12月24日学术报告

时间:12月24日下午15点

地点:国家网络安全学院401会议室

报告题目：Boosting Android Security through App-, Network-, and System-level Vulnerability Analysis

报告人：Daoyuan Wu, Chinese University of Hong Kong (吴道远，香港中文大学)

报告人简介: 吴道远博士，任职于香港中文大学信息工程系，研究助理教授（独立PI、博士生导师）。他于2019年从新加坡管理大学博士毕业，师从Debin Gao和Robert Deng教授。他目前带领一个五人团队（1名博士生+4名硕士生）从事移动安全、区块链安全、互联网隐私测量方面的工作，并与Kehuan Zhang教授共同指导应用安全研究实验室。他已发表多篇顶会论文（NDSS, USENIX ATC, CoNEXT, INFOCOM）和一篇顶刊（TMC），并报告过多个著名厂商的app漏洞以及Android和iOS系统的漏洞。更多信息可参考他的个人主页：https://daoyuan14.github.io/

报告摘要：With Android being the most popular system for pervasive devices, there has been continuous efforts to improve its security. In this talk, I will introduce our multi-level vulnerability analysis works to boost up Android security. On the app level, we consider a long-standing IPC vulnerability that allows an attack app to hijack a victim app via inter-component communication on Android. To defend against this attack, we present SCLib, a secure component library that performs in-app mandatory access control on behalf of the app components. On the network level, we study threats stemmed from network-side open ports found in many Android apps. We design and deploy a novel on-device crowdsourcing app and its server-side analytic engine to continuously monitor open ports in the wild. This crowdsourcing platform has already reported the actual executions of open ports in 925 popular apps and 725 built-in system apps. On the system level, we have conducted two systematic studies. One is using on-device and network-side fuzzing to discover 8 zero-day Android VoIP vulnerabilities, and the other is the first emprical study of 2,179 Android system vulnerabilities reported over about three years.

邀请人: 傅建明教授 彭国军教授