Northwestern S&P Group

Northwestern Security and Privacy Group has a group of faculty & researchers working on software/system security, network security, AI security, cryptography, and data privacy. The group frequently published research outcomes at top-tier academic conferences (CCS/IEEE S&P/USENIX Security/NDSS). The group is also frequently invited to talk at flagship security summits, such as BlackHat and DEFCON. In addition to the group of faculty, Northwestern Security and Privacy Group also supervises a world-class CTF team. Our researchers and PhD students also participate in the security contests such as DEFCON CTF Final and Pwn2Own. Our faculty and PhD students also received presitigous awards (such as NSF CAREER Award, DoD Young Investigator Award, DOE Early CAREER Award, Microsoft/Amazon Research awards etc.).

news

May 23, 2022	Our PhD and pre-doc students (Zhenpeng Lin, Yuhang Wu, Yueqi Chen) will present their research work – GREBE – at the IEEE S&P (San Francisco) on Wednesday, May 25, 2022.
May 19, 2022	TUTELARY pwned the latest version of Ubuntu in Pwn2Own

selected publications

USENIX

Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability

Zeng, Kyle, Chen, Yueqi, Cho, Haehyun, Xing, Xinyu, Doupé, Adam, Shoshitaishvili, Yan, and Bao, Tiffany

In 31st USENIX Security Symposium (USENIX Security 22) 2022

Bib PDF

@inproceedings{280034,
  author = {Zeng, Kyle and Chen, Yueqi and Cho, Haehyun and Xing, Xinyu and Doup{\'e}, Adam and Shoshitaishvili, Yan and Bao, Tiffany},
  title = {Playing for {K(H)eaps}: Understanding and Improving Linux Kernel Exploit Reliability},
  booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
  year = {2022},
  address = {Boston, MA},
  publisher = {USENIX Association},
  url = {https://www.usenix.org/conference/usenixsecurity22/presentation/zeng},
}

S&P

GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs

Lin, Zhenpeng, Chen, Yueqi, Wu, Yuhang, Yu, Chensheng, Mu, Dongliang, Xing, Xinyu, and Li, Kang

In Proceedings of the 2022 IEEE Symposium on Security and Privacy 2022

Bib PDF Code

@inproceedings{grebe,
  author = {Lin, Zhenpeng and Chen, Yueqi and Wu, Yuhang and Yu, Chensheng and Mu, Dongliang and Xing, Xinyu and Li, Kang},
  booktitle = {Proceedings of the 2022 IEEE Symposium on Security and Privacy},
  title = {GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs},
  year = {2022},
}

NDSS

An In-depth Analysis of Duplicated Linux Kernel Bug Reports

Mu, Dongliang, Wu, Yuhang, Chen, Yueqi, Lin, Zhenpeng, Yu, Chensheng, Xing, Xinyu, and Wang, Gang

In Proceedings 2022 Network and Distributed System Security Symposium 2022

Bib PDF

@inproceedings{dongliangndss2022,
  title = {An In-depth Analysis of Duplicated Linux Kernel Bug Reports},
  author = {Mu, Dongliang and Wu, Yuhang and Chen, Yueqi and Lin, Zhenpeng and Yu, Chensheng and Xing, Xinyu and Wang, Gang},
  booktitle = {Proceedings 2022 Network and Distributed System Security Symposium},
  year = {2022},
}

CCS

Proving UNSAT in Zero Knowledge

Luo, Ning, Antonopoulos, Timos, Harris, William, Piskac, Ruzica, Tromer, Eran, and Wang, Xiao

In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security 2022

Bib

@inproceedings{luo2022proving,
  title = {Proving UNSAT in Zero Knowledge},
  author = {Luo, Ning and Antonopoulos, Timos and Harris, William and Piskac, Ruzica and Tromer, Eran and Wang, Xiao},
  booktitle = {Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security},
  year = {2022},
}

