||12月21日学术报告信息 2016-08-15 01:34:00
报告题目：Security Ecosystem of Android Customization
报告人单位：University of California, Riverside
报告人简介：Dr. Zhiyun Qian is an assistant professor at University of California, Riverside. His research interest is on system and network security, including Android security, Internet security (e.g., TCP/IP), side-channel attacks and defenses, and infrastructure security (e.g., cellular networks). He obtained his Ph.D. degree in Computer Science and Engineering from University of Michigan in 2012.
报告摘要： The openness nature of Android has resulted in great vendor adoption and market share but at the same time also introduced significant difficulty in maintaining security across a wide variety of custom Android OS versions. Even worse, the delay in the Android OS update process introduced in the customization does not allow security weaknesses to be patched quickly enough, resulting in unique ecosystems such as Android root. In this talk, we attempt to characterize the Android root ecosystem from the perspective of Android root providers and show how dangerous they can be. In addition, to understand the security vulnerabilities introduced in customization, we built a static vulnerability scanner that caught more than a dozen of new vulnerabilities, both in customized Android and AOSP.