学术讲座【A Security Vulnerability Analysis System for Android Application】

时间：2014年9月19日（星期五）下午15:30

地点：仓山校区成功楼603

主办：数学与计算机科学学院，福建省网络安全与密码技术重点实验室

主讲：Taiwan Tsing Hua University  Professor Hung-Min Sun

专家简介：孙宏民，教授。1995年在台湾交通大学获得计算机科学和信息工程博士学位。毕业后在多所台湾地区的大学任教，现任台湾清华大学计算机科学系教授、资讯安全实验室主任。研究领域包括网络安全、密码学和无线网络等。在国际学术期刊和学术会议上发表论文150多篇，担任2001年台湾信息安全会议项目联合主席、多个国际学术会议程序委员会委员，多次获学术期刊和学术会议的最佳论文奖。

报告摘要：Mobile security is a hot topic in recent years. Especially nowadays, everyone has at least one or more smart phones. While most mobile security researchers focus on malware analysis and malware detection, we focus on finding security vulnerabilities in mobile applications. We want to make more and more Android developers aware of the potential security holes in their Android applications and how each line of the codes they wrote may cause serious security holes. If these security issues are not fixed, any app on the phone can easily exploit user’s phone, stealing user’s private files and messages without user’s knowledge, compromising user’s account by the stolen access token, etc. And some exploits can be made remotely without installing malicious application on user’s phone. We propose a massive vulnerability analysis system to help Android developers reduce the risks of applications being exploited or hacked. Our system had helped us find one or more security vulnerabilities in Android applications or SDKs developed by Facebook, Microsoft, Google, Evernote, LINE WhosCall, Alibaba, Badoo, Sina Weibo, Baidu, Tencent and other renowned companies. We had reported our findings to these companies and gotten their confirmations and acknowledgements. These acknowledgements should fully prove our system can efficiently and accurately help find the vulnerabilities in those products that have not been discovered by other security researchers or their Android developers.