USENIX

ppSAT: Towards Two-Party Private SAT Solving

Luo, Ning, Judson, Samuel, Antonopoulos, Timos, Piskac, Ruzica, and Wang, Xiao

In 31st USENIX Security Symposium (USENIX Security 22) Aug 2022

Bib PDF

@inproceedings{279904,
  title = {{ppSAT}: Towards {Two-Party} Private {SAT} Solving},
  booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
  author = {Luo, Ning and Judson, Samuel and Antonopoulos, Timos and Piskac, Ruzica and Wang, Xiao},
  year = {2022},
  address = {Boston, MA},
  url = {https://www.usenix.org/conference/usenixsecurity22/presentation/luo},
  publisher = {USENIX Association},
  month = aug,
}

CVPR

Federated Class-Incremental Learning

Dong, Jiahua, Wang, Lixu, Fang, Zhen, Sun, Gan, Xu, Shichao, Wang, Xiao, and Zhu, Qi

In IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2022 Aug 2022

Bib

@inproceedings{DBLPwangxiao,
  title = {Federated Class-Incremental Learning},
  author = {Dong, Jiahua and Wang, Lixu and Fang, Zhen and Sun, Gan and Xu, Shichao and Wang, Xiao and Zhu, Qi},
  booktitle = {{IEEE} Conference on Computer Vision and Pattern Recognition, {CVPR}
                 2022},
  publisher = {Computer Vision Foundation / {IEEE}},
  year = {2022},
}

TDSC

EXGEN: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities

Jin, Ling, Cao, Yinzhi, Chen, Yan, Zhang, Di, and Campanoni, Simone

IEEE Transactions on Dependable and Secure Computing Aug 2022

Bib

@article{9674230,
  author = {Jin, Ling and Cao, Yinzhi and Chen, Yan and Zhang, Di and Campanoni, Simone},
  journal = {IEEE Transactions on Dependable and Secure Computing},
  title = {EXGEN: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities},
  year = {2022},
  pages = {1-1},
  doi = {10.1109/TDSC.2022.3141396},
}

ASPLOS
CARAT CAKE: Replacing Paging via Compiler/Kernel Cooperation

Suchy, Brian, Ghosh, Souradip, Kersnar, Drew, Chai, Siyuan, Huang, Zhen, Nelson, Aaron, Cuevas, Michael, Bernat, Alex, Chaudhary, Gaurav, Hardavellas, Nikos, Campanoni, Simone, and Dinda, Peter

In Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems Aug 2022

Abs Bib

Virtual memory, specifically paging, is undergoing significant innovation due to being challenged by new demands from modern workloads. Recent work has demonstrated an alternative software only design that can result in simplified hardware requirements, even supporting purely physical addressing. While we have made the case for this Compiler- And Runtime-based Address Translation (CARAT) concept, its evaluation was based on a user-level prototype. We now report on incorporating CARAT into a kernel, forming Compiler- And Runtime-based Address Translation for CollAborative Kernel Environments (CARAT CAKE). In our implementation, a Linux-compatible x64 process abstraction can be based either on CARAT CAKE, or on a sophisticated paging implementation. Implementing CARAT CAKE involves kernel changes and compiler optimizations/transformations that must work on all code in the system, including kernel code. We evaluate CARAT CAKE in comparison with paging and find that CARAT CAKE is able to achieve the functionality of paging (protection, mapping, and movement properties) with minimal overhead. In turn, CARAT CAKE allows significant new benefits for systems including energy savings, larger L1 caches, and arbitrary granularity memory management.
@inproceedings{10.1145/3503222.3507771, author = {Suchy, Brian and Ghosh, Souradip and Kersnar, Drew and Chai, Siyuan and Huang, Zhen and Nelson, Aaron and Cuevas, Michael and Bernat, Alex and Chaudhary, Gaurav and Hardavellas, Nikos and Campanoni, Simone and Dinda, Peter}, title = {CARAT CAKE: Replacing Paging via Compiler/Kernel Cooperation}, year = {2022}, isbn = {9781450392051}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3503222.3507771}, doi = {10.1145/3503222.3507771}, booktitle = {Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems}, pages = {98–114}, numpages = {17}, keywords = {virtual memory, runtime, kernel, memory management}, location = {Lausanne, Switzerland}, series = {ASPLOS 2022}, }