GMU Software Engineering Seminar Series

Speaker: Eric Yuan
Title: A Taxonomy and Survey of Self-Protecting Software Systems
Date/Time: Friday, 5/25/2012 @ 12pm
Location: 4201, Engineering Building
Food: Pizza/Soda

Abstract:
Self-protecting software systems are a class of autonomic systems capable of detecting and mitigating security threats at runtime. They are growing in importance, as the stovepipe static methods of securing software systems have shown inadequate for the challenges posed by modern software systems. While existing research has made significant progress towards autonomic and adaptive security, gaps and challenges remain. In this paper, we report on an extensive study and analysis of the literature in this area. The crux of our contribution is a comprehensive taxonomy to classify and characterize research efforts in this arena. We also describe our experiences with applying the taxonomy to numerous existing approaches. This has shed light on several challenging issues and resulted in interesting observations that could guide the future  research.

Bio:
Eric Yuan is a Ph.D. IT student in the Volgenau School of Information Technology and Engineering at GMU. He received his bachelor’s degrees in Computer Science and Management Information Systems from Tsinghua University in China in 1993 and his M.S. degree in Systems Engineering from University of Virginia in 1996. He has over 15 years of professional experience in IT and management consulting in both commercial and public sectors. His current research interests include service oriented architectures, distributed computing, software engineering, and information security.

***********************************************************************

Speaker: Riyadh Mahmood
Title: A Whitebox Approach for Automated Security Testing of Android Applications on the Cloud
Date/Time: Friday, 5/25/2012 @ 12pm
Location: 4201, Engineering Building
Food: Pizza/Soda

Abstract:
By changing the way software is delivered to end users, markets for mobile apps create a false sense of security: apps are downloaded from a market that can potentially be regulated. In practice, this is far from truth and instead, there has been evidence that security is not one of the primary design tenets for the mobile app stores. Recent studies have indicated mobile markets are harboring apps that are either malicious or vulnerable leading to compromises of millions of devices. The key technical obstacle for the organizations overseeing these markets is the lack of practical and automated mechanisms to assess the security of mobile apps, given that thousands of apps are added and updated on a daily basis. In this seminar, we provide an overview of a multi-faceted project targeted at automatically testing the security and robustness of Android apps in a scalable manner. We describe an Android-specific program analysis technique capable of generating a large number of test cases for fuzzing an app, as well as a test bed that given the generated test cases, executes them in parallel on numerous emulated Androids running on the cloud.

Bio:
Riyadh Mahmood is a PhD student in the Computer Science department at George Mason University.  Riyadh has been working in the software engineering / IT consulting field for over a decade.  He holds a Bachelor’s degree in Computer Engineering and a Master’s degree in Information Technology from Virginia Tech.  Riyadh is currently working on his dissertation proposal, focusing on security testing of Android applications on the cloud.


Sam Malek, Ph.D.
Assistant Professor
Department of Computer Science
George Mason University
WWW: http://cs.gmu.edu/~smalek/