中国科大学位与研究生教育
课程名称: 教师:
当前位置:
 >> 
 >> 
安卓系统安全:攻击手段及厂商定制的系统安全分析
安卓系统安全:攻击手段及厂商定制的系统安全分析
教师介绍

本讲教师:杜文亮
所属学科:工科
人  气:596

课程介绍
报告人简介: Wenliang Du is a Professor in the Department of Electrical Engineering and Computer Science at Syracuse University. He is interested in developing instructional laboratories for security education. His research has been sponsored by grants from National Science Foundation, Army Research Office, JP Morgan Chase, and Google. He is a recipient of the 2013 ACM CCS Test-of-Time Award and the 2017 Academic Leadership award from The 21st Colloquium for Information System Security Education. 报告内容简介: This talk consists of two parts. For the first part, I will present some of the recent attacks/vulnerabilities that we have identified, including the code injection attacks on the HTML5-based apps, the hanging attribute reference vulnerability, and data residue vulnerabilities in Android OS. In the second part, I will present a systematic analysis on the security impact of the vendor customization. Android customization offers substantially different experiences and rich functionalities to users. Every party in the customization chain, such as vendors and carriers, modify the OS and the pre-installed apps to tailor their devices for a variety of models, regions, and custom services. However, these modifications do not come at no cost. We have systematically identified security features that, if altered during the customization, can introduce potential risks. We conducted a large scale analysis on 591 custom images to detect inconsistent security features.

评论

针对该课程没有任何评论,谈谈您对该课程的看法吧?
  • 用户名: 密 码:
致谢:本课件的制作和发布均为公益目的,免费提供给公众学习和研究。对于本课件制作传播过程中可能涉及的作品或作品部分内容的著作权人以及相关权利人谨致谢意!
课件总访问人次:10602368
中国科学技术大学研究生网络课堂试运行版,版权属于中国科学技术大学研究生院。
本网站所有内容属于中国科学技术大学,未经允许不得下载传播。
地址:安徽省合肥市金寨路96号;邮编:230026。TEL:+86-551-63602922;E-mail:wlkt@ustc.edu.cn。