1.【论文分享】Off-Path TCP Exploits of the Mixed IPID Assignment

• Presenter: 刘世明

• Conference: CCS '20

• Authors: Feng X, Fu C, Li Q, et al.

• Abstract: The article achieves degradation of IPID allocation algorithms by sending ICMP requests in a fragmented manner. It leverages the incremental nature of IPID as a side channel to infer the victim's IP address, port, as well as the ACK and SEQ values in the TCP traffic, thereby intercepting TCP traffic.

• Link to paper: https://dl.acm.org/doi/10.1145/3372297.3417884

2.【论文分享】Fuzzing SGX Enclaves via Host Program Mutations

• Presenter: 李哲铭

• Conference: EuroS&P '23

• Authors: Khan A, Zou M, Kim K, et al.
  

• Abstract: FUZZSGX proposes an input and program mutation-based fuzzer for Intel SGX enclave implementations. It provides an enclave fuzzing runtime, FUZZSGX RUNTIME, which is a drop-in library for the Intel SGX SDK, enabling code coverage and sanitization within enclaves. To explore the host app-enclave boundary, FUZZSGX conducts static analysis and symbolic execution on existing host apps and enclave implementations to generate promising fuzzing programs.

• Link to paper: https://ieeexplore.ieee.org/document/10190488

# 学术沙龙问卷反馈