新加坡资讯通信研究院周建英研究员学术报告 11月29日下午

发布时间:2013-11-22浏览次数:249

  : Jianying Zhou 研究员

新加坡资讯通信研究院(I2R)

报告题目: Mobile Platform and Application Security

       20131129(星期五)下午15:30

       :仓山校区成功楼603教室

       :数学与计算机科学学院,

福建省网络安全与密码技术重点实验室

参加对象数计学院部分教师和研究生

 

报告摘要:

        Smartphones become more and more popular. Android and iOS are two dominant mobile operating systems on the market. An interesting question is which one is more secure. We made a comparison by investigating applications that run on both Android and iOS and examining the difference in the usage of their security sensitive APIs (SS-APIs). We developed static analysis tools to perform massive static analysis for cross-platform applications on their SS-API usage. Our analysis showed that applications on iOS tend to use more SS-APIs compared to their counterparts on Android, and are more likely to access sensitive resources that may cause privacy breaches or security risks without being noticed.

 

We also proposed a generic attack vector that enables third-party applications to launch attacks on non-jailbroken iOS devices, and constructed multiple proof-of-concept attacks, such as cracking device PIN and taking snapshots without user's awareness. Our applications embedded with the attack codes passed Apple's vetting process and work as intended on non-jailbroken devices. Our proof-of-concept attacks have shown that Apple's vetting process and iOS sandbox have weaknesses which can be exploited by third-party applications. Our work helped Apple to fix the vulnerabilities in the latest release of iOS 7.

 

专家简介:

    周建英老师是国际知名的信息安全专家,博士毕业于英国伦敦大学信息安全专业,现担任新加坡资讯通信研究院信息通信安全部主任;主持和负责多项新加坡政府和企业的产学研项目,在国际学术期刊和会议上发表了200多篇学术论文,担任150多个国际学术会议的主席/程序委员会委员,是国际顶级安全学术会议ACNS的发起人之一;目前担任《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》编委,日本九州大学和上海交通大学兼职教授。