Shulou(Shulou.com)06/01 Report--

Just after the Spring Festival in 2016, a piece of good news came from the cyber security circle. The paper "Forwarding-Loop Attacks in Content Delivery Networks" (the forwarding cycle of CDN) published by Chen Jianjun, a doctoral student of Tsinghua University and other researchers at the academic conference NDSS'16 held in the United States, was rated as an outstanding paper (Distinguished Paper).

What is the weight of this "outstanding paper"? The answer is very heavy! You know, NDSS (Network and Distributed System Security Symposium) is one of the four internationally recognized top academic conferences on network and system security (BIG4). The four "outstanding papers" are selected from 389 global research papers with considerable weight. In addition, according to industry insiders, this is the first time that a Chinese scientific research institution has won the best paper award at an international top conference in the field of network and system security, which is of iconic significance.

At this opportunity, Lao Yang made an appointment with the head of the research team of this paper, Professor Duan Haixin, Research Institute of Cyber Science and Cyberspace of Tsinghua University. One afternoon in March, the day after Professor Duan returned home, we met in a coffee shop outside the east gate of Tsinghua University.

Who is Duan Haixin?

Although it is the first time to meet, the name "Duan Haixin" does not feel strange in my contact with the field of network security over the years. If you inquire about Baidu, you can know the "weight" of Duan Haixin: as a young professor in the security circle, he is now the director and doctoral supervisor of the Network and Information Security Laboratory of Tsinghua University, and the head of the Emergency response Group (CCERT) of the China Education and Scientific Research computer Network. He has undertaken a number of national research projects such as the National 973,863 and Natural Science Foundation. A number of research papers have been continuously published in top international academic conferences or journals.

Duan Haixin (second from left) and his students (picture from the Internet)

Duan Haixin is not only famous in the scientific research circles at home and abroad, but also has a first-class sensitivity and influence on the industry. As a standardized researcher, Duan Haixin's team is quite different from the traditional loophole excavation in the way of doing things. Before the article is published, they usually contact the relevant manufacturers to correct the problem in advance and then publish it. Both international and domestic, people in the industry mentioned Duan Haixin's team and recognized their research level and responsible attitude. A staff member of Microsoft's Global Emergency response Center received their report, consulted colleagues about its authenticity, and was told that the problem reported by the team was 100% accurate.

In fact, this award-winning paper itself is enough to explain the style of Duan Haixin and his team. In terms of topic selection, their research is very practical: CDN itself, as the current best practice for website acceleration and prevention of DDoS***, has serious structural problems and the risk of being DoS***! Zheng Xiaofeng, a member of the research team, once used the topic "how did we almost save the Internet" in a speech introducing the paper, which shows the practicability of this topic!

But it is worth mentioning that Duan Haixin's team did not "quietly" use this matter to elevate themselves to attack others, but to contact and negotiate with manufacturers in a very rigorous and responsible manner. They tested 16 commercial CDN products before and after, notified all merchants, and had extensive communication with their technicians, including Akamai, Baidu, CloudFlare, Ali, Tencent and Verizon, to explore solutions. In addition, as the prevention of this kind of * * requires the unified and coordinated action of multiple manufacturers, the Tsinghua team plans to coordinate the safety technical specifications of various manufacturers as a public welfare third party. In terms of publicity effect, these things have reduced the shock effect of the paper a lot, but this may be where Duan Haixin's style lies.

Move forward with freedom and purity

The meeting between Lao Yang and Duan Haixin was contacted through Wechat. The appointment was originally at noon, but Mr. Duan told me the night before that there would be another meeting that afternoon, and worried about the tight schedule, he suggested changing it to 5:00 in the afternoon. When Lao Yang had just arrived at the meeting place and there were still two or three minutes before the meeting, he received his message that he was a little late, about five minutes, and not two minutes after Lao Yang found his seat and replied to the message. a gentleman in casual clothes already called my name at the door.

Compared with the photos on the Internet, Duan Haixin, who sat in front of me, looked a little haggard, but maintained his demeanor and enthusiasm, which made me see a habit of long-term responsibility. I learned afterwards that Mr. Duan returned from the United States at night, had class that afternoon, and then went home to make up for sleep. As a result, he woke up at three o'clock at night and couldn't sleep at all. But Duan Haixin didn't have much explanation at that time, just saying that jet lag had not been reversed, so he was a little tired.

When it comes to class, since Lao Yang has also been a teacher, our topic starts here.

Duan Haixin is a famous "teacher" in the field of security. Over the years, many of his disciples have become stars in the industry. Not to mention Dr. Jiang Jian, the discoverer of DNS protocol loopholes that caused a sensation in academic circles a few years ago, and Zheng Xiaofeng, who discovered the problem of HTTPSCookie injection, just say that in the past two years, Yang Kun, Zhu Wenlei and others founded Changting Technology, and a number of young men of the "Blue Lotus" team were closely watched by all star enterprises in the industry.

