全称是ACM Conference on Computer and Communications Security (CCS) ,是安全领域四大顶级会议之一,也是CCF A类会议。
在不同track的pc member当中,我们既看到常年在CCS会议上出现的南科大张锋巍,中科院陈恺等教授,也有新晋的安全领域国内杰出青年学者。从不同track的国内pc member数量来看,很明显国内学者在software security,network security等方面做的更好,在Blockchain and Distributed Systems等方面则需要更加强。
keynotes
高质量的安全和隐私的信息的建议;网络上的安全建议;安全的可持续性;
录用信息
CCS今年共计录用论文217篇,国内录用36篇,占比高达17%!其中中科院5篇,清华4篇,港中文3篇,南方科大3篇,国防科大2篇,复旦大学2篇,武汉大学2篇,浙江大学2篇,港科大2篇,北航1篇,上海科大1篇,中科大1篇,北理工1篇,西电1篇,山大1篇,港理工1篇,上交1篇,香港城市1篇,华中科大1篇,数学工程与先进计算国家重点实验室1篇。
国内论文:
Acquirer: A Hybrid Approach to Detecting Algorithmic Complexity Vulnerabilities
获取者:一种检测算法复杂性漏洞的混合方法
Yinxi Liu (The Chinese University of Hong Kong); Wei Meng (The Chinese University of Hong Kong)
Algorithmic Complexity (AC) Denial-of-Service attacks have been a threat for over twenty years. Attackers craft particular input vectors to trigger the worst-case logic of some code running on the server side, which leads to high resource consumption and performance degradation. In response, several vulnerability detection tools have been developed to help developers prevent such attacks. Nevertheless, these state-of-the-art tools either focus on a specific type of vulnerability or suffer from state explosion. They are either limited to a small detection scope or unable to run efficiently.
This paper aims to develop a fully automated approach to effectively and efficiently detecting AC vulnerabilities. We present the design and implementation of Acquirer, which detects AC vulnerabilities in Java programs. Acquirer first statically locates potentially vulnerable structures in the target program, then performs efficient selective path exploration to dynamically verify the existence of two different execution paths with a significant computation cost difference. The vulnerable structures it detects can also help the developers analyze and fix the corresponding vulnerabilities.
We evaluated Acquirer with two widely used benchmark datasets and compared it with four state-of-the-art tools. In the evaluation, it detected 22 known AC vulnerabilities, which substantially out performed all the existing tools together. Besides, it discovered 11 previously unknown AC vulnerabilities in popular real-world applications. Our evaluation demonstrates that Acquirer is highly effective and efficient in automatically detecting AC vulnerabilities.
算法复杂度(AC)拒绝服务攻击作为一种威胁已经存在了二十多年。攻击者制作特定的输入向量,以触发在服务器端运行的某些代码的最坏情况逻辑,从而导致高资源消耗和性能下降。作为回应,已经开发了一些漏洞检测工具来帮助开发人员防止此类攻击。然而,这些最先进的工具要么专注于特定类型的漏洞,要么遭受状态爆炸。它们要么被限制在很小的检测范围内,要么无法有效运行。
本文旨在开发一种完全自动化的方法来有效和高效地检测AC漏洞。本文介绍了一种用于检测Java程序中AC漏洞的Acquirer的设计与实现。获取方首先静态定位目标程序中的潜在脆弱结构,然后进行高效的选择路径探索,在计算成本差异较大的情况下动态验证两种不同执行路径的存在性。它检测到的漏洞结构还可以帮助开发人员分析和修复相应的漏洞。
我们使用两个广泛使用的基准数据集评估了Acquirer,并将其与四个最先进的工具进行了比较。在评估中,它检测到22个已知的AC漏洞,大大超过了所有现有工具的性能总和。此外,它还在流行的实际应用程序中发现了11个以前未知的AC漏洞。我们的评估表明,Acquirer在自动检测AC漏洞方面是非常高效的。
An Extensive Study of Residential Proxies in China
中国居民代理的广泛研究
Mingshuo Yang (Shandong University); Yunnan Yu (University at Buffalo); Xianghang Mi (University of Science and Technology of China); Shujun Tang (QI-ANXIN Technology Research Institute); Shanqing Guo (Shandong University); Yilin Li (Shandong University); Xiaofeng Zheng (Tsinghua University); Haixin Duan (Tsinghua University)
We carry out the first in-depth characterization of residential proxies (RESIPs) in China, for which little is studied in previous works. Our study is made possible through a semantic-based classifier to automatically capture RESIP services. In addition to the classifier, new techniques have also been identified to capture RESIPs without interacting with and relaying traffic through RESIP services, which can significantly lower the cost and thus allow continuous monitoring of RESIPs. Our RESIP service classifier has achieved good performance with a recall of 99.7% and a precision of 97.6% in 10-fold cross validation. Applying the classifier has identified 399 RESIP services, a much larger set compared to 38 RESIP services collected in all previous works. Our effort of RESIP capturing leads to a collection of 9,077,278 RESIP IPs (51.36% are located in China), 96.70% of which are not covered in publicly available RESIP datasets. An extensive measurement on RESIPs and their services has uncovered a set of interesting findings as well as several security implications. Especially, 80.05% RESIP IPs located in China have sourced at least one malicious traffic flows during 2021, resulting in 52-million malicious traffic flows in total. And RESIPs have also been observed in corporation networks of 559 sensitive organizations including government agencies, education institutions and enterprises. Also, 3,232,698 China RESIP IPs have opened at least one TCP/UDP port for accepting relaying requests, which incurs non-negligible security risks to the local network of RESIPs. Besides, 91% China RESIP IPs are of a lifetime fewer than 10 days while most China RESIP services show up a crest-trough pattern in terms of the daily active RESIPs across time.
