12月24日學術報告

時間:12月24日下午15點

地點:88858cc永利官网401會議室

報告題目：Boosting Android Security through App-, Network-, and System-level Vulnerability Analysis

報告人：Daoyuan Wu, Chinese University of Hong Kong (吳道遠，香港中文大學)

報告人簡介: 吳道遠博士，任職于香港中文大學信息工程系，研究助理教授（獨立PI、博士生導師）。他于2019年從新加坡管理大學博士畢業，師從Debin Gao和Robert Deng教授。他目前帶領一個五人團隊（1名博士生+4名碩士生）從事移動安全、區塊鍊安全、互聯網隐私測量方面的工作，并與Kehuan Zhang教授共同指導應用安全研究實驗室。他已發表多篇頂會論文（NDSS, USENIX ATC, CoNEXT, INFOCOM）和一篇頂刊（TMC），并報告過多個著名廠商的app漏洞以及Android和iOS系統的漏洞。更多信息可參考他的個人主頁：https://daoyuan14.github.io/

報告摘要：With Android being the most popular system for pervasive devices, there has been continuous efforts to improve its security. In this talk, I will introduce our multi-level vulnerability analysis works to boost up Android security. On the app level, we consider a long-standing IPC vulnerability that allows an attack app to hijack a victim app via inter-component communication on Android. To defend against this attack, we present SCLib, a secure component library that performs in-app mandatory access control on behalf of the app components. On the network level, we study threats stemmed from network-side open ports found in many Android apps. We design and deploy a novel on-device crowdsourcing app and its server-side analytic engine to continuously monitor open ports in the wild. This crowdsourcing platform has already reported the actual executions of open ports in 925 popular apps and 725 built-in system apps. On the system level, we have conducted two systematic studies. One is using on-device and network-side fuzzing to discover 8 zero-day Android VoIP vulnerabilities, and the other is the first emprical study of 2,179 Android system vulnerabilities reported over about three years.

邀請人: 傅建明教授 彭國軍教授