报告题目:移动APP安全探讨
报告日期及时间:2017年05月24日上午10:30
报告地点: B403
报告人:翁健教授
报告人单位:Hong Kong Polytechnic University
报告人简介:翁健,暨南大学息科学技术学院/网络空间安全学院教授、博士生导师、执行院长。教育部新世纪优秀人才支持计划入选者、广东省“千百十工程”国家级培养对象。研究方向为密码学与信息安全,在CRYPTO、EUROCRYPT、TCC、ASIACRYPT、PKC、CT-RSA、IEEE汇刊等发表了80多篇论文。曾获中国密码学会首届密码创新奖二等奖、第26届密码学与信息安全会议SCIS 2011最佳论文奖、第10届可证明安全国际会议ProvSec 2014最佳学生论文奖。曾任信息安全国际会议SecureComm 2016大会主席、ISPEC 2011程序委员会主席和RFIDsec'13 Asia程序委员会主席,以及30多次国际会议程序委员会委员。担任《IEEE Transactions on Vehicular Technology》编委、《网络与信息安全学报》编委会副主任委员、国家自然科学基金委信息学部会评专家等。
报告摘要:Nowadays, Android platform gains explosively growing popularity. A considerable number of mobile consumers are attracted to varieties of Android Apps, which leads developers to invest resources to maintain the upward trajectory. In the early stage, the developers usually pay more attention to the functionality of Android Apps than the security matters. Unfortunately, it makes Android Apps a hot target for attackers. To deal with this problem, developers attach great importance to improve the security of Apps and upgrade them to new versions, whereas leave their earlier versions diffuse through the network. In this talk, we indicate how to attack upgraded versions of popular Apps, including Facebook, Sina Weibo and Qihoo360 Cloud Driven, by using the weaknesses existing in their earlier versions. We design and implement an App weaknesses analysis tool named DroidSkynet to analyze the security weakness on widespread applications. Among 900 mainstream Apps collected from real world, our DroidSkynet indicates that 36.3% Apps are suffer from such weaknesses.
邀请人: 何德彪 副教授