我们首次深入表征了中国的住宅代理(RESIPs),这在以前的工作中研究得很少。通过基于语义的分类器自动捕获RESIP服务,我们的研究成为可能。除了分类器之外,还确定了新的技术来捕获RESIP,而无需通过RESIP服务交互和中继流量,这可以显著降低成本,从而允许对RESIP进行持续监控。我们的RESIP服务分类器在1中取得了良好的性能,召回率为99.7%,准确率为97.6%
对resip及其服务的广泛测量揭示了一系列有趣的发现以及一些安全含义。其中,80.05%的中国境内RESIP ip在2021年至少发起过一次恶意流量,恶意流量总量达到5200万次。在包括政府机构、教育机构和企业在内的559个敏感组织的公司网络中也观察到了resip。另外,3232,698个中国RESIP ip至少打开了一个TCP/UDP端口接受中继请求,这带来了不可忽视的损失。
Blacktooth: Breaking through the Defense of Bluetooth in Silence
黑牙:在静默中突破蓝牙防御
Mingrui Ai (University of Science and Technology of China); Kaiping Xue (University of Science and Technology of China); Bo Luo (University of Kansas); Lutong Chen (University of Science and Technology of China); Nenghai Yu (University of Science and Technology of China); Qibin Sun (University of Science and Technology of China); Feng Wu (University of Science and Technology of China)
Bluetooth is a short-range wireless communication technology widely used by billions of personal computing, IoT, peripheral, and wearable devices. Bluetooth devices exchange commands and data, such as keyboard/mouse inputs, audio, and files, through a secure communication channel that is established through a pairing process. Due to the sensitivity of those commands and data, security mechanisms, such as encryption, authentication, and authorization, have been developed and adopted in the standards. Nevertheless, vulnerabilities continue to be discovered.
蓝牙是一种短距离无线通信技术,被数十亿个人计算、物联网、外围设备和可穿戴设备广泛使用。蓝牙设备通过通过配对过程建立的安全通信通道交换命令和数据,例如键盘/鼠标输入、音频和文件。由于这些命令和数据的敏感性,已经开发并在标准中采用了加密、身份验证和授权等安全机制。然而,漏洞仍在不断被发现。
In the literature, few successful attacks against the Bluetooth connection establishment stage have been reported. Many attacks simply assume that connections are already established or use a compromised agent, e.g, a malicious app or a careless user, to initialize the connection. We argue that such assumptions are strong and impractical. A stealthily established connection is a critical starting point for any practical attack against Bluetooth devices. In this paper, we demonstrate that the Bluetooth Specification contains a series of vulnerabilities that will enable an attacker to impersonate a Bluetooth device and successfully establish a connection with a victim device. The entire process does not require any involvement of the device owner/user or any malicious app on the victim device. The attacker could further escalate permissions by switching Bluetooth profiles to retrieve sensitive information from the victim device and inject arbitrary commands. We name our new attack as the Blacktooth Attack. To demonstrate the effectiveness and practicality of the Blacktooth attack, we evaluate it against 21 different Bluetooth devices with diverse manufacturers and operating systems, and all major Bluetooth versions. We show that the newly proposed attack is successful on all victim devices.
在文献中,很少有针对蓝牙连接建立阶段的成功攻击报道。许多攻击只是假设连接已经建立,或者使用一个受损的代理(例如,恶意应用程序或粗心的用户)来初始化连接。我们认为,这样的假设是强有力的和不切实际的。对于任何针对蓝牙设备的实际攻击来说,秘密建立的连接都是一个关键的起点。在本文中,我们演示了蓝牙规范包含一系列漏洞,这些漏洞将使攻击者能够冒充蓝牙设备并成功地与受害设备建立连接。整个过程不需要设备所有者/用户或受害者设备上的任何恶意应用程序的参与。攻击者可以通过切换蓝牙配置文件来从受害设备检索敏感信息并注入任意命令,从而进一步升级权限。我们把这次攻击命名为黑牙攻击。为了证明Blacktooth攻击的有效性和实用性,我们对21种不同制造商和操作系统的不同蓝牙设备以及所有主要蓝牙版本进行了评估。我们显示,新提出的攻击是成功的所有受害设备。
Bolt-Dumbo Transformer: Asynchronous Consensus As Fast As the Pipelined BFT
Bolt-Dumbo变压器:异步一致性与流水线BFT一样快
Yuan Lu (Institute of Software Chinese Academy of Sciences); Zhenliang Lu (The University of Sydney); Qiang Tang (The University of Sydney)
An urgent demand of deploying BFT consensus (e.g., atomic broadcast) over the Internet is raised for implementing (permissioned) blockchain services. The deterministic synchronous protocols can be simple and fast in good network conditions, but are subject to denial-of-service (or even safety vulnerability) when synchrony assumption fails. Asynchronous protocols, on the contrary, are robust against the adversarial network, but are substantially more complicated and slower for the inherent use of randomness.
为实现(许可的)区块链服务,提出了在互联网上部署BFT共识(例如,原子广播)的迫切需求。确定性同步协议在良好的网络条件下是简单快速的,但当同步假设失败时,会受到拒绝服务(甚至安全漏洞)的影响。相反,异步协议对对抗网络是健壮的,但由于固有的随机性的使用,它实质上更加复杂和缓慢。
Facing the issues, optimistic asynchronous atomic broadcast (Kursawe-Shoup, 2002; Ramasamy-Cachin, 2005) was proposed to improve the normal-case performance of the slow asynchronous consensus. They run a deterministic fastlane if the network condition remains good, and can fall back to a fully asynchronous protocol via a pace-synchronization mechanism (analog to view-change with asynchronous securities) if the fastlane fails. Unfortunately, existing pace-synchronization directly uses a heavy tool of asynchronous multi-valued validated Byzantine agreement (MVBA). When such fallback frequently occurs in the fluctuating wide-area network setting, the benefits of adding fastlane can be eliminated.
面对问题,乐观异步原子广播(Kursawe-Shoup, 2002;Ramasamy-Cachin, 2005)的提出是为了提高慢速异步共识的正常情况下的性能。如果网络条件保持良好,它们运行确定性快速通道,如果快速通道失败,它们可以通过速度同步机制(类似于异步证券的视图更改)退回到完全异步协议。不幸的是,现有的速度同步直接使用异步多值验证拜占庭协议(MVBA)的重型工具。当这种回退在波动的广域网设置中频繁发生时,增加快速通道的好处可以消除。
We present Bolt-Dumbo Transformer (BDT), a generic framework for practical optimistic asynchronous atomic broadcast. At the core of BDT, we set forth a new fastlane abstraction that is simple and fast, while preparing honest parties to gracefully face potential fastlane failures caused by malicious leader or bad network. This enables a highly efficient pace-synchronization to handle fallback. The resulting design reduces a cumbersome MVBA to a variant of the conceptually simplest binary agreement only. Besides detailed security analyses, we also give concrete instantiations of our framework and implement them. Extensive experiments demonstrate that BDT can enjoy both the low latency of deterministic protocols (e.g., 2-chain version of HotStuff and the robustness of state-of-the-art asynchronous protocols in practice.