However, the training of network security personnel in China has always been a big problem, although it has improved in recent years, but there is still a significant gap. The most important thing is that we still do not see a systematic safety training method. Take universities as an example, at present, there are not many influential research teams at home and abroad like Duan Haixin's team. So as the leader of the team, Duan Haixin himself thinks, what is their greatest characteristic, or experience?

In the face of this question I threw out, Duan Haixin blurted out: freedom!

This is a word that surprises me very much, but I am not surprised to say it from Duan Haixin, who has always been famous for being "bold". I remember that when I added Duan Haixin Wechat, his signature file read: "forgive me for being unrestrained and free." The "Blue Lotus" team, which has always represented China in the global cyber security competition, was born in the laboratory in charge of Duan Haixin.

I asked Duan Haixin, "did you come up with the name 'Blue Lotus'? does this name have anything to do with Xu Wei's song?"

Duan Haixin nodded and admitted. When Blue Lotus formed a team in 2010, on the one hand, Duan Haixin liked the sentence "nothing can stop my yearning for freedom" in Xu Wei's song, and on the other hand, he also liked the kind of lotus that came out of the mud without being stained, so he used the name. He hopes that his students can move forward cleanly and freely in this seductive environment without being tainted with bad things. Duan Haixin believes that academic research should only satisfy people's curiosity, and interest is the biggest driving force.

Duan Haixin believes that the field of security is different from the study of natural phenomena, and nature will not deliberately fight against you, but security is a confrontation between people, which is endless. In this case, the key for students to maintain continuous research should be interest, that is, to let students do what they like to do.

In this respect, Duan Haixin has a deep feeling. When he was at school, he was often distressed that he could not do what he was interested in and could only complete the task according to the requirements of his mentor. at the same time, a great distress was that there was no communication, and no one could communicate. Therefore, after becoming a teacher, especially a professor, Duan Haixin likes to discuss specific technical issues with his students very much. if he can find some very good ideas and ideas, he will encourage students to continue to do so. at the same time, we are also looking for the most leading partners in the world. For example, Blue Lotus team captain Yang Kun actually focuses on software security, which is not Duan Haixin's specialty, but he still encourages Yang Kun to do research along his own interests and recommends him to Dawn Song, a famous professor of Berkeley in California, to participate in the CGC (Cyber Grand Challenge) program of the US Department of Defense, where he will undergo more training.

Freedom is also an important principle of scientific research.

But apart from attaching importance to their "freedom" in helping students grow, does security research have anything to do with "freedom"? Duan Haixin also gave me the same affirmative answer.

With his own personal experience, Duan Haixin told me that China's academic research mechanism and emphasis on collective warfare, young professors do not have independent status, everyone belongs to a large team, and their subordinates are subordinate to their superiors; as a result, everyone loses their independence, and there is no freedom and independent academic thinking.

Duan Haixin stressed that it is very important for everyone to do what they like to do. if every school and department can maintain such passion, and each professor does what he likes independently, he may not necessarily make a major breakthrough in CTF competitions or academic papers, but it is likely to make a difference in other fields. Facts have proved that many colleges and universities that have made achievements in the world have made remarkable achievements under such circumstances. Duan Haixin stressed that what is the core evaluation index of an academic research team? Does it depend on how many national projects have been obtained, how much money has been earned for the school, or how much innovation has been made?

I asked him that there should be no contradiction between national projects and scientific research and innovation. Is there a problem here?

Duan Haixin replied that the problem now is that there are fewer and fewer projects for free research and more and more large-scale group operations, under such circumstances, young people have fewer and fewer opportunities and often need to rely on some big-name professors. Young people are short of resources and their achievements are inundated, so they can only wait until "their wives for many years have grown up." In addition, the school has a variety of short-term assessment indicators, sometimes young people are tired to cope with, do whatever projects they encounter, and lose their own research direction.

I don't know what to say. After a moment of silence, I asked him, "has this situation improved now?"

He replied positively: "not at the moment, and it's getting worse."

"so, what do you want to say to the young professors?"

"We all live within the system, and we really can't do research as independently as foreign professors. However, after basically meeting the basic requirements of the existing system, we still have to invest some energy to do some research that we like, especially to track the frontiers of international research. There may be no achievement or recognition at first, but there will always be gains if you stick to it. If the whole world recognizes your achievements, the existing system will naturally recognize you, "says Duan Hai-hsin. Research can not just be immediate, but just cater to the existing rules and regulations to do research, and it is very difficult to produce influential results.

[editor-in-chief about tea]

"afternoon Tea, Editor-in-Chief" is an interview program hosted by Lao Yang focusing on the application of technology and the forefront of IT. Would you like to have afternoon tea with Lao Yang? Welcome to contact yangwf@51cto.com.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.