GMU Software Engineering Seminar Series<>

Speaker: Eric Yuan
Title: A Taxonomy and Survey of Self-Protecting Software Systems
Date/Time: Friday, 5/25/2012 @ 12pm
Location: 4201, Engineering Building
Food: Pizza/Soda

Self-protecting software systems are a class of autonomic systems capable
of detecting and mitigating security threats at runtime. They are growing
in importance, as the stovepipe static methods of securing software systems
have shown inadequate for the challenges posed by modern software systems.
While existing research has made significant progress towards autonomic and
adaptive security, gaps and challenges remain. In this paper, we report on
an extensive study and analysis of the literature in this area. The crux of
our contribution is a comprehensive taxonomy to classify and characterize
research efforts in this arena. We also describe our experiences with
applying the taxonomy to numerous existing approaches. This has shed light
on several challenging issues and resulted in interesting observations that
could guide the future  research.

Eric Yuan is a Ph.D. IT student in the Volgenau School of Information
Technology and Engineering at GMU. He received his bachelorís degrees in
Computer Science and Management Information Systems from Tsinghua
University in China in 1993 and his M.S. degree in Systems Engineering from
University of Virginia in 1996. He has over 15 years of professional
experience in IT and management consulting in both commercial and public
sectors. His current research interests include service oriented
architectures, distributed computing, software engineering, and information


Speaker: Riyadh Mahmood
Title: A Whitebox Approach for Automated Security Testing of Android
Applications on the Cloud
Date/Time: Friday, 5/25/2012 @ 12pm
Location: 4201, Engineering Building
Food: Pizza/Soda

By changing the way software is delivered to end users, markets for mobile
apps create a false sense of security: apps are downloaded from a market
that can potentially be regulated. In practice, this is far from truth and
instead, there has been evidence that security is not one of the primary
design tenets for the mobile app stores. Recent studies have indicated
mobile markets are harboring apps that are either malicious or vulnerable
leading to compromises of millions of devices. The key technical obstacle
for the organizations overseeing these markets is the lack of practical and
automated mechanisms to assess the security of mobile apps, given that
thousands of apps are added and updated on a daily basis. In this seminar,
we provide an overview of a multi-faceted project targeted at automatically
testing the security and robustness of Android apps in a scalable manner.
We describe an Android-specific program analysis technique capable of
generating a large number of test cases for fuzzing an app, as well as a
test bed that given the generated test cases, executes them in parallel on
numerous emulated Androids running on the cloud.

Riyadh Mahmood is a PhD student in the Computer Science department at
George Mason University.  Riyadh has been working in the software
engineering / IT consulting field for over a decade.  He holds a Bachelorís
degree in Computer Engineering and a Masterís degree in Information
Technology from Virginia Tech.  Riyadh is currently working on his
dissertation proposal, focusing on security testing of Android applications
on the cloud.

Sam Malek, Ph.D.
Assistant Professor
Department of Computer Science
George Mason University