QUICKLOOK: Strategic Synergy: The SSF's Collaboration with Peking University in Advancing China's Information Warfare Capabilities (PART 1)
Unraveling the Nexus between China's Elite Cyber Force and Premier Academic Institution in the Digital Age
Strategic Synergy: The SSF's Ties with Peking University:
The Strategic Support Force (SSF) is one of the People's Liberation Army's (PLA) newest branches, established as part of China's military reforms initiated in 2015. The SSF is believed to be responsible for electronic warfare, cyber operations, and space operations, consolidating these capabilities into a single service. The SSF plays a crucial role in China's information warfare strategy, aiming to achieve dominance in the electromagnetic spectrum, cyberspace, and space.
Peking University, located in Beijing, is one of China's most prestigious and oldest institutions of higher learning. Founded in 1898, it has been at the forefront of numerous academic disciplines and has played a significant role in China's modern history. Peking University is renowned for its rigorous academic programs, influential alumni, and its beautiful campus, which houses traditional Chinese architecture alongside modern facilities.
While Peking University is primarily an academic institution, its deep-rooted connection with the government has often led to collaborations that extend beyond the realm of pure academics. Many top universities in China, including Peking University, have a history of partnering with the government and military on various research and development projects. Given the SSF's mandate and its emphasis on cutting-edge technologies, it's plausible that there exists a symbiotic relationship between the SSF and Peking University. The government's propensity to tap into academic talent pools means that the expertise cultivated within the university's walls could very well contribute to capabilities reminiscent of Nation State Advanced Persistent Threat (APT) activities. While the specifics of such collaborations remain shrouded in secrecy, the potential for knowledge exchange and capability enhancement is undeniable.
Products in review:
Summary: In 2015, the People's Liberation Army (PLA) of China underwent significant reforms, leading to the creation of the Strategic Support Force (SSF). The SSF centralizes the PLA's capabilities in space, cyber, electronic, and psychological warfare, marking a shift from land-based defense to power projection in strategic domains like space and cyberspace. Comprising two main branches, the Space Systems Department and the Network Systems Department, the SSF aims to streamline information operations and enhance strategic information support. While drawing some inspiration from U.S. military structures, the SSF's establishment underscores China's evolving military strategy, emphasizing the pivotal role of information in modern warfare. (Pages 25-26)
Summary: The PKU-Exploit research group belongs to the Network Software and System Security Department at Peking University. Its members come from the School of Software and Microelectronics at Peking University, the Key Laboratory for Network and Software Security Assurance at Peking University, and the Information Security Laboratory of the Software Institute at Peking University's School of Electronics and Information Science. The group's advisors consist of experts and professors from the School of Software and Microelectronics at Peking University, the Software Research Institute of the Chinese Academy of Sciences, and Beijing University of Posts and Telecommunications. Their primary research areas include reverse engineering, software security vulnerability discovery, software security vulnerability analysis, malicious code research, and software security assessment.
Background:
PKU-Exploit: A Premier Hub for Software Security Insights and Research:
When delving into the intricate world of software security, the PKU-Exploit research group's website stands as a beacon of knowledge and expertise. By searching their website, one can access cutting-edge research and insights from some of China's top academic institutions, including Peking University and the Chinese Academy of Sciences. The site offers invaluable resources on topics like reverse engineering, vulnerability discovery, and malicious code analysis, which are crucial in today's digital age where cyber threats are ever-evolving. For professionals, researchers, or students in the field of cybersecurity, the website serves as a comprehensive repository of information, bridging the gap between academic research and real-world application. The blend of expert opinions, research findings, and practical tools available on the site makes it an indispensable asset for anyone aiming to fortify their knowledge and skills in software security.
Breaking Down the Sections:
PKU-Exploit: Research
Overview: PKU-Exploit is a distinguished research group affiliated with the Network Software and System Security Department at Peking University. The group's website offers a plethora of information, including ongoing research topics, scientific practices, published works, research papers, patented achievements, academic reports, announcements, past group leaders, alumni, and recruitment information.
