Hong Kong Chapter Status Report For 2011/2012

ORGANIZATION
 
This Project is a SIG of Professional Information Security Association (PISA).
Major infrastructer is hosting at City University of Hong Kong (CityU).
Our interested research area including: malware, botnet, client-side attack and webapp attack etc.
 
Current chapter members and their activities.
Alan Tam
Alan Lam
Daniel Luo
Peter Cheung
Roland Cheung
WS Lam
 
List changes in the structure of your chapter.
Anthony Lai (new member)
Frankie Li (new member)
 
DEPLOYMENTS
 
4+ dionaea deployed in HK SAR, collecting data for trend analyst.
5 HonEeeBox device (3 are active, 2 are pending for hosting).
 
RESEARCH AND DEVELOPMENT
 
[Daniel Luo]
1.Daniel's team are developing a tool for assessing the security of Android Apps.
The tool under development employs both static analysis and dynamic analysis to detect potential vulnerabilities in an Android Apps.
This project is a joint work with researchers in the Hong Kong Polytechnic University.
2.Daniel's team are investigating private information leakage through encrypted channel.
They developed a client side tool named HTTPOS that can change the features of incoming and outgoing traffic to prevent an attacker from inferring sensitive information from encrypted traffic.
This project is a joint work with researchers in the Hong Kong Polytechnic University and Georgia Tech.
 
[Alan Lam]
Running Kippo ssh honeypots on two vm hosts since November, 2011.
 
[Roland]
1.Deployed 1 honeebox and submit the data to HPFeeds.
2.Used Splunk to present the collected data visually.
3.Applied 2 HoneyCloud servers for honeynet tools testing platform. 
4.Use Cuckoo Sandbox for daily malware analysis tools.
 
FINDINGS
 
[Daniel]
Daniel's team identified some vulnerabilities in some popular Apps, which will lead to private information leakage.
Details could be found in: http://www4.comp.polyu.edu.hk/~appsec/
 
[Alan Lam]
Two ssh honeypots, 991 intruder keystroke logs are captured. 98 files have been downloaded by these intruders after they login the honeypots.
 
PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS
 
[Daniel]
Xiapu Luo, Peng Zhou, Edmond W.W. Chan, Wenke Lee, Rocky K.C. Chang, and Roberto Perdisci, HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows, Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2011
Xiapu Luo, Peng Zhou, Junjie Zhang, Roberto Perdisci, Wenke Lee, and Rocky K.C. Chang, Exposing Invisible Timing-based Tra ffic Watermarks with BACKLIT, Proceedings of the 27th Annual Computer Security
Applications Conference (ACSAC), Orlando, USA, December 2011.
 
[Roland]
Presentation "Security Incident Investigation" to a local university on May-2012 by using the Windows Honeypot case study.
 
GOALS
 
1.Future goal to deploy a OSSIM to collect sensor data, analyse the data and use visualization for information mining.
2.Plan to check the defined group of website (e.g. Top 100 .org.hk website returned by Google search result) in daily and submit the data to HPFeed.

MISC ACTIVITIES
N/A

MENTORING
N/A