Title: Security Threats to Android System: Exploration,Understanding, and Defense

时间：5月23日 09:30-10:00

地点：办公楼2楼会议室

Abstract:

With the evolution of mobile computing technology, smartphone hasexperienced enormous growth in the consumer market, among which Android deviceshave taken the lion's share. Different from the traditional feature phone,smartphone is playing the role of personal assistant and data container inpeople's daily life. Therefore, it is inevitable that considerable private datais stored on the smartphone and becomes the target of attackers. Lots ofprevious research on mobile security concentrates on the program analysistechniques for malware detection and lack a deep investigation into the Androidsecurity architecture. In this talk, I will introduce my research efforts onthe new security threats to the Android's defense system itself, especially theSandbox mechanism. In particular, I will discuss (1) conducting side-channelattacks to bypass the Sandbox mechanism, (2) analyzing architecture flaws lyingin the Sandbox mechanism, and (3) designing new approaches to evade runtimesecurity check.

Bio:

Wenrui Diao is a Ph.D. candidate at The Chinese University of HongKong, under the supervision of Prof. Kehuan Zhang and Prof. Minghua Chen.Before that, he received B.Sc. and M.Sc. degrees from Shandong University(2010) and The Chinese University of Hong Kong (2011) respectively. He evervisited/worked at Indiana University Bloomington, City University of Hong Kong,EMC Labs China, etc. His research focuses on system security, especially thesecurity and privacy on mobile platforms. His papers appeared at severaltop-tier security conferences, such as IEEE S&P (Oakland), ACM CCS, andESORICS. Also, his work was ever reported by many influential media andacknowledged by Google. He served as the reviewer (or external reviewer) forIEEE Transactions on Information Forensics and Security, IEEE EuroS&P 2017,ACM CCS 2014/15/16, ACM ASIACCS 2016/17, RAID 2017, SecureComm 2016, USENIXWOOT 2016, etc.