| 报告题目:智能手机的安全和云端数据保护 报告时间:2016年7月19日(周二)2:00pm -4:00pm 报告地点:清华大学信息技术大楼(FIT) 3-225 主讲人:David Lie 教授,多伦多大学(http://www.eecg.toronto.edu/~lie/)
|
 |
内容摘要:
智能手机的不断普及给安全从业者带来了新的机遇和挑战。一方面,手机作为一种计算设备,总是跟用户如影随形,而且总是保持在线连接,从而给监控和保护用户的数据创造了新的机会;另一方面,同样的特点也意味着智能手机总是包含着大量个人隐私信息,也使其成为用户隐私和安全的重大挑战。
针对这些挑战,我们开发了几个系统以提高智能手机的安全。我将会讨论我们开发的用于分析Android权限机制的系统—PScout。PScout利用静态分析技术从Android源码中提取出从Android API到具体权限的映射。从分析的结果中我们发现了Android权限系统的一些有趣的特性。另外我也会讨论我们最近的工作—IntelliDroid,它针对特定的动态分析系统生成输入,用来触发恶意行为相关的执行路径来,从而检测 Android恶意程序。
我也会介绍我们开发的其他一些用于提高智能手机用户安全的系统,比如Caelus系统。Caelus利用智能手机来监控云端所存储数据的完整性,它利用智能手机很少关机的特点,对用户个人云端数据的完整性和一致性进行低成本地、接近于实时地监控。
演讲人介绍:
David Lie于1998年在多伦多大学获得学士学位,并且分别于2001年和2004年在斯坦福大学获得硕士和博士学位。他现在为多伦多大学电子和计算机工程系副教授,并且为安全与可靠计算机系统方向的加拿大首席科学家。他也是MRI Early Researcher Award的获得者。在斯坦福时期,他创建和领导了可以支持运行防篡改和防拷贝软件的XOM (eXecute Only Memory) 处理器项目。由于此项工作,他获得了SOSP的最佳论文奖。最近他和他的学生开发了Android权限映射工具PScout。其产生的数据结果已经超过10,000次下载量,并被之后多篇论文所采用。David承担了包括OSDI、ASPLOS、Usenix Security和IEEE Security & Privacy在内的多个顶级会议的程序委员会的职务。现在他的研究兴趣主要集中于建立安全的移动平台、云计算安全和提高软件可靠性等方向。
Title: Security of smartphones and protection of personal data in the cloud
Abstract:
The growth in smartphone usage presents both new capabilities and challenges for security practitioners.? On one hand, smartphones represent a computing device that is always with the user, is always on, and generally has an Internet connection, making creating new opportunities for monitoring and securing user data.? On the other hand, these same properties mean that smartphones tend to contain a great deal of private information, making them a serious challenge to the personal privacy and security of users.
To address these challenges, we have also built systems that aim to improve smartphone security.? I will discuss our PScout tool, which enables us to analyze the permission system of Android. PScout uses static analysis of the Android source code to extract a mapping of Android APIs to permissions.? Our analysis of the data reveals several interesting properties of the Android permissions system.? I will also discuss our more recent work on IntelliDroid, a system that performs targeted execution of malicious behaviors to detect Android Malware.
I will also present some of the systems we have built that capitalize on opportunities for smartphones can improve user security.? I’ll talk about Caelus, which uses a smartphone to monitor the integrity of data stored in the cloud.? Caelus exploits the property that smartphones are rarely switched off to enable low-cost, near real-time monitoring of the integrity and consistency of personal data stored in the cloud.?
David Lie received his B.S. from the University of Toronto in 1998, and his M.S. and Ph.D from Stanford University in 2001 and 2004 respectively. He is currently an Associate Professor in the Department of Electrical and Computer Engineering at the University of Toronto and the Canada Research Chair in Secure and Reliable Computer Systems.? David is also a recipient of the MRI Early Researcher Award.? While at Stanford, David founded and led the XOM (eXecute Only Memory) Processor Project, which supports the execution of tamper and copy-resistant software. He was the recipient of a best paper award at SOSP for this work.? More recently, he and his students have developed the PScout Android Permission mapping tool, whose datasets have been downloaded over 10,000 times and used in dozens of subsequent papers.? David has served on various? program committees including OSDI, ASPLOS, Usenix Security and IEEE Security & Privacy.? Currently, his interests are focused on securing mobile platforms, cloud computing security and increasing the reliability of software.
联系人: 段海新, duanhx@tsinghua.edu.cn