提出了一种实用的乐观异步原子广播通用框架——Bolt-Dumbo Transformer (BDT)。在BDT的核心,我们提出了一个简单而快速的新快速通道抽象,同时准备诚实的各方优雅地面对由恶意领导或不良网络引起的潜在快速通道故障。这使高效的速度同步能够处理回退。最终的设计将繁琐的MVBA简化为概念上最简单的二进制协议的变体。除了详细的安全性分析外,我们还给出了我们的框架的具体实例并实现了它们。大量的实验表明,BDT可以在实践中享受确定性协议(例如,HotStuff的2链版本)的低延迟和最先进的异步协议的鲁棒性。
CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation
改进英特尔CET以实现通用和高效的进程内内存隔离
Mengyao Xie (State Key Lab of Processors; Institute of Computing Technology; Chinese Academy of Sciences & University of Chinese Academy of Sciences); Chenggang Wu (State Key Lab of Processors; Institute of Computing Technology; Chinese Academy of Sciences & University of Chinese Academy of Sciences & Zhongguancun Laboratory); Yinqian Zhang (Research Institute of Trustworthy Autonomous Systems; Southern University of Science and Technology & Department of Computer Science and Engineering; Southern University of Science and Technology);
Intel control-flow enforcement technology (CET) is a new hardware feature available in recent Intel processors. It supports the coarse-grained control-flow integrity for software to defeat memory corruption attacks. In this paper, we retrofit CET, particularly the write-protected shadow pages of CET used for implementing shadow stacks, to develop a generic and efficient intra-process memory isolation mechanism, dubbed CETIS.
英特尔控制流强制技术(CET)是最新英特尔处理器中可用的新硬件特性。它支持软件的粗粒度控制流完整性,以击败内存损坏攻击。在本文中,我们改进了CET,特别是用于实现影子堆栈的CET的写保护影子页,以开发一种通用且高效的进程内内存隔离机制,称为CETIS。
To provide user-friendly interfaces, a CETIS framework was developed, which provides memory file abstraction for the isolated memory regions and a set of APIs to access said regions. CETIS also comes with a compiler-assisted tool chain for users to build secure applications easily. The practicality of using CETIS to protect CPI, CFIXX, and JIT-compilers was demonstrated, and the evaluation reveals that CETIS is performed better than state-of-the-art intra-memory isolation mechanisms, such as MPK.
为了提供用户友好的界面,开发了一个CETIS框架,该框架为孤立的内存区域提供了内存文件抽象,并提供了一组访问这些区域的api。CETIS还附带了一个编译器辅助工具链,供用户轻松构建安全的应用程序。演示了使用CETIS保护CPI、CFIXX和jit编译器的实用性,评估显示CETIS比最先进的内存隔离机制(如MPK)执行得更好。
Characterizing and Detecting Non-Consensual Photo Sharing on Social Networks
社交网络上非自愿照片分享的特征和检测
Tengfei Zheng (National University of Defense Technology); Tongqing Zhou (National University of Defense Technology); Qiang Liu (National University of Defense Technology); Kui Wu (University of Victoria); Zhiping Cai (National University of Defense Technology)
Photo capturing and sharing have become routine daily activities for social platform users. Alongside the entertainment of social interaction, we are experiencing tremendous visual violation and photo abusing. Especially, users may be unconsciously filmed and exposed online, which is termed as the non-consensual sharing issue. Unfortunately, this problem cannot be well handled with proactive access control or dedicated bystander detection, as users are unaware of their situations and may be filmed stealthily. We propose Videre on behalf of the privacy of the unaware parties in a way that they would be automatically identified and warned before such photos go public. For this, we first elaborate on the predominant features encountered in non-consensual captured photos via a thorough user study. Then we establish a dataset for this context and build a classifier as a proactive detector based on multi-deep-feature fusion. To relieve the burden of person-wise unawareness detection, we further design a signature-based filter for local pre-authorization, which can also implicitly avoid classification errors. We implement and test Videre in various field settings to demonstrate its effectiveness and performance.
拍照和分享已经成为社交平台用户的日常活动。在社交互动的娱乐之外,我们正在经历巨大的视觉侵犯和照片滥用。特别是,用户可能会无意识地拍摄和暴露在网上,这被称为非自愿分享问题。不幸的是,这个问题不能通过主动访问控制或专门的旁观者检测来很好地解决,因为用户不知道他们的情况,可能会被秘密拍摄。不幸的是,这个问题不能通过主动访问控制或专门的旁观者检测来很好地解决,因为用户不知道他们的情况,可能会被秘密拍摄。我们建议Videre代表不知情方的隐私,在此类照片公开之前,他们将被自动识别和警告。为此,我们首先通过彻底的用户研究详细阐述了在非自愿拍摄的照片中遇到的主要特征。然后,我们建立了一个数据集,并基于多深度特征融合构建了一个分类器作为主动检测器。为了减轻个人无意识检测的负担,我们进一步设计了基于签名的局部预授权过滤器,该过滤器还可以隐式地避免分类错误。我们在不同的现场环境中实施和测试Videre,以证明其有效性和性能。
Collect Responsibly But Deliver Arbitrarily? A Study on Cross-User Privacy Leakage in Mobile Apps
负责收货却随意送货?移动应用跨用户隐私泄露研究
Shuai Li (Fudan University); Zhemin Yang (Fudan University); Nan Hua (Fudan University); Peng Liu (The Pennsylvania State University); Xiaohan Zhang (Fudan University); Guangliang Yang (Fudan University); Min Yang (Fudan University)
Detecting Missing-Permission-Check Vulnerabilities in Distributed Cloud Systems
分布式云系统中缺失权限检查漏洞的检测
Jie Lu (SKLP; Institute of Computing Technology; CAS); Haofeng Li (SKLP; Institute of Computing Technology; CAS); Chen Liu (SKLP; Institute of Computing Technology; CAS); Lian Li (SKLP; Institute of Computing Technology; CAS); Kun Cheng (Huawei Technologies Co. Ltd)
Missing- Permission-Check (MPC) vulnerability is a type of bug where permission checks are not enforced for privileged operations. MPC vulnerability is prevalent and can cause severe security impacts. This paper proposes the first tool to detect MPC vulnerabilities in distributed cloud systems. We conduct an in-depth study of 95 real-world MPC vulnerabilities and our findings motivate a new tool named MPChecker. The tool introduces a combined log-static analysis to automatically identify privileged operations by inferring variables representing user owned data and critical system states, whose accesses need to be protected. We have evaluated MPChecker with 6 popular distributed systems. The tool reports 44 new vulnerabilities, and 43 of them have been confirmed and labeled as critical bugs. Moreover, 1 bug is particular dangerous and the developers requested to keep it undisclosed.
