讲座题目: A Security Vulnerability Analysis System for Android Application
讲座人: Hung-Min Sun 教授
讲座时间:10:00-11:30
讲座日期: 2016-11-11
地点: 长安校区 文津楼三段6层622报告厅
主办单位:太阳成集团tyc4633 网络信息安全科研团队
讲座内容简介:
Mobile security is a hot topic in recent years. Especially nowadays, everyone has at least one or more smart phones. While most mobile security researchers focus on malware analysis and malware detection, we focus on finding security vulnerabilities in mobile applications. We want to make more and more Android developers aware of the potential security holes in their Android applications and how each line of the codes they wrote may cause serious security holes. If these security issues are not fixed, any app on the phone can easily exploit user’s phone, stealing user’s private files and messages without user’s knowledge, compromising user’s account by the stolen access token, etc. And some exploits can be made remotely without installing malicious application on user’s phone. We propose a massive vulnerability analysis system to help Android developers reduce the risks of applications being exploited or hacked. Our system had helped us find one or more security vulnerabilities in Android applications or SDKs developed by Facebook, Microsoft, Google, Evernote, LINE WhosCall, Alibaba, Badoo, Sina Weibo, Baidu, Tencent and other renowned companies. We had reported our findings to these companies and gotten their confirmations and acknowledgements. These acknowledgements should fully prove our system can efficiently and accurately help find the vulnerabilities in those products that have not been discovered by other security researchers or their Android developers.
讲座人简介:
Professor Hung-Min Sun received his Ph.D. degree in computer science and information engineering from National Chiao-Tung University in 1995. Currently, he is working as a full professor with the Department of Computer Science, National Tsing Hua University. He has published more than 200 international journal and conference papers. He was the program cochair of 2001 National Information Security Conference, and the program committee members of many international conferences. He was the honor chairs of 2009 International Conference on Computer and Automation Engineering, 2009 International Conference on Computer Research and Development, and 2009 International Conference on Telecom Technology and Applications. He won many best paper awards in academic journal and conferences, including the annual best paper award in Journal of Information Science and Engineering in 2003, the best paper award in MobiSys09, NSC05, NISC06, NISC07, CISC09, and ICS2010. He won Y. Z. Hsu Scientific Paper Award, Far Eastern Y. Z. Hsu Science and Technology Memorial Foundation, 2010. He got the Award of Excellent Professor in Engineering from the Chinese Institute of Electrical Engineering, 2014. His research interests include network security, cryptography, and internet of Things.