12月24日学术报告
时间:12月24日下午15点
地点:国家网络安全学院401会议室
报告题目:Boosting Android Security through App-, Network-, and System-level Vulnerability Analysis
报告人:Daoyuan Wu, Chinese University of Hong Kong (吴道远,香港中文大学)
报告人简介: 吴道远博士,任职于香港中文大学信息工程系,研究助理教授(独立PI、博士生导师)。他于2019年从新加坡管理大学博士毕业,师从Debin Gao和Robert Deng教授。他目前带领一个五人团队(1名博士生+4名硕士生)从事移动安全、区块链安全、互联网隐私测量方面的工作,并与Kehuan Zhang教授共同指导应用安全研究实验室。他已发表多篇顶会论文(NDSS, USENIX ATC, CoNEXT, INFOCOM)和一篇顶刊(TMC),并报告过多个著名厂商的app漏洞以及Android和iOS系统的漏洞。更多信息可参考他的个人主页:https://daoyuan14.github.io/
报告摘要:With Android being the most popular system for pervasive devices, there has been continuous efforts to improve its security. In this talk, I will introduce our multi-level vulnerability analysis works to boost up Android security. On the app level, we consider a long-standing IPC vulnerability that allows an attack app to hijack a victim app via inter-component communication on Android. To defend against this attack, we present SCLib, a secure component library that performs in-app mandatory access control on behalf of the app components. On the network level, we study threats stemmed from network-side open ports found in many Android apps. We design and deploy a novel on-device crowdsourcing app and its server-side analytic engine to continuously monitor open ports in the wild. This crowdsourcing platform has already reported the actual executions of open ports in 925 popular apps and 725 built-in system apps. On the system level, we have conducted two systematic studies. One is using on-device and network-side fuzzing to discover 8 zero-day Android VoIP vulnerabilities, and the other is the first emprical study of 2,179 Android system vulnerabilities reported over about three years.
邀请人: 傅建明教授 彭国军教授