Key Researcher: Dr. Wen Weiping is a prominent figure in the field of software security. Holding a Ph.D. in Information Security from the Chinese Academy of Sciences Software Research Institute, he is now a professor and Ph.D. advisor at Peking University. His primary research areas encompass system and network security, big data and cloud security, and intelligent computing security. Dr. Wen has spearheaded numerous national and departmental information security research projects and has an impressive list of publications, patents, and accolades to his name.
Ongoing Research Projects: The website provides a detailed list of ongoing research projects, including their duration, project names, commissioning units, and the person in charge. Some of the notable projects include dynamic analysis of ELF software malicious behavior, vulnerability mining, and intrusion detection in Java programs, and analysis of APT attack and defense techniques.
Research Topic Representatives: The site introduces several topic heads responsible for various research areas, such as static analysis, sandboxing, obfuscation, real-time communication security, cross-chain protocol security, and smart contract vulnerability mining.
Team Composition: The PKU-Exploit team is a blend of seasoned experts and budding researchers. The website lists members from different academic years, showcasing the group's growth and the influx of new talent over time.
In essence, the PKU-Exploit website serves as a comprehensive platform for those interested in cutting-edge research and developments in software security from one of China's premier academic institutions. It offers insights into the group's endeavors, achievements, and the brilliant minds driving innovation in the realm of cybersecurity.
Vulnerability Achievements: The group has identified a series of vulnerabilities in various domains:
Web Vulnerabilities: A list of identified vulnerabilities with CNVD tags.
Blockchain Vulnerabilities: Several vulnerabilities related to blockchain technology.
Application Software Vulnerabilities: Vulnerabilities in different application software.
Operating System Vulnerabilities: Vulnerabilities in various operating systems, including some with CVE tags.
Network Device Vulnerabilities: Vulnerabilities in network devices.
Research Projects: The website provides a detailed breakdown of their research projects, including the project's duration, name, commissioning unit, and the person in charge. These projects span a wide range of topics, from host intrusion detection and software vulnerability mining to network protocol security analysis. Each project also includes a status update, indicating whether it's ongoing, completed, or concluded.
Contact & Additional Resources: For those interested in collaborating or learning more, the website provides contact details for the Key Laboratory for Network and Software Security Assurance at Peking University. Additionally, there are links to related institutions and commonly used services, ensuring that visitors have all the resources they need at their fingertips.
Published Works: The group boasts an impressive list of publications, some of which include:
"Network Attack and Defense Principles and Applications" by Wen Weiping. This book serves as the official textbook for the course "Network Attack and Defense" at Peking University's School of Software and Microelectronics. Published by Tsinghua University Press in March 2017.
"Information Security Engineer Course (2nd Edition)" co-authored by Jiang Jianchun, Wen Weiping, and Jiao Jian. This book is the designated material for the National Computer Technology and Software Professional Technical Qualification (Level) Examination. Published by Tsinghua University Press in August 2020.
"Computer Network Information Security Theory and Practice Course" co-authored by Jiang Jianchun, Wen Weiping, Yang Fan, and Zheng Shenglin. This book, which has been cited 58 times, won the second prize for excellent teaching materials from the China Electronic Education Association in 2009. Published by Beijing University of Posts and Telecommunications Press in May 2008.
"Computer Security - Principles and Practice" translated by Wang Zhao, Wen Weiping, and Wang Yonggang. Professor Wen Weiping translated chapters 6 to 16 and was responsible for the initial review and finalization of the entire book. Published by Electronics Industry Press in October 2015.
Contact & Additional Resources: For those interested in collaborating or learning more, the website provides contact details for the Key Laboratory for Network and Software Security Assurance at Peking University. Additionally, there are links to related institutions and commonly used services, ensuring that visitors have all the resources they need at their fingertips.