Missing- permission - check (MPC)漏洞是一种不对特权操作执行权限检查的漏洞。MPC漏洞普遍存在,并可能造成严重的安全影响。本文提出了首个用于检测分布式云系统中MPC漏洞的工具。我们对95个现实世界的MPC漏洞进行了深入研究,我们的发现激发了一个名为MPChecker的新工具。该工具引入了一个组合的日志静态分析,通过推断表示用户拥有的数据和关键系统状态的变量来自动识别特权操作,这些变量的访问需要受到保护。我们用6个流行的分布式系统对MPChecker进行了评估。该工具报告了44个新漏洞,其中43个已被确认并标记为严重漏洞。此外,有一个bug特别危险,开发人员要求对其保密。
Dumbo-NG: Fast Asynchronous BFT Consensus with Throughput-Oblivious Latency
Dumbo-NG:具有吞吐量无关延迟的快速异步BFT一致性
Yingzi Gao (Institute of Software Chinese Academy of Sciences; University of Chinese Academy of Sciences); Yuan Lu (Institute of Software Chinese Academy of Sciences); Zhenliang Lu (The University of Sydney);
Despite recent progresses of practical asynchronous Byzantine-fault tolerant (BFT) consensus, the state-of-the-art designs still suffer from suboptimal performance.
尽管近年来在异步拜占庭容错(BFT)共识方面取得了进展,但最先进的设计仍然存在性能欠佳的问题。
Particularly, to obtain maximum throughput, most existing protocols \rev with guaranteed linear amortized communication complexity require each participating node to broadcast a huge batch of transactions, which dramatically sacrifices latency. Worse still, the ƒ slowest nodes' broadcasts might never be agreed to output and thus can be censored (where ƒ is the number of faults). Implementable mitigation to the threat either uses computationally costly threshold encryption or incurs communication blow-up by letting the honest nodes to broadcast redundant transactions, thus causing further efficiency issues.
特别是,为了获得最大的吞吐量,大多数具有保证线性平摊通信复杂性的现有协议要求每个参与节点广播大量事务,这极大地牺牲了延迟。更糟糕的是,最慢的节点的广播可能永远不会被同意输出,因此可以被审查(其中,f是错误的数量)。对威胁的可实现缓解要么使用计算成本高昂的阈值加密,要么通过让诚实节点广播冗余事务来引发通信爆炸,从而导致进一步的效率问题。
We present Dumbo NG, a novel asynchronous BFT consensus (atomic broadcast) to solve the remaining practical issues. Its technical core is a non-trivial direct reduction from asynchronous atomic broadcast to multi-valued validated Byzantine agreement (MVBA) with quality property (which ensures the MVBA output is from honest nodes with 1/2 probability). Most interestingly, the new protocol structure empowers concurrent execution of transaction dissemination and asynchronous agreement. This brings about two benefits: (i) the throughput-latency tension is resolved to approach peak throughput with minimal increase in latency; (ii) the transactions broadcasted by any honest node can be agreed to output, thus conquering the censorship threat with no extra cost.
我们提出了一种新的异步BFT共识(原子广播)Dumbo NG来解决剩下的实际问题。其技术核心是将异步原子广播直接简化为具有质量属性的多值验证拜占庭协议(MVBA)(确保MVBA输出以1/2的概率来自诚实节点)。最有趣的是,新的协议结构支持并发执行事务分发和异步协议。这带来了两个好处:(i)吞吐量-延迟张力被解决,以最小的延迟增加接近峰值吞吐量;(ii)任何诚实节点广播的交易都可以被同意输出,从而在没有额外成本的情况下克服审查威胁。
We implement Dumbo-NG with using the current fastest GLL+22 MVBA with quality (NDSS'22) and compare it to the state-of-the-art asynchronous BFT with guaranteed censorship resilience including Dumbo (CCS'20) and Speeding-Dumbo (NDSS'22). Along the way, we apply the techniques from Speeding-Dumbo to DispersedLedger (NSDI'22) and obtain an improved variant of DispersedLedger called Dumbo-DLfor a comprehensive comparison. Extensive experiments (over up to 64 AWS EC2 nodes across 16 AWS regions) reveal: Dumbo-NG realizes a peak throughput 4-8x over Dumbo, 2-4x over Speeding-Dumbo, and 2-3x over sDumbo-DL for varying scales; More importantly, Dumbo-NG's latency, which is lowest among all tested protocols, can almost remain stable when throughput grows.
我们使用当前最快的高质量GLL+22 MVBA (NDSS'22)实现Dumbo- ng,并将其与具有保证审查弹性的最先进的异步BFT(包括Dumbo (CCS'20)和speed -Dumbo (NDSS'22))进行比较。在此过程中,我们将speed - dumbo技术应用到DispersedLedger (NSDI'22)中,并获得了一个名为dumbo - dldispersedledger的改进版本,用于全面比较。广泛的实验(横跨16个AWS区域的多达64个AWS EC2节点)表明:在不同规模下,Dumbo- ng的峰值吞吐量比Dumbo高4-8倍,比speed -Dumbo高2-4倍,比sDumbo-DL高2-3倍;更重要的是,Dumbo-NG的延迟是所有测试协议中最低的,当吞吐量增加时几乎可以保持稳定。
ENGRAFT: Enclave-guarded Raft on Byzantine Faulty Nodes
移植:拜占庭故障节点上的飞地守卫筏
Weili Wang (Southern University of Science and Technology); Sen Deng (Southern University of Science and Technology); Jianyu Niu (Southern University of Science and Technology);
This paper presents the first critical analysis of building highly secure, performant, and confidential Byzantine fault-tolerant (BFT) consensus by integrating off-the-shelf crash fault-tolerant (CFT) protocols with trusted execution environments (TEEs). TEEs, like Intel SGX, are CPU extensions that offer applications a secure execution environment with strong integrity and confidentiality guarantees, by leveraging techniques like hardware-assisted isolation, memory encryption, and remote attestation. It has been speculated that when implementing a CFT protocol inside Intel SGX, one would achieve security properties similar to BFT. However, we show in this work that simply combining CFT with SGX does not directly yield a secure BFT protocol, given the wide range of attack vectors on SGX. We systematically study the fallacies in such a strawman design by performing model checking, and propose solutions to enforce safety and liveness. We also present ENGRAFT, a secure enclave-guarded Raft implementation that, firstly, achieves consensus on a cluster of 2f+1 machines tolerating up to f nodes exhibiting Byzantine-fault behavior (but well-behaved enclaves); secondly, offers a new abstraction of confidential consensus for privacy-preserving state machine replication; and finally, allows the reuse of a production-quality Raft implementation, BRaft, in the development of a highly performant BFT system.
