本期的国外计算机系介绍的是The University of Wisconsin at Madison
Research Areas & Projects 
其中和程序分析相关的
从下面两个页面能够获得丰富的内容
此外可以看看这个会议
2011 International Symposium on Software Testing and Analysis
其中的session:Analysis of Systems and Binary Code
全是The University of Wisconsin at Madison
可见其研究还是有一定影响的
================= ================= ================= =================
一个专门提供征稿信息的网站wikicfp
安全和密码学方面的内容
================= ================= ================= =================
Linux Kernel 3.0正式版发布

不解释
================= ================= ================= =================
调查称逾8% Android应用泄露用户个人资料

据国外媒体报道,安全厂商Dasient对1万款Android应用进行了研究,发现逾8%的应用向没有获得授权的计算机传输用户的个人资料。类恶意件旨在控制用户的智能手机。例如,11款应用会自动向用户通信录中的联系人发送短信。如果用户需要为短信付费,用户在不知情的情况下就可能需要支付巨额账单。

Dasient首席技术官尼尔·达斯万尼(Neil Daswani)表示,在过去2年内,恶意的Android应用增长了1倍。用户可能在访问网站时不知不觉地被安装了恶意件。

Android Market不对提交的应用进行审查是恶意Android应用泛滥的一大原因。

尽管开发者无需等待应用通过审批,但这样做的代价却要有用户来承担。由于没有采取最基本的措施确保应用不是恶意件,如果当前的趋势不发生改变,未来两年内Android Market中将充斥着大量恶意件。

除用户的个人资料外,恶意件还经常泄露手机的IMEI码(国际移动电话设备识别码)和IMSI码(国际移动用户识别码)。这些信息被泄露后,犯罪分子可以方便地复制用户的SIM卡,或将信息批量出售给非法组织。

================= ================= ================= =================

学术会议推荐

http://www.light-sec.org

一个研究轻量级密码学与安全的workshop,The main goal of this workshop is to promote and initiate novel research on the security & privacy issues for applications that can be termed as lightweight security

此外,根据一个计算机学术会议排名网站cs.conference-ranking.net给出一些参考的好会议,其中和LoCCS紧密相关的有(为什么里面有Asiacrypt没有Eurocrypt我不知道……)

ASIACRYPT: International Conference on the Theory and Application of Cryptology and Information Security

CCS: Conference on Computer and Communications Security

CRYPTO: International Crytology Conference

CSFW: IEEE Computer Security Foundations Workshop

ISSP: IEEE Symposium on Security and Privacy

ISSTA: International Symposium on Software Testing and Analysis

PLDI: SIGPLAN Conference on Programming Language Design and Implementation

有一些关系的

ASPLOS: International Conference on Architectural Support for Programming Languages and Operating Systems

CAV: Computer Aided Verification

ICALP: International Colloquium on Automata, Languages and Programming

ICCS: IAENG International Conference on Computer Science

ICCSE: International Conference of Computer Science and Engineering

ICFP: International Conference on Function Programming

ICNP: International Conference on Network Protocols

ICLP: International Conference on Logic Programming

ICSE: IAENG International Conference on Software Engineering

MOBICOM: ACM/IEEE International Conference on Mobile Computing and Networking

OSDI: Operating Systems Design and Implementation

PADS: Workshop on Parallel and Distributed Simulation

PODC: ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing

SIGCOMM: ACM SIGCOMM Conference

USITS: USENIX Symposium on Internet Technologies and Systems

WWW: World-Wide Web Conference

几乎没啥关系

AAAI: National Conference on Artificial Intelligence

ACL: Association for Computational Linguistics

ACM-EC: ACM Conference on Electronic Commerce

ATAL: Agent Theories, Architectures, and Languages

CHI: Computer Human Interaction

CPM: Combinatorial Pattern Matching

ECOOP: European Conference on Object-Oriented Programming

EDBT: International Conference on Extending Database Technology

FPGA: Symposium on Field Programmable Gate Arrays

ICCAD: International Conference on Computer Aided Design

ICCV: IEEE International Conference on Computer Vision

ICDE: International Conference on Data Engineering

ICMCS: International Conference on Multimedia Computing and Systems

ICML: International Conference on Machine Learning

KDD: Knowledge Discovery and Data Mining

SIGGRAPH: Annual Conference on Computer Graphics

SIGKDD: ACM Knowledge Discovery and Data Mining

SIGMOD: ACM SIGMOD Conference on Management of Data

VLDB: Very Large Data Bases

================= ================= ================= =================

 

据最新消息透露,著名越狱开发者Comex已经在他的GitHub页面上公布了JailbreakMe 3.0的源代码。
专门进行越狱分析的Sogeti网站随后在博客上发表了相关消息

“我们知道,本次代号为“Saffron”的越狱能够通过利用PDF漏洞来安装一个自定义的载荷系统。具体的说法是,这个漏洞能够让iOS用户通过在 Safari浏览器中打开PDF文件对设备进行越狱,其中最初的代码执行可以在Freetype Type 1字体分析器的一个漏洞当中获得,并通过内核 漏洞的后续开发来禁止代码签名,随后获得root权限从而实现越狱的安装。另外,设备重新启动后能够利用相同的内核漏洞来进行完美越狱,使用 Incomplete Codesign技术来引导内核利用。”
PS:和之前的公布一样,JailbreakMe 3.0的源代码只是为越狱开发者提供,对于非开发者并无实际意义。如果有朋友想要进一步了解这些代码,请登录http://esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit。 

 

================= ================= ================= =================
推荐一篇程序分析的文章
Detecting Algorithms using Dynamic Analysis
by Kenneth Oksanen
Helsinki Institute for Information Technology HIIT
看起来算法的自动化分析慢慢要提上研究者的议事日程了!
================= ================= ================= =================
最后是一个Security events的list(这里所说的Security events大部分都是比较practical的,不是我们常常提到的CCS、NDSS那种)