时间:
地点:曹东502
题目: A Semantic Based Approach to Android Application Security
摘要:As Android has become the most prevalent operating system in mobile devices, security threats in android apps are increasing. In this talk, I will present three semantic-based techniques to tackle three security problems: privacy leakage, component hijacking vulnerability, and malware classification. To confine privacy leakage, we developed a bytecode rewriting technique that selectively inserts instrumentation code into an app to keep track of private information and detects leakage at runtime. To further distinguish legitimate and malicious leaks, we model the user's decision with a semantics and context aware policy enforcement mechanism. To defeat component hijacking attacks, we proposed an automatic patch generation technique, which inserts a small amount of patch code to detect and block the dangerous information flow, and thus defeat the attacks. For malware classification, we captured the semantics-level behavior of an app by extracting the data and control dependencies between API calls, and constructed so-called ``Weighted Contextual API Dependency Graphs". Then by computing the similarity between these graphs, we can accurately and reliably detect malware variants and zero-day malware.
报告者简介:Heng Yin is an Assistant Professor in the department of Electrical Engineering and Computer Science at