学术报告:Identifying Security Vulnerabilities in Remote Services via Automated Analysis of Mobile Apps

报告题目:Identifying Security Vulnerabilities in Remote Services via Automated Analysis of Mobile Apps

主讲:Zhiqiang Lin, The University of Texas at Dallas

日期:2017 年6 月21日 (周三)

时间:下午2:30pm - 3:30pm

地点:jbo竞博电竞官方网站东校区数据科学与jbo竞博电竞官方网站A201

主持:吴维刚 教授

 

摘要:

Over the past several years, we have witnessed a huge increase of the number of mobile devices and mobile apps.  As of today, there are billions of mobile users, millions of mobile apps, and millions of app service providers. However, when pushed too quickly to the market, the apps and services can be engineered poorly and may contain various vulnerabilities that can severely undermine users’ security and privacy. While a significant amount of effort has focused on vetting various vulnerabilities in mobile apps, little attention has targeted remote services. In this talk, Dr. Lin is going to talk about how to automatically analyze mobile apps in searching for security vulnerabilities of remote services. In the first half of his talk, he will present a generic and scalable system dubbed AutoForge to identify password brute-force vulnerabilities in mobile services by using automatic protocol reverse engineering, dynamic slicing, and API replay. In the second half of the talk, he will describe SmartGen, a system to automatically reveal the server APIs of mobile apps and enable the standard vulnerability fuzzing with remote services via selective symbolic execution. Both AutoForge and SmartGen have been evaluated with a large set of mobile apps, and found hundreds of security vulnerabilities.  Responsible disclosures have been made to all the vulnerable service providers, and Dr. Lin will also share this experience during his talk.

 

报告人简介:

Dr. Zhiqiang Lin is an Associate Professor of Computer Science at The University of Texas at Dallas. He earned his PhD from Computer Science Department at Purdue University in 2011. His primary research interests are systems and software security, with an emphasis on developing program analysis techniques and applying them to secure both application programs including mobile apps and the underlying system software such as Operating Systems and hypervisors. Dr. Lin is a recipient of the NSF CAREER Award and the AFOSR Young Investigator Award.