本文提出了通过集成现有的崩溃容错(CFT)协议与可信执行环境(tee)来构建高度安全、高性能和机密的拜占庭容错(BFT)共识的第一个关键分析。tee与Intel SGX一样,是一种CPU扩展,通过利用硬件辅助隔离、内存加密和远程认证等技术,为应用程序提供具有强大完整性和机密性保证的安全执行环境。据推测,当在Intel SGX内部实现CFT协议时,将实现类似于BFT的安全属性。然而,我们在这项工作中表明,简单地将CFT与SGX结合并不能直接产生安全的BFT协议,因为SGX上的攻击向量范围很广。我们通过执行模型检查系统地研究了这种稻草人设计中的谬误,并提出了提高安全性和活动性的解决方案。我们还介绍了ENGRAFT,一个安全的飞地保护Raft实现,首先,在2f+1台机器的集群上达成共识,最多可容忍f个节点表现出拜占庭故障行为(但行为良好的飞地);其次,为保护隐私的状态机复制提供了一种新的保密共识抽象;最后,允许在高性能BFT系统的开发中重用生产质量的Raft实现BRaft。
EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices
EchoHand:商品移动设备上的高精度和抗攻击手部认证
Cong Wu (Wuhan University); Jing Chen (Wuhan University); Kun He (Wuhan University); Ziming Zhao (University at Buffalo); Ruiying Du (Wuhan University); Chen Zhang (Wuhan University)
Biometric authentication schemes, i.e., fingerprint and face authentication, raise serious privacy concerns. To alleviate such concerns, hand authentication has been proposed recently. However, existing hand authentication schemes use dedicated hardware, such as infrared or depth cameras, which are not available on commodity mobile devices. In this paper, we present EchoHand, a high accuracy and presentation attack resistant authentication scheme that complements camera-based 2-dimensional hand geometry recognition of one hand with active acoustic sensing of the other holding hand. EchoHand plays an inaudible acoustic signal using the speaker to actively sense the holding hand and collects the echoes using the microphone. EchoHand does not rely on any specialized hardware but uses the built-in speaker, microphone and camera. Moreover, EchoHand does not place more burdens on users than existing hand authentication methods. We conduct comprehensive experiments to evaluate the reliability and security of EchoHand. The results show that EchoHand has a low equal error rate of 2.45% with as few as 10 training data points and it defeats presentation attacks.
生物特征认证方案,即指纹和面部认证,会引起严重的隐私问题。为了减轻这种担忧,最近提出了手工认证。然而,现有的手部认证方案使用专用硬件,如红外或深度相机,这在商用移动设备上是不可用的。在本文中,我们提出了EchoHand,这是一种高精度和抗呈现攻击的认证方案,它将基于相机的二维手部几何识别与另一只手的主动声学感知相结合。
EchoHand使用扬声器主动感知牵手,并使用麦克风收集回声,从而发出听不见的声音信号。EchoHand不依赖任何专门的硬件,而是使用内置的扬声器、麦克风和摄像头。此外,EchoHand不会给用户带来比现有的手部认证方法更多的负担。我们进行了全面的实验来评估EchoHand的可靠性和安全性。结果表明,EchoHand在10个训练数据点的情况下,具有2.45%的等错误率,并且能够有效地挫败呈现攻击。
Evocatio: Conjuring Bug Capabilities from a Single PoC
召唤:从单个PoC召唤Bug能力
Zhiyuan Jiang (National University of Defense Technology); Shuitao Gan (SKL-MEAC; Tsinghua University);
The popularity of coverage-guided greybox fuzzers has led to a tsunami of security-critical bugs that developers must prioritize and fix. Knowing the capabilities a bug exposes (e.g., type of vulnerability, number of bytes read/written) enables prioritization of bug fixes. Unfortunately, understanding a bug's capabilities is a time consuming process, requiring (a) an understanding of the bug's root cause, (b) an understanding how an attacker may exploit the bug, and (c) the development of a patch mitigating these threats. This is a mostly-manual process that is qualitative and arbitrary, potentially leading to a misunderstanding of the bug's capabilities.
覆盖引导的灰盒模糊器的流行导致了安全关键漏洞的海啸,开发人员必须优先考虑并修复这些漏洞。知道一个bug暴露的能力(例如,漏洞的类型,读/写的字节数)可以确定bug修复的优先级。不幸的是,了解漏洞的功能是一个耗时的过程,需要(a)了解漏洞的根本原因,(b)了解攻击者如何利用漏洞,以及(c)开发减轻这些威胁的补丁。这是一个主要是手工的过程,它是定性的和任意的,可能导致对bug功能的误解。
Evocatio automatically discovers a bug's capabilities. Evocatio analyzes a crashing test case (i.e., an input exposing a bug) to understand the full extent of how an attacker can exploit a bug. Evocatio leverages a capability-guided fuzzer to efficiently uncover new bug capabilities (rather than only generating a single crashing test case for a given bug, as a traditional greybox fuzzer does).
Evocatio自动发现bug的功能。Evocatio分析一个崩溃的测试用例(例如,一个暴露bug的输入),以了解攻击者如何利用bug的全部程度。Evocatio利用功能引导的模糊器来有效地发现新的bug功能(而不是像传统的灰盒模糊器那样,只为给定的bug生成单个崩溃测试用例)。
We evaluate Evocatio on 38 bugs (34 CVEs and four bug reports) across eight open-source applications. From these bugs, Evocatio: (i) discovered 10× more capabilities (that is, the number of unique capabilities induced by a set of crashes was 10× higher) than AFL++'s crash exploration mode; (ii) converted 19 of the 38 bugs to new bug types (demonstrating the limitations of manual qualitative analysis); and (iii) generated new proof-of-concept (PoC) test cases violating patches for 7 out of 16 tested CVEs, one of which still triggers in the latest version of the software.
