Title: Automated Detection and Mitigation of Inter-Application Security Vulnerabilities in Android
Date/Time: October 27th, 2pm
Location: room 4201, Nguyen Engineering Building
Abstract: Android is the most popular platform for mobile devices. It facilitates sharing of data and services among applications using a rich inter-application communication system. While access to resources can be controlled by the Android permission
system, enforcing permissions is not sufficient to prevent security violations, as permissions may be mismanaged, intentionally or unintentionally. Android’s enforcement of the permissions is at the level of individual apps, allowing multiple malicious apps
to collude and combine their permissions or to trick vulnerable apps to perform actions on their behalf that are beyond their individual privileges. In this talk, we will present our ongoing research which explores a proactive scheme for automated detection
and mitigation of inter-application vulnerabilities. Our approach leverages concepts from the domains of formal methods, model-driven development, and programming languages, and allows the end-users to safeguard a given bundle of apps installed on their device
from such complex, inter-app vulnerabilities. We will illustrate the ideas in the context of practical applications, discuss its potential to put the field forward, and pose important areas of research in the coming era.
Bio: Hamid Bagheri is a Postdoctoral researcher in the Department of Computer Science at George Mason University. He received his PhD in Computer Science from University of Virginia in 2013. Hamid works in the crossroads of software engineering,
program synthesis, and formal methods. His research career has focused on the development of techniques and tools that aid with the analysis and synthesis of software systems. He has been prolific in his early career, developing several novel techniques, including
new methods and tools for compositional analysis of android inter-app vulnerabilities, synthesis of partial code frameworks from application architectures, and synthesis of object-relational mapping tradeoff spaces for database-centric applications. The results
of his research have been published in some of the most prestigious software engineering venues, such as ICSE, ASE, and MoDELS, among others.