Seminar Series - Capability Leak Challenges for Mobile Devices and Their Apps

Speaker: Dr. Xuxian Jiang, North Carolina State University
Date: Friday, October 26, 2012
Time: 11:15am-12:30pm
Location: 2150 Torgersen

Abstract:
Recent years have witnessed a meteoric increase in the adoption of smartphones such as Android. To manage information and features on such phones, Android provides a permission-based security model that requires each application to explicitly request permissions before it can be installed to run. Due to the central role of the permission-based model in running smartphone apps, it is critical that this model is properly enforced in existing Android-based mobile devices. In this talk, I will focus on capability leaks in existing Android devices where privileged permissions might be unsafely exposed or leaked (even by a legitimate app) to other untrusted applications that do not need to request them for the actual use. By exploiting leaked permissions, an untrusted application might manage to wipe out the user data, send out SMS messages, or record user conversation on the affected phones, all without asking for any permission.

Bio:
Dr. Xuxian Jiang is an Associate Professor in the Computer Science Department at the North Carolina State University, Raleigh, NC. Over the last 18 months, Jiang and his team of students have identified more than two dozens zero-day Android malware in the official and alternative mobile application marketplaces. Most recently, Jiang launched the Android Malware Genome Project (http://www.malgenomeproject.org/) with the goal of facilitating Android security research. He received his PhD degree in Computer Science from Purdue University in 2006. His research interests are mainly in smartphones, hypervisors, and malware defense. He is a recipient of the NSF CAREER Award in 2010.