我们评估了Evocatio在8个开源应用程序中的38个bug(34个cve和4个bug报告)。从这些漏洞中,Evocatio:(i)发现了比afl++的崩溃探索模式多10倍的功能(即,由一组崩溃引起的独特功能的数量是10倍);(ii)将38个bug中的19个转换为新的bug类型(说明人工定性分析的局限性);(iii)生成了新的概念验证(PoC)测试用例,违反了16个测试cve中的7个的补丁,其中一个在软件的最新版本中仍然触发。
| FenceSitter: Black-box, Content-Agnostic, and Synchronization-Free Enrollment-Phase Attacks on Speaker Recognition Systems | Jiangyi Deng (Zhejiang University); Yanjiao Chen (Zhejiang University); Wenyuan Xu (Zhejiang University) |
| Frequency Estimation in the Shuffle Model with Almost a Single Message | Qiyao Luo (Hong Kong University of Science and Technology); Yilei Wang (Alibaba Group); Ke YI (Hong Kong University of Science and Technology) |
| Gringotts: Fast and Accurate Internal Denial-of-Wallet Detection for Serverless Computing | Junxian Shen (Tsinghua University & Zhongguancun Laboratory); Han Zhang (Tsinghua University & Zhongguancun Laboratory); Yantao Geng (Tsinghua University & Zhongguancun Laboratory); Jiawei Li (Tsinghua University); Jilong Wang (Tsinghua University & Peng Cheng Laboratory); Mingwei Xu (Tsinghua University & Peng Cheng Laboratory) |
| Harnessing Perceptual Adversarial Patches for Crowd Counting | Shunchang Liu (Beihang University); Jiakai Wang (Zhongguancun Laboratory); Aishan Liu (Beihang University); Yingwei Li (Johns Hopkins University); Yijie Gao (Beihang University); Xianglong Liu (Beihang University); Dacheng Tao (JD Explore Academy & The University of Sydney) |
| Matproofs: Maintainable Matrix Commitment with Efficient Aggregation | Jing Liu (ShanghaiTech University); Liang Feng Zhang (ShanghaiTech University) |
| NFGen: Automatic Non-linear Function Evaluation Code Generator for General-purpose MPC Platforms | Xiaoyu Fan (Tsinghua University); Kun Chen (Tsingjiao Information Technology Co. Ltd.); Guosai Wang (Tsingjiao Information Technology Co. Ltd.); Mingchun Zhuang (Beijing University of Posts and Telecommunications); Yi Li (Tsingjiao Information Technology Co. Ltd.); Wei Xu (Tsinghua University) |
| Narrator: Secure and Practical State Continuity for Trusted Execution in the Cloud | Jianyu Niu (Southern University of Science and Technology); Wei Peng (Southern University of Science and Technology); Xiaokuan Zhang (George Mason University); Yinqian Zhang (Southern University of Science and Technology) |
| Order-Disorder: Imitation Adversarial Attacks for Black-box Neural Ranking Models | Jiawei Liu (Wuhan University); Yangyang Kang (Alibaba Group); Di Tang (Indiana University Bloomington); Kaisong Song (Northeastern University & Alibaba Group); Changlong Sun (Alibaba Group); Xiaofeng Wang (Indiana University Bloomington); Wei Lu (Wuhan University); Xiaozhong Liu (Worcester Polytechnic Institute) |
| P-Verifier: Understanding and Mitigating Security Risks in Cloud-based IoT Access Policies | Ze Jin (Institute of Information Engineering; Chinese Academy of Sciences & School of Cyber Security; University of Chinese Academy of Sciences & Indiana University Bloomington); Luyi Xing (Indiana University Bloomington); Yiwei Fang (Institute of Information Engineering; Chinese Academy of Sciences & School of Cyber Security; University of Chinese Academy of Sciences & Indiana University Bloomington); Yan Jia (Nankai University); Bin Yuan (HuaZhong University of Science and Technology); Qixu Liu (Institute of Information Engineering; Chinese Academy of Sciences & School of Cyber Security; University of Chinese Academy of Sciences) |
| PACE: Fully Parallelizable BFT from Reproposable Byzantine Agreement | Haibin Zhang (Beijing Institute of Technology); Sisi Duan (Tsinghua University) |
| PACMem: Enforcing Spatial and Temporal Memory Safety via ARM Pointer Authentication | Yuan Li (Tsinghua University); Wende Tan (Tsinghua University); Zhizheng Lv (Tsinghua University); Songtao Yang (Tsinghua University); Mathias Payer (EPFL); Ying Liu (Tsinghua University; Zhongguancun Lab); Chao Zhang (Tsinghua University; Zhongguancun Lab; BNRist) |
| Practical Volume-Hiding Encrypted Multi-Maps with Optimal Overhead and Beyond | Jianfeng Wang (Xidian University); Shi-Feng Sun (Shanghai Jiao Tong University); Tianci Li (Xidian University); Saiyu Qi (Xi’an Jiao Tong University); Xiaofeng Chen (Xidian University) |
| SFuzz: Slice-based Fuzzing for Real-Time Operating Systems | Libo Chen (Shandong University); Quanpu Cai (Shanghai Jiao Tong University); Zhenbang Ma (QI-ANXIN Technology Research Institute); Yanhao Wang (QI-ANXIN Technology Research Institute); Hong Hu (Pennsylvania State University); Minghang Shen (Tencent Security Xuanwu Lab); Yue Liu (QI-ANXIN Technology Research Institute); Shanqing Guo (Shandong University); Haixin Duan (Tsinghua University); Kaida Jiang (Shanghai Jiao Tong University); Zhi Xue (Shanghai Jiao Tong University) |
| SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders | Tianshuo Cong (Institute for Advanced Study; BNRist; Tsinghua University); Xinlei He (CISPA Helmholtz Center for Information Security); Yang Zhang (CISPA Helmholtz Center for Information Security) |
| Shifted Inverse: A General Mechanism for Monotonic Functions under User Differential Privacy | Juanru Fang (Hong Kong University of Science and Technology); Wei Dong (Hong Kong University of Science and Technology); Ke Yi (Hong Kong University of Science and Technology) |
