返回信息流周一下午三点 美国Case Western Reserve University 肖旭生教授报告。肖教授是软工和安全领域的学术新星,近年来在CCS、USENIX Security、ICSE等顶级会议发表论文数十篇,同时也在招学生,欢迎大家参加!
题目:Improving Mobile App Security via Analyzing Structured and Unstructured Artifacts
(基于分析结构化和非结构化软件工件的手机应用安全优化)
时间:2019年7月15日下午三点
地点:教三楼611
ABSTRACT: The increasing popularity of smartphones has made them a target for malware, which steals and abuses users' sensitive information. To protect users, smartphone application markets like Google Play and App Store employ protection mechanisms based on permissions, which have shown limited success due to three major challenges: (1) permissions show only what sensitive user information is used by the applications; (2) permissions used in benign and malicious behaviors are often the same; (3) permissions do not protect all types of sensitive user information, such as sensitive information entered through graphical user interfaces (GUI). In this talk, I will present my work on developing program analysis and text analysis techniques to address these three major challenges. My techniques automatically analyze application behavior from structured and unstructured artifacts, including app code, app descriptions, API documents, app meta-data, and GUIs. In particular, I will discuss information flow classification and WHYPER, two techniques that explain How and Why sensitive user information is used by the applications to help users make better decisions in permission granting. In addition, I will present AppContext, a program analysis technique that analyzes the context in which the security-sensitive behavior occurs to determine whether the behavior is malicious, and SUPOR, a static analysis technique that detects sensitive information entered by users through GUIs.
BIO: Xusheng Xiao (肖旭生) is an assistant professor of Electrical Engineering and Computer Science at Case Western Reserve University. He received his Ph. D. degree in Computer Science at North Carolina State University in 2014. He was a visiting student in Computer Science department of the University of Illinois at Urbana-Champaign in 2013-2014. His research interests are in software engineering and computer security, with the focus on making software applications and computer systems more reliable and secure via program analysis, software testing, text analysis, and system monitoring. His research has been presented at top-tier venues such as ICSE, FSE, ISSTA, ASE, USENIX Security, CCS, and VLDB. His work in attack investigation for Advanced Persistent Threat (APT) attacks was selected as one of the top ten finalists for CSAW Best Applied Security Paper Award 2018. His work in mobile security was selected as one of the top ten finalists for CSAW Best Applied Security Paper Award 2015, and produced a static analysis tool that was deployed in TouchDevelop of Microsoft Research. His research is supported by NSF and Samsung. More details of his research can be found at his homepage, http://engineering.case.edu/groups/xusheng-xiao/.
这是一条镜像帖。来源:北邮人论坛 / go-abroad / #365325同步于 2019/7/14
GoAbroad机器人发帖
0715 美国Case Western Reserve University 肖旭生教授学术报告
a945418260
2019/7/14镜像同步0 回复
订阅后,新回复会通过你的通知中心匿名送达。
0 条回复
暂无回复 · 你可以订阅本帖等待新回复。