报告题目：Security Ecosystem of Android Customization

 

报告日期及时间：2015年12月21日（周一）上午9:00—11:00

 

报告地点：计算机学院B403

 

报告人：Zhiyun Qian

 

报告人国籍：USA

 

报告人单位：University of California, Riverside

 

报告人简介：Dr. Zhiyun Qian is an assistant professor at University of California, Riverside. His research interest is on system and network security, including Android security, Internet security (e.g., TCP/IP), side-channel attacks and defenses, and infrastructure security (e.g., cellular networks). He obtained his Ph.D. degree in Computer Science and Engineering from University of Michigan in 2012.

 

报告摘要： The openness nature of Android has resulted in great vendor adoption and market share but at the same time also introduced significant difficulty in maintaining security across a wide variety of custom Android OS versions. Even worse, the delay in the Android OS update process introduced in the customization does not allow security weaknesses to be patched quickly enough, resulting in unique ecosystems such as Android root. In this talk, we attempt to characterize the Android root ecosystem from the perspective of Android root providers and show how dangerous they can be. In addition, to understand the security vulnerabilities introduced in customization, we built a static vulnerability scanner that caught more than a dozen of new vulnerabilities, both in customized Android and AOSP.

 

邀请人：严飞 副教授