledge of Android to design basic App to setup the testing environment. Previous experience in signal processing and machine learning will be needed for data analysis.
1
1
7. SUTD (Prof. Zhao Rong ) 新加坡科技设计大学
Link: https://epd.sutd.edu.sg/faculty/zhao-rong/
Project: Development of Multiphysics Solver for Modeling and Simulating the Next Generation Non-volatile Memory (NVM)
Position: 2-3 intern
Description:
DEMANDS for better data storage excite intensive efforts on next generation memory research, and novel memories have been progressing in scalability, operation speed, and data retention time. Among the novel nonvolatile memory family, resistive random access memory (RRAM) is a promising candidate to replace FLASH, due to its excellent scaling potential and reliability. Besides applications for data storage, RRAMs also show great potential in novel computing architectures and neuromorphic
computing.
As integration density increases, thermal problem becomes more significant and directly affects reliability and retention time of RRAMs. Heat generated in one cell can deteriorate stability or reliability of its neighbors, which is known as a thermal crosstalk effect. However, there is little work about crosstalk effect in RRAM arrays that treats the evolution of CFs in an appropriate way. A fully coupled Multiphysics computational study is indeed necessary, where oxygen vacancy transport equation, current continuity equation, and heat conduction equation must be solved self-consistently.
Goal: Develop multiphysics model and algorithm for simulating thermos-electrical coupling effects in 3-D RRAM arrays with high density and performance
Requirement:
- Good at in (Solid State/Semiconductor) Physics, mathematics and coding.
三、具体安排
1、即日起开始接受报名和咨询,申请截止日期2018年4月10日;
2、交流时间:2018年7月中旬至2018年9月底
四、选拔方式
1、网上申请:个人申请,申请者通过教学管理信息服务平台10.202.110.46:8080/jwglxt(或10.202.78.14)申请(与老系统账号密码通用,具体操作方式见附件1)项目代码及名称分别为20182005新加坡国立大学暑期科研交流项目、20182006新加坡科技设计大学暑期科研交流项目、20182007新加坡南洋理工大学暑期科研交流项目。 2.材料提交:个人简历以及在校成绩单等电子材料一并发送至zhongtingting@zju.edu.cn,邮件名为“班级+姓名+申请岗位”,报名截止4月10日。
五、说明
1.安全问题:入选者需要购买一份人身意外险,其他安全问题将由学生本人和家长自己承担,并向学院提供保险单复印件;
2、申请人本人承担主要费用,包括往返机票,公寓租住及日常开销等。该项目将获得学校一定额度(6000元以上)的资助。
如有疑问,可致电:钟婷婷老师87953027,吴叶飞老师87953076。
2018年3月27日