| StrongBox: A GPU TEE on Arm Endpoints | Yunjie Deng (Southern University of Science and Technology); Chenxu Wang (Southern University of Science and Technology; The Hong Kong Polytechnic University); Shunchang Yu (Southern University of Science and Technology); Shiqing Liu (Southern University of Science and Technology); Zhenyu Ning (Hunan University; Southern University of Science and Technology); Kevin Leach (Vanderbilt University); Jin Li (Guangzhou University); Shoumeng Yan (Ant Group); Zhengyu He (Ant Group); Jiannong Cao (The Hong Kong Polytechnic University); Fengwei Zhang (Southern University of Science and Technology) |
| TChecker: Precise Static Inter-Procedural Analysis for Detecting Taint-Style Vulnerabilities in PHP Applications | Changhua Luo (The Chinese University of Hong Kong); Penghui Li (The Chinese University of Hong Kong); Wei Meng (The Chinese University of Hong Kong) |
| Uncovering Intent based Leak of Sensitive Data in Android Framework | Hao Zhou (The Hong Kong Polytechnic University); Xiapu Luo (The Hong Kong Polytechnic University); Haoyu Wang (Huazhong University of Science and Technology); Haipeng Cai (Washington State University; Pullman) |
| VOProof: Efficient zkSNARKs Generation for Algebra Dummies | Yuncong Zhang (Shanghai Jiao Tong University); Alan Szepeniec (Nervos); Ren Zhang (Cryptape Co. Ltd. and Nervos); Shi-Feng Sun (Shanghai Jiao Tong University); Geng Wang (Shanghai Jiao Tong University); Dawu Gu (Shanghai Jiao Tong University) |
| Vizard: A Metadata-hiding Data Analytic System with End-to-End Policy Controls | Chengjun Cai (City University of Hong Kong Dongguan Research Institute); Yichen Zang (City University of Hong Kong); Cong Wang (City University of Hong Kong); Xiaohua Jia (City University of Hong Kong); Qian Wang (Wuhan University) |
| Watch Out for Race Condition Attacks When Using Android External Storage | Shaoyong Du (State Key Laboratory of Mathematical Engineering and Advanced Computing); Xin Liu (State Key Laboratory of Mathematical Engineering and Advanced Computing); Guoqing Lai (State Key Laboratory of Mathematical Engineering and Advanced Computing); Xiangyang Luo (State Key Laboratory of Mathematical Engineering and Advanced Computing) |
| What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation | Wei Zhou (Huazhong University of Science&University of Chinese Academy of Sciences and Technology); Lan Zhang (College of Information Sciences and Technology; The Pennsylvania State University); Le Guan (School of Computing; University of Georgia); Peng Liu (College of Information Sciences and Technology; The Pennsylvania State University); Yuqing Zhang (National Computer Network Intrusion Protection Center; University of Chinese Academy of Sciences) |
| ``Is your explanation stable?': A Robustness Evaluation Framework for Feature Attribution | Yuyou Gan (Zhejiang University); Yuhao Mao (Zhejiang University); Xuhong Zhang (Zhejiang University); Shouling Ji (Zhejiang University); Yuwen Pu (Zhejiang University); Meng Han (Zhejiang University); Jianwei Yin (Zhejiang University); Ting Wang (The Pennsylvania State University) |
| pMPL: A Robust Multi-Party Learning Framework with a Privileged Party | Lushan Song (Fudan University); Jiaxuan Wang (Fudan University); Zhexuan Wang (Fudan University); Xinyu Tu (Fudan University); Guopeng Lin (Fudan University); Wenqiang Ruan (Fudan University); Haoqi Wu (Fudan University); Weili Han (Fudan University) |
国外论文:
Updatable Public Key Encryption from DCR: Efficient Constructions With Stronger Security
- Calvin Abou Haidar
- Benoit Libert
- Alain Passelègue
Forward-secure encryption (FS-PKE) is a key-evolving public-key paradigm that preserves the confidentiality of past encryptions in case of key exposure. Updatable public-key encryption (UPKE) is a natural relaxation of FS-PKE, introduced by Jost et al. (Eurocrypt'19), which is motivated by applications to secure messaging. In UPKE, key updates can be triggered by any sender -- via special update ciphertexts -- willing to enforce the forward secrecy of its encrypted messages.
前向安全加密(FS-PKE)是一种密钥演进的公钥范式,在密钥暴露的情况下保留了过去加密的机密性。可更新公钥加密(UPKE)是FS-PKE的自然放松,由Jost等人(Eurocrypt'19)引入,其动机是应用程序保护消息传递。在UPKE中,密钥更新可以由任何发送方触发——通过特殊的更新密文——愿意强制其加密消息的前向保密。
So far, the only truly efficient UPKE candidates (which rely on the random oracle idealization) only provide rather weak security guarantees against passive adversaries as they are malleable. Also, they offer no protection against malicious senders willing to hinder the decryption capability of honest users. A recent work of Dodis et al. (TCC'21) described UPKE systems in the standard model that also hedge against maliciously generated update messages in the chosen-ciphertext setting (where adversaries are equipped with a decryption oracle). While important feasibility results, their constructions lag behind random-oracle candidates in terms of efficiency.
到目前为止,唯一真正有效的UPKE候选(依赖于随机oracle理想化)只能提供相当弱的安全保证,以对抗被动对手,因为它们是可塑的。此外,它们不能提供保护,防止恶意发送者阻碍诚实用户的解密能力。Dodis等人最近的一项工作(TCC'21)描述了标准模型中的UPKE系统,该系统还可以在选择的密文设置(攻击者配备解密oracle)中对冲恶意生成的更新消息。虽然有重要的可行性结果,但它们的结构在效率方面落后于随机预言候选。
In this paper, we first provide a drastically more efficient UPKE realization in the standard model using Paillier's Composite Residuosity (DCR) assumption. In the random oracle model, we then extend our initial scheme so as to achieve chosen-ciphertext security, even in a model that accounts for maliciously generated update ciphertexts. Under the DCR and Strong RSA assumptions, we thus obtain the first practical UPKE systems that satisfy the strongest security notions put forth by Dodis et al.
