From October 14th to 18th, during the 31st ACM Conference on Computer and Communications Security (ACM CCS), the State Key Laboratory of Blockchain and Data Security at Zhejiang University was awarded two ACM CCS 2024 Distinguished Paper Awards. The winning research works include Cross-silo Federated Learning with Record-level Personalized Differential Privacy by Dr. Jinfei Liu's team and FuzzCache: Optimizing Web Application Fuzzing Through Software-Based Data Cache by Dr. Mingxue Zhang's team. These awards highlight new breakthroughs in cutting-edge research in data security and cybersecurity by the laboratory.
Paper Introduction: Cross-silo Federated Learning with Record-level Personalized Differential Privacy
This research achievement was completed in collaboration with the National Key Laboratory of Blockchain and Data Security, Renmin University of China, and Emory University.
Federated learning empowered by differential privacy has become a popular machine learning framework that reduces client privacy issues while achieving effective predictive capabilities using distributed data. Existing solutions often assume all records have the same privacy budget and provide uniform solutions but cannot meet personalized privacy requirements for each record. Compared to traditional differential privacy and client-level differential privacy, implementing record-level differential privacy in federated learning presents the following challenges:
Current privacy accounting theories based on Renyi Difference Privacy (RDP) do not meet the needs of analyzing cumulative privacy costs per record in federated learning applications.
Providing explicit closed-form solutions for optimal sampling probabilities for each record is challenging due to the highly nonlinear and poorly interpretable nature of RDP-based privacy accounting.
To address these challenges, this paper proposes a federated learning framework with record-level differential privacy based on a two-phase hybrid sampling method. This framework adapts to different privacy requirements through a two-phase sampling process at both the client and record levels. Additionally, a Simulated Curve Fitting (SCF) strategy is designed to determine the sampling probabilities for all records given personalized privacy budgets. By simulating with different sampling probabilities, the paper identifies a mathematical function that elucidates the relationship between each record's sampling probability and its cumulative privacy cost. The findings enhance model utility under record-level privacy protection and lay the groundwork for future in-depth studies on federated learning with personalized privacy protections.
Paper Introduction: FuzzCache: Optimizing Web Application Fuzzing Through Software-Based Data Cache
This research achievement was completed in cooperation with the Zhongguancun Laboratory.
Fuzzing is a critical technique for detecting vulnerabilities in server-side web applications. Preliminary research found that acquiring data from databases and networks accounts for a significant portion of web application runtime overhead, with identical data frequently being read repeatedly during fuzzing. Therefore, this work designed a novel solution called FuzzCache, which introduces a software-based data caching mechanism that stores data from database and network requests into a cache, avoiding repeated and expensive data reads. This software cache, implemented via inter-process shared memory segments, ensures consistency of cached data across multiple tests. Moreover, FuzzCache applies Just-In-Time compilation techniques to fuzzing, further enhancing execution efficiency by avoiding the real-time interpretation overhead of hot code. FuzzCache was integrated into black-box fuzzing (Black-Widow) and grey-box fuzzing (WebFuzz) tools. Experimental results show that FuzzCache significantly boosts the fuzzing performance of web applications, increasing throughput by 3-4 times and average code coverage by 25%. By accelerating test case execution, FuzzCache discovers more vulnerabilities within the same timeframe, providing new insights into optimizing web application testing technologies.
Conference Overview
ACM CCS, along with IEEE S&P, USENIX Security, and NDSS, is considered one of the four top academic conferences in the field of network and information security and is recommended as an A-category conference by the China Computer Federation (CCF). These conferences represent the highest academic standards in the field and serve as important platforms for global researchers to exchange the latest research findings. Papers accepted reflect the most advanced international research achievements in cybersecurity.
Established in November 2022 with approval from the Ministry of Science and Technology, the National Key Laboratory of Blockchain and Data Security, based at Zhejiang University, focuses on international scientific frontiers in blockchain and data security. It aims to achieve high-level self-reliance in science and technology and build a world-class strategic scientific force. The lab conducts systematic and innovative technological research around the integration of industry, academia, and research. Research directions mainly include blockchain technology and platforms, blockchain supervision and monitoring, smart contracts and distributed software, data element security and privacy computing, AI data security and cognitive confrontation, AI-native data processing systems, network data governance, intelligent connected vehicle data security, trusted data storage, and computing technology.