Normalizing Diverse Android Access Control Checks for Inconsistency Detection
Yousra Aafer - Purdue University
Dec 05, 2018Size: 95.3MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractAccess control systems are known to be vulnerable to anomalies in security policies, such as inconsistency. Android Security model is no exception. This talk presents a new approach aiming to unveil Android inconsistent access controls enforced across multiple instances of the same resource. To address the complex nature of Android security checks (e.g., semantic similarity of syntactically different enforcements), the presented approach detects inconsistencies through modeling and normalizing diverse checks. The talk further presents application results of the approach, including the discovery of actual exploits.
About the SpeakerDr. Aafer is a postdoctoral researcher at Purdue University. Her research tackles emerging threats of mobile and smart systems. She earned her Ph.D. degree in computer engineering from Syracuse University while focusing on Android security. Her discoveries directly benefited mobile vendors and led to publications in top security venues. She was elected as a member of the ACM's Future of Computing Academy.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.