模糊测试是当今比较流行的漏洞挖掘技术之一。传统的模糊测试往往需要大量人工参与,测试周期较长且测试效果依赖于专家经验。近年来,机器学习应用广泛,这为软件安全测试技术注入了新活力。一些研究工作使用机器学习技术对模糊测试过程进行优化和改进,弥补了传统模糊测试技术的诸多缺陷。文章对基于机器学习的模糊测试技术进行了全面分析。首先,总结了常见的漏洞挖掘方法、模糊测试过程与分类以及传统模糊测试技术的不足；然后,从模糊测试的测试用例生成、变异、筛选和调度等角度入手,着重介绍了机器学习方法在模糊测试技术中的应用研究,并结合机器学习和模糊测试实现其他功能的研究工作；最后,基于现有的工作分析总结了目前研究的局限性和面临的挑战,并对该领域未来的发展方向进行了展望。

Virtual Trusted Platform Modules (vTPMs) are widely used in commercial cloud platforms (e.g., VMware Cloud, GoogleCloud, andMicrosoft Azure) to provide virtual root-of-trust and security services for virtual machines. Unfortunately, current state-of-the-art vTPM implementations for cloud computing cannot provide strong protection for vTPMs at run-time and suffer from poor performance under binding vTPMs to a physical TPM. In this paper, we propose SvTPM, an SGX-based virtual trusted platform module, which provides complete life cycle protection of vTPMs in the cloud and does not rely on the physical TPM. SvTPM provides strong isolation protection so malicious cloud tenants or even cloud administrators cannot access vTPM's private keys or any other sensitive data. In this paper, we implement a prototype of SvTPM, which identifies and solves a couple of critical security challenges for vTPM protection with SGX, such as NVRAM rollback attacks, NVRAM binding attacks, and vTPM rollback attacks. SvTPM also shows how to establish trust between vTPM and SGX Platform. Our performance evaluation shows that the NVRAM launch time of SvTPM is 1700x faster than vTPM built upon hardware TPM. In TPM standard command evaluation, we find that SvTPM incurs negligible performance overhead while providing strong isolation and protection. To our knowledge, SvTPM is the first practical work to solve the critical security challenges of securing vTPM using SGX.

现有的Web模糊测试方法主要包括基于字典的黑盒测试方法和借鉴二进制模糊测试的灰盒测试方法，这些方法存在随机性大、效率低的缺点。针对上述问题，文章提出了一种基于图同构网络的高效Web模糊测试方法。首先，利用图同构网络在图表示和图结构学习方面的强大能力，在代码的控制流图上学习漏洞语义和结构特征，并进行基本块漏洞概率预测；然后，基于漏洞预测结果提出了漏洞概率和覆盖率双导向的Web应用模糊测试指导策略，在不降低覆盖率的同时优先探索含漏洞概率更高的程序位置，有效解决了现有Web应用模糊测试工具随机性大、效率低的问题；最后，基于以上方法实现了原型系统并进行实验评估。实验结果表明，与webFuzz相比，该原型系统的漏洞挖掘效率提高了40%，覆盖率扩大了5%。

The proliferation of artificial intelligence and edge computing has led to an increase in the deployment of proprietary deep learning models on third-party edge servers or devices to power mission-critical applications. However, this trend raises concerns about model privacy, particularly on untrusted edge platforms. Protecting model privacy in such scenarios requires addressing challenges such as untrustworthy model deployment environments, resource-constrained Trusted Execution Environments (TEE), and vulnerability to privacy inference attacks. To address these challenges, this paper proposes PENETRALIUM, a system-algorithm jointly optimized model inference system on edge computing platforms. PENETRALIUM runs models in the TEE by building an underlying computational engine. We propose an adaptive decomposition algorithm that builds a computing pipeline for models, which adapts to the underlying trusted components. Additionally, PENETRALIUM uses a lightweight confidence score perturbation policy to protect against advanced privacy inference attacks on deep learning models. Experimental results demonstrate that PENETRALIUM provides strong security guarantees with reasonable performance. The system not only reduces inference latency and memory consumption overhead but also improves the overall robustness of the system against advanced attacks. © 2024 Elsevier B.V.

