报告人简介： Wenliang Du is a Professor in the Department of Electrical Engineering and Computer Science at Syracuse University. He is interested in developing instructional laboratories for security education. His research has been sponsored by grants from National Science Foundation, Army Research Office, JP Morgan Chase, and Google. He is a recipient of the 2013 ACM CCS Test-of-Time Award and the 2017 Academic Leadership award from The 21st Colloquium for Information System Security Education. 报告内容简介： This talk consists of two parts. For the first part, I will present some of the recent attacks/vulnerabilities that we have identified, including the code injection attacks on the HTML5-based apps, the hanging attribute reference vulnerability, and data residue vulnerabilities in Android OS. In the second part, I will present a systematic analysis on the security impact of the vendor customization. Android customization offers substantially different experiences and rich functionalities to users. Every party in the customization chain, such as vendors and carriers, modify the OS and the pre-installed apps to tailor their devices for a variety of models, regions, and custom services. However, these modifications do not come at no cost. We have systematically identified security features that, if altered during the customization, can introduce potential risks. We conducted a large scale analysis on 591 custom images to detect inconsistent security features.