🦥 About Me
Hi, I am Bonan Ruan (阮博男). Currently, I am a Ph.D. student (advised by Prof. Zhenkai Liang) in CURIOSITY group at NUS. I received my Master of Computing degree from NUS, and B.E. degree in Information Security (advised by Prof. Zhijun Ding) at the Tongji University.
My research interest lies in the interactions of system security, program analysis, and AI for security. Currently I focus on vulnerability-related topics.
🌋 Publications
[ASE 2024] VulZoo: A Comprehensive Vulnerability Intelligence Dataset
Bonan Ruan, Jiahao Liu, Weibo Zhao, Zhenkai Liang
In the 39th IEEE/ACM International Conference on Automated Software Engineering, Tool Demonstrations
Abstract | Paper | Code | Slides
Software vulnerabilities pose critical security and risk concerns. Many techniques are proposed to assess and prioritize vulnerabilities. To evaluate their performance, researchers often craft datasets from limited data sources, lacking a global overview of broad vulnerability intelligence. The repetitive data preparation process complicates the evaluation of new solutions. To solve this issue, we propose VulZoo, a comprehensive vulnerability intelligence dataset that covers 17 vulnerability data sources. We also construct connections among these sources, enabling more straightforward configuration and adaptation for different tasks. VulZoo provides utility scripts for automatic data synchronization and cleaning, relationship mining, and statistics generation. We make VulZoo publicly available and maintain it with incremental updates. We believe that VulZoo serves as a valuable input to vulnerability assessment and prioritization studies. The video is at https://youtu.be/EvoxQmUAHtw. The dataset is at https://github.com/NUS-Curiosity/VulZoo.
[RAID 2024] KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities
Bonan Ruan, Jiahao Liu, Chuqi Zhang, Zhenkai Liang
In the 27th International Symposium on Research in Attacks, Intrusions and Defenses
🏆 Best Practical Paper Award (1/43)
Abstract | Paper | Code | Slides | News
Linux kernel vulnerability reproduction is a critical task in system security. To reproduce a kernel vulnerability, the vulnerable environment and the Proof of Concept (PoC) program are needed. Most existing research focuses on the generation of PoC, while the construction of environment is overlooked. However, establishing an effective vulnerable environment to trigger a vulnerability is challenging. Firstly, it is hard to guarantee that the selected kernel version for reproduction is vulnerable, as the vulnerability version claims in online databases can occasionally be incorrect. Secondly, many vulnerabilities cannot be reproduced in kernels built with default configurations. Intricate non-default kernel configurations must be set to include and trigger a kernel vulnerability, but less information is available on how to recognize these configurations.
To solve these challenges, we propose a patch-based approach to identify real vulnerable kernel versions and a graph-based approach to identify necessary configs for activating a specific vulnerability. We implement these approaches in a tool, KernJC, automating the generation of vulnerable environments for kernel vulnerabilities. To evaluate the efficacy of KernJC, we build a dataset containing 66 representative real-world vulnerabilities with PoCs from kernel vulnerability research in the past five years. The evaluation shows that KernJC builds vulnerable environments for all these vulnerabilities, 32 (48.5%) of which require non-default configs, and 4 have incorrect version claims in the National Vulnerability Database (NVD). Furthermore, we conduct large-scale spurious version detection on kernel vulnerabilities and identify 128 vulnerabilities that have spurious version claims in NVD. To foster future research, we release KernJC with the dataset in the community.
[TPS-ISA 2021] Security Challenges in the Container Cloud
Yutian Yang, Wenbo Shen, Bonan Ruan, Wenmao Liu, Kui Ren
In the 2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications
In recent years, containerization has become a major trend in the cloud due to its high resource utilization efficiency and convenient DevOps support. However, the complexity of container system also introduces attack surfaces. This paper aims to summarize security challenges in the container cloud. In particular, we first divide the whole container system into different layers according to their functionalities, including the kernel layer, the container layer, and the orchestration layer. We then summarize security-related technologies. After that, we discuss the security challenges for each layer. Finally, we present the current protection status for the container system and highlight future research directions. Our study shows that to improve the container cloud security, we need to design and implement more robust kernel isolation mechanisms, conduct systematic and thorough security analysis on existing container techniques, and develop comprehensive configuration checking tools.
🎮 Books
🛢️ Patents
CN111835768A 一种用于处理安全事件的方法、装置、介质及计算机设备
CN111831275A 一种竞态条件漏洞利用的检测方法及装置
CN111831275A 一种编排微场景剧本的方法、服务器、介质及计算机设备
CN112153049A 一种入侵检测方法及装置
🎸 Talks
[OID Asia 2021] Metarget: Auto-construction of Vulnerable Cloud Native Infrastructure
🗺️ Education
[Jan 2024 ~ present] Ph.D. in Computer Science, National University of Singapore
[Aug 2022 ~ Jan 2024] Master of Computing, National University of Singapore
[Sep 2014 ~ Jun 2019] Bachelor in Information Security, Tongji University
🚂 Work Experience
[Jul 2019 ~ Jul 2022] Security Researcher, XingYun Lab, NSFOCUS
[Mar 2019 ~ Jun 2019] (Intern) Security Researcher, XingYun Lab, NSFOCUS
[Jul 2017 ~ Aug 2017] (Intern) Software Development Engineer, NFV Lab, HUAWEI
🧲 Teaching Assistant
[2024 Fall] CS5231 System Security with Zhenkai Liang
🎯 Vulnerabilities & Bugs Discovered
CVE-2024-50260 - sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()
🛞 Awards
Best Practical Paper Award, RAID 2024
NUS Research Scholarship
Student Scholarship, Black Hat Asia 2023
2017年度网络安全专项基金网络安全奖学金,中国互联网发展基金会