飞控系统是无人机的核心部件，对无人机的功能和性能起着决定性作用，是无人机信息安全防护的重点对象。论文针对PX4飞控系统面临的恶意代码植入、内部交互数据篡改等安全风险，设计了一种面向位置环境的基于属性的访问控制策略（LE-ABAC），该策略基于访问控制实体属性和无人机外部位置环境信息制定访问控制规则，可以实现对无人机内数据交互过程进行细粒度控制，保护关键交换数据的机密性与完整性。论文在PX4软件仿真平台上对所提方案进行了攻击仿真实验，结果表明该模型能够在不显著降低无人机飞控效率的前提下，有效保护飞控系统内部交互数据不被窃取和篡改。

The current IoT platform is vulnerable to remote device hijacking and substitution attacks, primarily due to weak authentication and authorization mechanisms between IoT devices, mobile apps, and the cloud. Such attacks can lead to privacy breaches and even threaten the safety of users' lives and properties. Thus, ensuring the trustworthiness of IoT devices is crucial. In this paper, we propose a blockchain-based trust management approach to enhance the trust between IoT devices, mobile apps, and the cloud. We have implemented our approach by combining Ethereum with a smart home solution to create a distributed trust management system for IoT devices. Our evaluation results demonstrate the effectiveness of our approach in detecting the above attacks, with acceptable performance.

由于Java Web应用业务场景复杂,且对输入数据的结构有效性要求较高,现有的测试方法和工具在测试Java Web时存在测试用例的有效率较低的问题.为了解决上述问题,本文提出了基于解析树的Java Web应用灰盒模糊测试方法.首先为Java Web应用程序的输入数据包进行语法建模创建解析树,区分分隔符和数据块,并为解析树中每一个叶子结点挂接一个种子池,隔离测试用例的单个数据块,通过数据包拼接生成符合Java Web应用业务格式的输入,从而提高测试用例的有效率;为了保留高质量的数据块,在测试期间根据测试程序的执行反馈信息,为每个数据块种子单独赋予权值;为了突破深度路径,会在相应种子池中基于条件概率学习提取数据块种子特征.本文实现了基于解析树的Java Web应用灰盒模糊测试系统PTreeFuzz,测试结果表明,该系统相较于现有工具取得了更好的测试准确率.

低功耗广域网（low power wide area network,LPW AN）作为一个强调低功耗的协议通常运行在资源受限设备上。一方面,受限的资源给协议实现的安全性带来了严峻的挑战,厂商通常难以在安全性与资源消耗上进行取舍。另一方面,协议栈以裸机固件的形式部署在设备上,各异的硬件特性使得其自动化分析较为困难。因此,本文专门针对资源受限设备提出了一种基于符号执行与污点分析的协议栈分析框架ProSE,能够针对固件中存在的协议漏洞进行检测。本文以LPWAN中最具代表性的LoRaWAN协议作为分析对象,实现了多种漏洞的自动化检测,并成功检测出6个厂商LoRaWAN实现中存在的20个潜在安全漏洞。

With the development of IoT, IoT devices have proliferated. With the increasing demands of network management and security evaluation, automatic identification of IoT devices becomes necessary. However, existing works require a lot of manual effort and face the challenge of catastrophic forgetting. In this paper, we propose IoT-Portrait, an automatic IoT device identification framework based on a transformer network. IoT-Portrait automatically acquires information about IoT devices as labels and learns the traffic behavior characteristics of devices through a transformer neural network. Furthermore, for privacy protection and overhead reasons, it is not easy to save all past samples to retrain the classification model when new devices join the network. Therefore, we use a class incremental learning method to train the new model to preserve old classes’ features while learning new devices’ features. We implement a prototype of IoT-Portrait based on our lab environment and open-source database. Experimental results show that IoT-Portrait achieves a high identification rate of up to 99% and is well resistant to catastrophic forgetting with a negligible added cost both in memory and time. It indicates that IoT-Portrait can classify IoT devices effectively and continuously. © 2023 by the authors.

随着智能交通的快速发展，车载自组织网络（Vehicular ad-hoc networks，VANETs）具有广阔的发展前景，但也面临多种安全威胁，针对车载自组织网络中可能存在的内部攻击者和虚假消息，提出了一种分布式的混合信任管理方案HTMS-V。该方案考虑到车载自组织网络的特性，基于改进的主观逻辑模型结合直接信任和间接信任对网络中的车辆节点进行信任评估，基于节点间的交互记录建立节点间的信任关系；基于节点信任和节点间距离进行消息信任评估，并根据信任评估结果识别网络中的虚假消息和恶意节点。为了验证所提出方案的性能，设计了四种不同的攻击场景，在车辆网络仿真平台Veins上进行对比实验测试HTMS-V方案在各种攻击场景下的表现。实验结果表明HTMS-V方案能有效抵抗车载自组织网络中的各种攻击，在40%恶意节点率的情况下仍能识别大部分虚假消息和恶意节点，且HTMS-V方案的表现明显优于由主观逻辑模型和基于距离的加权投票构成的基线方案。