Print

Print


Please make note of the new date for this seminar

Speakers: Hamid Bagheri and Alireza Sadeghi
Title: Automated Detection and Mitigation of Inter-Application Security Vulnerabilities in Android
Date/Time: October 27th, 2pm
Location: room 4201, Nguyen Engineering Building

Abstract: Android is the most popular platform for mobile devices. It facilitates sharing of data and services among applications using a rich inter-application communication system. While access to resources can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, as permissions may be mismanaged, intentionally or unintentionally. Android's enforcement of the permissions is at the level of individual apps, allowing multiple malicious apps to collude and combine their permissions or to trick vulnerable apps to perform actions on their behalf that are beyond their individual privileges. In this talk, we will present our ongoing research which explores a proactive scheme for automated detection and mitigation of inter-application vulnerabilities. Our approach leverages concepts from the domains of formal methods, model-driven development, and programming languages, and allows the end-users to safeguard a given bundle of apps installed on their device from such complex, inter-app vulnerabilities. We will illustrate the ideas in the context of practical applications, discuss its potential to put the field forward, and pose important areas of research in the coming era.

Bio: Hamid Bagheri is a Postdoctoral researcher in the Department of Computer Science at George Mason University. He received his PhD in Computer Science from University of Virginia in 2013. Hamid works in the crossroads of software engineering, program synthesis, and formal methods. His research career has focused on the development of techniques and tools that aid with the analysis and synthesis of software systems. He has been prolific in his early career, developing several novel techniques, including new methods and tools for compositional analysis of android inter-app vulnerabilities, synthesis of partial code frameworks from application architectures, and synthesis of object-relational mapping tradeoff spaces for database-centric applications. The results of his research have been published in some of the most prestigious software engineering venues, such as ICSE, ASE, and MoDELS, among others.

Bio: Alireza Sadeghi received the B.Sc. degree in computer (software) engineering and M.Sc. degree in information technology from Sharif University of Technology in 2008 and 2010, respectively. He is a Ph.D. student in the Department of Computer Science at George Mason University.  His research interests focus on software engineering, specifically, static program analysis and mobile app security Inspection.


_________________________
Sam Malek, Ph.D.
Associate Professor
Computer Science Department
George Mason University
http://cs.gmu.edu/~smalek