[5-17]Develop Fine-Grained Access Control Systems for Smartphones
Date:2013-05-17
Title: Develop Fine-Grained Access Control Systems for Smartphones
Speaker: Wenliang Du (杜文亮), Syracuse University
Time: 15:00, Friday, May 17, 2013
Venue: Lecture Room, 3rd Floor, Building #5, State Key Laboratory ofComputer Science, Institute of Software, Chinese Academy of Sciences
Abstract:
According to recent reports, global smartphone adoption has been growing very rapidly, and the global smartphone sales are expected to reach one billion in 2016. With such a pervasive use of smartphones, protecting these devices is of critical importance. Although most smartphone systems are designed with security in mind, their security features, especially their access control systems, are insufficient, and sometimes inappropriate. We focus on Android in this research.
The objective of our research is to develop better access control systems for the Android operating system. In particular, we focus on providing fine-grained access control for Android to protect against untrusted third-party code, such as advertisement code, code in third-party plugins (such as PhoneGap plugins), and Javascript code loaded into WebView. I will discuss their potential risks and why Android’s access control system is inappropriate for protecting against these types of code. I will present our ideas on restricting the privilege of third-party code in Android applications. We have modified Android OS to implement our ideas.
Bio:
Du, Wenliang received his B.S. degree from the University of Science and Technology of China in 1993,and Ph.D. degree from Purdue University in 2001. He did his undergraduate research in the Institute of Software, advised by Prof. TANG Zhisong. Dr. Du is currently a professor in the Department of Electrical Engineering and Computer Science at Syracuse University. His research area is in computer and network security, and his current research interests include web security and mobile system security. He is also interested in developing instructional laboratories for security education, and the hands-on labs he developed have been used by over 200 universities worldwide. His research has been sponsored by grants from National Science Foundation, Army Research Office, JP Morgan Chase, and Google.