报告题目:The Misuse of Android Unix Domain Sockets and Security Implications
报告时间:2016年9月10日上午10:00
报告地点:B403
报告人: Yuru Shao (邵玉如)
报告人单位:Computer Science & Engineering, The University of Michigan, Ann Arbor (密歇根大学安娜堡分校)
报告人简介:
Yuru Shao is a PhD candidate in Computer Science & Engineering from The University of Michigan, Ann Arbor. His research interests include mobile system security, cyber-physical system security. His research uses program analysis techniques to discover vulnerabilities in both Android frameworks and Android applications.His previous work has appeared on top security conferences such as NDSS and CCS. He got his bachelor's degree from Wuhan University in 2013.
报告摘要:
We conduct the first systematic study in understanding the security properties of the usage of Unix domain sockets by both Android apps and system daemons as an IPC (Inter-process Communication) mechanism, especially for cross-layer communications between the Java and native layers. We propose a tool called SInspector to expose potential security vulnerabilities in using Unix domain sockets through the process of identifying socket addresses, detecting authentication checks, and performing data flow analysis. Our in-depth analysis revealed some serious vulnerabilities in popular apps and system daemons, such as root privilege escalation and arbitrary file access. Based on our findings, we propose countermeasures and improved practices for utilizing Unix domain sockets on Android.
邀请人:彭国军
