随着安卓生态系统的发展,安卓软件的安全性不容忽视。安卓软件的漏洞会导致重大的危害,例如隐私泄露、金钱丢失、钓鱼攻击等。本报告介绍安卓软件漏洞修复和检测的相关工作。漏洞修复是一个困难的过程,并且在漏洞被修复后经常需要花大量的时间去更新具有漏洞的软件。本次报告提出了一个基于规则进行漏洞修复的系统,可以及时的修复软件中存在的权限泄露漏洞。通过对安卓系统进行改造,本报告介绍如何使用规则去主动的修复具有漏洞的软件并且演示这些规则是如何被自动化生成的。此外,本次报告还介绍了一些关于如何使用自动化分析技术去检测安卓软件漏洞的工作。通过将漏洞检测逻辑和静态分析解耦,本报告将演示如何快速开发一个漏洞检测的插件。
报告人简介:
张源(Yuan Zhang)博士,复旦大学软件学院讲师。Yuan Zhang received his B.S. degree from Nanjing University in 2009, and his Ph.D degree from Fudan University in 2014. He has over 6 years of research experience in Android systems and apps. His research interests include system software and security, static analysis, and managed runtime. He currently focuses on mobile security, especially on Android apps. His work has been published in many important venues, such as ACM VEE, ACM CCS, IEEE TIFS, EAI SecureComm.