报告题目:A Security Vulnerability Analysis System for Android Application
报告日期及时间:2016年04月08日下午15:00
报告地点: E408
报告人:孙宏民教授
报告人单位:台湾国立清华大学
报告人简介:
孙宏民教授是国立清华大学图书馆代理馆长,而且是一位著名的信息安全学者,一九九五年获得台湾新竹交通大学资讯工程系博士学位,专精于密码学与网络安全之研究,其研究成果发表于国际知名期刊及会议论文超过200余篇。
孙宏民教授学经历丰富,曾任国立成功大学副教授、国立清华大学副教授及教授、新西兰奥克兰大学访问学者。孙宏民教授曾担任多届台湾信息安全学会理事,现为台湾信息安全学会常务理事暨产学合作委员会主任委员。孙教授亦担任许多国际期刊编辑及国际会议议程委员,同时亦获得许多国内外学术奖项,包括第八届「有庠科技论文奖」、中国电机工程学会2014年「杰出电机工程教授奖」、 2000年,2003年,2004年清华大学电资院第一等级(电资院前4%)「教师学术卓越奖励」、2015 World Congress on Information Technology Applications and Services: Outstanding Research Award,以及许多最佳论文奖,积极参与推动国际学术交流及服务工作。
http://is.cs.nthu.edu.tw/wiki/doku.php?id=advisor:main
报告摘要:
Mobile security is a hot topic in recent years. Especially nowadays, everyone has at least one or more smart phones. While most mobile security researchers focus on malware analysis and malware detection, we focus on finding security vulnerabilities in mobile applications. We want to make more and more Android developers aware of the potential security holes in their Android applications and how each line of the codes they wrote may cause serious security holes. If these security issues are not fixed, any app on the phone can easily exploit user’s phone, stealing user’s private files and messages without user’s knowledge, compromising user’s account by the stolen access token, etc. And some exploits can be made remotely without installing malicious application on user’s phone. We propose a massive vulnerability analysis system to help Android developers reduce the risks of applications being exploited or hacked. Our system had helped us find one or more security vulnerabilities in Android applications or SDKs developed by Facebook, Microsoft, Google, Evernote, LINE WhosCall, Alibaba, Badoo, Sina Weibo, Baidu, Tencent and other renowned companies. We had reported our findings to these companies and gotten their confirmations and acknowledgements. These acknowledgements should fully prove our system can efficiently and accurately help find the vulnerabilities in those products that have not been discovered by other security researchers or their Android developers.
邀请人: 何德彪 副教授