在本文中,我们首先使用Paillier的复合残差(DCR)假设,在标准模型中提供了一个更有效的UPKE实现。在随机oracle模型中,我们扩展了我们的初始方案,以便在考虑恶意生成的更新密文的模型中实现选择密文的安全性。在DCR和强RSA假设下,我们得到了第一个满足Dodis等人提出的最强安全概念的实用UPKE系统。
Helping or Hindering?: How Browser Extensions Undermine Security
- Shubham Agarwal
Browser extensions enhance the functionality of native Web applications on the client side. They provide a rich end-user experience by utilizing feature-rich JavaScript APIs, otherwise inaccessible for native applications. However, prior studies suggest that extensions may degrade the client-side security to execute their operations, such as by altering the DOM, executing untrusted scripts in the applications' context, and performing other security-critical operations for the user.
浏览器扩展增强了客户端本地Web应用程序的功能。它们通过利用功能丰富的JavaScript api提供丰富的终端用户体验,否则原生应用程序无法访问。然而,先前的研究表明,扩展可能会降低执行其操作的客户端安全性,例如通过更改DOM、在应用程序上下文中执行不受信任的脚本以及为用户执行其他安全关键操作。
In this study, we instead focus on extensions that tamper with the security headers between the client-server exchange, thereby undermining the security guarantees that these headers provide to the application. To this end, we present our automated analysis framework to detect such extensions by leveraging static and dynamic analysis techniques. We statically identify extensions with the permission to modify headers and then instrument the dangerous APIs to investigate their runtime behavior with respect to modifying headers in-flight.
在本研究中,我们转而关注那些篡改客户端-服务器交换之间的安全标头的扩展,从而破坏了这些标头为应用程序提供的安全保证。为此,我们提出了自动化分析框架,通过利用静态和动态分析技术来检测此类扩展。我们静态地识别具有修改头文件权限的扩展,然后检测危险的api,以调查它们在运行时修改头文件的行为。
We then use our framework to analyze the three snapshots of the Chrome extension store from Jun 2020, Feb 2021, and Jan 2022. In doing so, we detect 1,129 distinct extensions that interfere with security-related request/response headers and discuss the associated security implications. The impact of our findings is aggravated by the extensions, with millions of installations dropping critical security headers like Content-Security-Policy or X-Frame-Options.
然后,我们使用我们的框架来分析2020年6月,2021年2月和2022年1月Chrome扩展商店的三个快照。在此过程中,我们检测了1129个不同的扩展,这些扩展干扰了与安全相关的请求/响应头,并讨论了相关的安全含义。我们的发现的影响被扩展所加剧,数以百万计的安装丢失了关键的安全头,如Content-Security-Policy或X-Frame-Options。
Server-Aided Continuous Group Key Agreement
- Joël Alwen
- Dominik Hartmann
- Eike Kiltz
- Marta Mularczyk
Continuous Group Key Agreement (CGKA) -- or Group Ratcheting -- lies at the heart of a new generation of scalable End-to-End secure (E2E) cryptographic multi-party applications. One of the most important (and first deployed) CGKAs is ITK which underpins the IETF's upcoming Messaging Layer Security E2E secure group messaging standard.To scale beyond the group sizes possible with earlier E2E protocols, a central focus of CGKA protocol design is to minimize bandwidth requirements (i.e. communication complexity).
连续组密钥协议(CGKA)—或组棘轮—是新一代可扩展的端到端安全(E2E)加密多方应用程序的核心。最重要的(也是最先部署的)cgka之一是ITK,它支持IETF即将推出的消息传递层安全E2E安全组消息传递标准。为了超越早期端到端加密协议可能的组大小,CGKA协议设计的中心焦点是最小化带宽需求(即通信复杂性)。
In this work, we advance both the theory and design of CGKA culminating in an extremely bandwidth efficient CGKA. To that end, we first generalize the standard CGKA communication model by introducing server-aided CGKA (saCGKA) which generalizes CGKA and more accurately models how most E2E protocols are deployed in the wild. Next, we introduce the SAIK protocol; a modification of ITK, designed for real-world use, that leverages the new capabilities available to an saCGKA to greatly reduce its communication (and computational) complexity in practical concrete terms.
在这项工作中,我们提出了CGKA的理论和设计,最终实现了一个带宽效率极高的CGKA。为此,我们首先通过引入服务器辅助CGKA (saCGKA)来概括标准CGKA通信模型,saCGKA概括了CGKA,并更准确地建模了大多数端到端加密协议在野外的部署方式。接下来,我们介绍了SAIK协议;ITK的修改,专为实际使用而设计,它利用saCGKA可用的新功能,以实际的具体术语大大降低其通信(和计算)复杂性。
Further, we introduce an intuitive, yet precise, security model for saCGKA. It improves upon existing security models for CGKA in several ways. It more directly captures the intuitive security goals of CGKA. Yet, formally it also relaxes certain requirements allowing us to take advantage of the saCGKA communication model.
此外,我们还为saCGKA引入了一个直观而精确的安全模型。它在几个方面改进了CGKA的现有安全模型。它更直接地捕获了CGKA直观的安全目标。然而,形式上它也放宽了某些要求,允许我们利用saCGKA通信模型。
Finally, it is significantly simpler making it more tractable to work with and easier to build intuition for. As a result, the security proof of SAIK is also simpler and more modular. Finally, we provide empirical data comparing the (at times, quite dramatically improved) complexity profile of SAIK to state-of-the art CGKAs. For example, in a newly created group with 10K members, to change the group state (e.g. add/remove parties) ITK requires each group member download 1.38MB. However, with SAIK, members download no more than 2.7KB.
最后,它明显更简单,使其更易于处理,并且更容易构建直觉。因此,SAIK的安全证明也更简单,更模块化。最后,我们提供了经验数据,比较了SAIK与最先进的cgka的复杂性概况(有时,相当显著地改进了)。例如,在一个新创建的有10K成员的群组中,要更改群组状态(例如添加/删除各方)ITK需要每个群组成员下载1.38MB。然而,使用SAIK,会员下载不超过2.7KB。
其余的论文请见下面的第一个参考链接。
参考链接:
论文来自lACM CCS 2022 (sigsac.org)CCS'22 | Nov 7-11,信息安全领域顶级会议,国内录用约35篇,占比17%!中科院5篇领跑! - 知乎 (zhihu.com)
扫一扫
1776
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
