The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Yousra Aafer - Purdue University

Students: Fall 2024, unless noted otherwise, sessions will be virtual on Zoom.

Normalizing Diverse Android Access Control Checks for Inconsistency Detection

Dec 05, 2018

Download: Video Icon MP4 Video Size: 95.3MB  
Watch on Youtube Watch on YouTube

Abstract

Access control systems are known to be vulnerable to anomalies in security policies, such as inconsistency. Android Security model is no exception. This talk presents a new approach aiming to unveil Android inconsistent access controls enforced across multiple instances of the same resource. ​To address the complex nature of Android security checks (e.g., semantic similarity of syntactically different enforcements), the presented approach detects inconsistencies through modeling and normalizing diverse checks. The talk further presents application results of the approach, including the discovery of actual exploits.

About the Speaker

Dr. Aafer is a postdoctoral researcher at Purdue University. Her research tackles emerging threats of mobile and smart systems. She earned her Ph.D. degree in computer engineering from Syracuse University while focusing on Android security. Her discoveries directly benefited mobile vendors and led to publications in top security venues. She was elected as a member of the ACM's Future of Computing Academy.


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!